TokenTrader audit report.
This is the report from a security audit performed on TokenTrader by MrCrambo.
The audit focused primarily on the security of TokenTrader smart contracts.
- https://github.com/bokkypoobah/TokenTrader/blob/master/contracts/TestERC20Token.sol
- https://github.com/bokkypoobah/TokenTrader/blob/master/contracts/TokenSellerFactory.sol
- https://github.com/bokkypoobah/TokenTrader/blob/master/contracts/TokenTraderFactory.sol
In total, 3 issues were reported including:
-
0 high severity issues.
-
2 medium severity issues.
-
0 low severity issues.
-
1 minor remark.
1. Transfer to zero address at TestERC20Token.sol.
Tokens could be sent to zero address, that means they will be locked and will not be able to use or burn. Functions transfer and transferFrom.
Need to check if _to address is not zero address.
require(_to != address(0));In case the user wants to change the approved amount an double-spend attack is possible in TestERC20Token.sol
Can be reviewed here.
From version of Solidity 0.4.0 contracts that want to recieve Ether have to implement fallback function with payable modifier. Otherwise it will throw automatically.
In files TokenSellerFactory.sol and TokenTraderFactory.sol
Remove fallback function or add payable modifier.
No critical vulnerabilities were detected,but we highly recommend to complete other bugs before use.