Dai Security Audit Report
Audit Top 200 CoinMarketCap tokens. Dai (DAI) stablecoin.
2. In scope
In total, ** issues** were reported including:
3 low severity issues.
4 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).
No critical security issues were found.
3.1. Known vulnerabilities of ERC-20 token
It is possible to double withdrawal attack. More details here.
Add the following code to the
transfer(_to address, ...) function:
require( _to != address(this) );
3.2. Blocking transferring
Severity: owner privileges
The contract owner allowed to block transfer functions(
- Line 234.
3.3. ERC20 Compliance — event missing
According to ERC20 standard when coins are minted(or burned) a
Transfer event should be emitted.
- Lines 423, 428, 303.
3.4. Checking input addresses
Incoming addresses should be checked for an empty value(
0x0 address) to avoid loss of funds or blocking some functionality.
- setOwner function (lines 129-135)
- transferFrom function (lines 390-405)
The audited smart contract can be deployed. Only low severity issues were found during the audit.