Dai Token security audit report

ETH_Dai_report.md

Dai Token security audit report

Summary

This is the report from a security audit performed on Dai Token by gorbunovperm.

Audit Top 200 CoinMarketCap tokens. Dai (DAI) stablecoin.

http://www.makerdao.com/

In scope

1. DaiToken.sol

Findings

In total, 4 issues were reported including:

• 0 high severity issue.

• 0 medium severity issues.

• 3 low severity issues.

• 1 owner privileges.

• 0 note.

Security issues

1. Known vulnerabilities of ERC-20 token

Severity: low

Description

• It is possible to double withdrawal attack. More details here

• Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here

Recommendation

Add into a function transfer(address _to, ... ) following code:

require( _to != address(this) );

2. Blocking transfering

Severity: owner privileges

Description

The contract owner allowed to block transfer functions( transferFrom, approve, mint, burn).

Code snippet

• Line 234.

3. ERC20 Compliance — event missing

Severity: low

Description

According to ERC20 standard when coins are minted(or burned) a Transfer event should be emitted.

Code snippet

• Lines 423, 428, 303.

4. Checking input addresses

Severity: low

Description

Incoming addresses should be checked for an empty value(0x0 address) to avoid loss of funds or blocking some functionality.

Code snippet

• Lines 133, 424, 400.

Conclusion

There are no dangerous vulnerabilities were discovered here.