The audit focused primarily on the security of Idex smart contracts.
In total, 7 issues were reported including:
0 high severity issues.
0 medium severity issues.
3 owner privilegies issues.
4 low severity issues.
1. Zero address checking
2. No approval event
There is no approval event in function
3. Not all ERC-20 functions implemented
allowance(address tokenOwner, address spender) functions not realised.
4. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. More details here
Add into a function
transfer(address _to, ... ) following code:
require( _to != address(this) );
5. Owner privilegies
Severity: owner privilegies
- Owner can change
feeAccountany time he wants.
- Owner can set anyone as admin, and if his private keys will be stolen, then hackers will be able to set as admin anyone.
- Whitelisters set by owner will be able to change rate and limit.
Smart contracts contain low severity issues.