This is the report from a security audit performed on Idex by gorbunovperm.
It is an Ethereum-driven decentralized exchange that supports Ethereum and ERC20 token trading pairs.
Commit hash: efdf556013c20b225ae31261ef95d8911e0b37fe
In total, 5 issues were reported including:
-
0 critical severity issue.
-
0 high severity issue.
-
0 medium severity issues.
-
5 low severity issues.
-
0 minor observations.
-
It is possible to double withdrawal attack. More details here
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );According to ERC20 standard, when initializing a token contract if any token value is set to any given address a Transfer event should be emitted.
An event isn't emitted when assigning the initial supply to the msg.sender.
It is possible to send tokens to 0x0 address by accidently.
Following the specification, this function should return true or false.
The deposit can be made both in tokens and ethers but in both cases Deposit event is emitted with amount(of tokens) parameter.
In case of deposit in ethers, the msg.value should be used instead amount parameter.
There are some vulnerabilities were discovered in these contracts.