danbogd
commented
5 years ago Auditing time: 3 days.
Closed MillianoConti closed 5 years ago
danbogd
commented
5 years ago Auditing time: 3 days.
MrCrambo
commented
5 years ago Auditing time 3 days
RideSolo
commented
5 years ago auditing time: 4 days.
yuriy77k
commented
5 years ago @RideSolo @danbogd @MrCrambo assigned
danbogd
commented
5 years ago My report is finished.
yuriy77k
commented
5 years ago The contract contains a high severity security issue. The developer informed about it.
yuriy77k
commented
5 years ago ETHERC smart contract security audit report performed by Callisto Security Audit Department
In total, 4 issues were reported including:
1 high severity issues.
1 low severity issues.
1 notes.
1 owner privileges (ability of owner to manipulate contract, may be risky for investors).
The function burnFrom In TokenTemplate contract, allow an address to burn from another address that has approved token to it, however the burned value is not subtracted from the allowance once the function is executed, making the spender able to burn the total balance of the from address.
The severity of this issue cannot be defined accurately since the usage of the contract containing the issue should be described by the development team, in all the cases the contract should be corrected since the repository is public.
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/test/TokenTemplate.sol#L85
ETHERCExchange. contract the owner is allowed to change maker and taker fees without restrictions.ETHERCToken contract the owner is allowed to pause/unpause token transfers and approvals without restrictions.https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCExchange.sol#L312
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCExchange.sol#L317
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCToken.sol#L308#L329
It is possible to double withdrawal attack. More details here.
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/ETHERCToken.sol
https://github.com/ETHERCIO/smart_contract/blob/master/contracts/test/TokenTemplate.sol
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
The function () payable { revert(); } was a pattern used to prevent implicit acceptance of ether in Solidity versions older than 0.4.0, but today this is unneeded.
The audited smart contract must not be deployed. Reported issues must be fixed prior to the usage of this contract.
https://gist.github.com/yuriy77k/0851796133f03a9d2d8230027fa85e25
https://gist.github.com/yuriy77k/9d3b71bf3e00f1175a566a0bb2aee2ac
https://gist.github.com/yuriy77k/b0043bd10f7b310f38824dc30e37f038
Audit request
ETHERC is a fully decentralized exchange for Ethereum tokens. https://etherc.io/#EET-ETH
Source code
https://github.com/ETHERCIO/smart_contract/tree/master/contracts
Disclosure policy
support@etherc.io
Platform
ETH
Number of lines:
670