This document is a security audit report performed by RideSolo, where SafeUpgradeableTokenERC20 has been reviewed.
- SafeUpgradeableTokenERC20.sol github commit hash 8bfb49766d967009a680548ef3cc28c011aa1c4c.
3 issues were reported:
- 2 low severity issues.
- 1 owner privilege.
Following ERC20 standard, approve function "Allows _spender to withdraw from your account multiple times, up to the _value amount. If this function is called again it overwrites the current allowance with _value.", However the implemented function throw in case if allowed[msg.sender][_spender] is different than zero or _value different than zero. This partialy solve double withdrawal attack but create incompatibility for some Dapps and do not allow the user to directly reduce the allowance creating a race betweenn user and spender.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
The token owner allow himself to:
- Pause/unpause tokens transfers / transferFrom / allowance allocation and approvals
The audited contract can be deployed.