This document is a security audit report performed by danbogd, where Darb Finance has been reviewed.
Сommit hash .
In total, 5 issues were reported including:
- 0 medium severity issues
- 3 low severity issues
- 2 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
- 0 notes.
No critical security issues were found.
The transfer function in SC is not ERC20 compliant as it stands. From the ERC20 standard: “Note Transfers of 0 values MUST be treated as normal transfers and fire the Transfer event”. This function has a require statement that causes execution to revert if value is greater than zero.
Line: 110.
function transfer(address to, uint tokens) public notPaused returns (bool success) {
if (tokens <= 0) revert();
if (to == address(0)) revert();
balances[msg.sender] = safeSub(balances[msg.sender], tokens);
balances[to] = safeAdd(balances[to], tokens);
emit Transfer(msg.sender, to, tokens);
return true;
}
-
It is possible to double withdrawal attack. More details here.
-
Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add into a function transfer(address _to, ... ) following code:
require( _to != address(this) );
Contract owner allow himself to:
-
pause\unpause transfer, transferFrom, approve functions any time he wants. line 19.
modifier notPaused { require(paused == false); _; } -
Evacuate ether at any time. line 140.
function sendEther(uint amount, address payable to) public onlyOwner { to.transfer(amount); }
An anybody, who send Ether to contract address may lose it because of no payment processing in contract code.
Line: 155.
function() external payable {}
The review did not show any critical issues, some of medium and low severity issues were found.