Idex security audit report
It is an Ethereum-driven decentralized exchange that supports Ethereum and ERC20 token trading pairs.
In total, 5 issues were reported including:
0 critical severity issue.
0 high severity issue.
0 medium severity issues.
5 low severity issues.
0 minor observations.
1. Known vulnerabilities of ERC-20 token
It is possible to double withdrawal attack. More details here
Add into a function
transfer(address _to, ... ) following code:
require( _to != address(this) );
2. ERC20 Compliance: event missing
According to ERC20 standard, when initializing a token contract if any token value is set to any given address a
Transfer event should be emitted.
An event isn't emitted when assigning the initial supply to the msg.sender.
3. Required check for an empty address
It is possible to send tokens to 0x0 address by accidently.
4. ERC20 Complince:
transfer function returns nothing
Following the specification, this function should return
Deposit event argument
The deposit can be made both in tokens and ethers but in both cases
Deposit event is emitted with amount(of tokens) parameter.
In case of deposit in ethers, the
msg.value should be used instead
There are some vulnerabilities were discovered in these contracts.