This is the report from a security audit performed on xcoynz by gorbunovperm.
Smart Contract to support XCOYNZ token and project fundamentals with 1.25B total supply and a token ticker of XCZ. The Smart Contract encompasses all basic token attributes and periodic releases of tokens, adhering to vesting periods as dictated by the project's long term vision which is made publicly available in the Whitepaper and all project documentation.
Commit hash: e4535fb03b4621919fba7798a0721111f35f634b
In total, 2 issues were reported including:
-
0 high severity issue.
-
1 medium severity issues.
-
1 low severity issues.
-
0 minor observations.
-
It is possible to double withdrawal attack. More details here
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add into a function transfer(address _to, ... )
following code:
require( _to != address(this) );
There is the restrictions for the tokens owner in transfer
function. But there is no restrictions for transferFrom
function and the tokenOwner
can using an intermediary address to bypass the restrictions.
There is some serious vulnerabilities were found here.