ETH_airswap_audit_report.md

airswap audit report.

1. Summary

This document is a security audit report performed by danbogd, where airswap has been reviewed.

2. In scope

Сommit hash 04b71ad419ef645e8bd9b50e9998819b7a450616.

• AirSwapToken.sol.
• Exchange.sol.
• Migrations.sol.

3. Findings

In total, 3 issues were reported including:

• 0 medium severity issues
• 1 low severity issues
• 1 owner privileges (ability of owner to manipulate contract, may be risky for investors)..
• 1 notes.

No critical security issues were found.

3.1. Known vulnerabilities of ERC-20 token

Severity: low

Description

1. It is possible to double withdrawal attack. More details here.

2. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

3.2. Owner Privileges

Severity: owner previliges

Description

Contract owner allow himself to:

Pause/unpause transfer/transferFrom, check here.

3.3. Incorrect time in becomesTransferable.

Severity: note

Description

The time after which AirSwap tokens become transferable is set (17 Oct 2017 14:10:10 GMT) is not correct and requires update.

Code snippet

https://github.com/airswap/contracts/blob/04b71ad419ef645e8bd9b50e9998819b7a450616/contracts/AirSwapToken.sol#L21

4. Conclusion

The audited smart contract is safe to deploy, some low severity issues were found.