This is the report from a security audit performed on Idex by MrCrambo.
The audit focused primarily on the security of Idex smart contracts.
- https://github.com/AuroraDAO/idex/blob/master/DVIP.sol
- https://github.com/AuroraDAO/idex/blob/master/ExchangeWhitelist.sol
- https://github.com/AuroraDAO/idex/blob/master/MyToken.sol
- https://github.com/AuroraDAO/idex/blob/master/Exchange.sol
In total, 7 issues were reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
3 owner privilegies issues.
-
4 low severity issues.
There are no zero address checking in transfer
, transferFrom
, setFeeAccount
, setDVIP
There is no approval event in function approve
balanceOf(address tokenOwner)
, totalSupply()
and allowance(address tokenOwner, address spender)
functions not realised.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
- Owner can change
feeAccount
any time he wants. - Owner can set anyone as admin, and if his private keys will be stolen, then hackers will be able to set as admin anyone.
- Whitelisters set by owner will be able to change rate and limit.
Smart contracts contain low severity issues.