This document is a security audit report performed by RideSolo, where SymVerse has been reviewed.
- SymToken.sol github commit hash d38e09b7c90763c283215c6da043e720b324f98f.
** 3 issues** were reported including:
-
1 medium severity issue.
-
2 low severity issues.
decreaseAllowance throw in case if the value to be substracted is higher than the amount that is allowed, if the address owner wants to change the value allowed by reducing it and the spender withdraw a part of it before, the function might throw and give more chances for the spender to take the rest of the allowed value.
The value should be set to zero if the value to be subtracted is higher than the allowance.
https://github.com/RideSolo/SmartContract-1/blob/master/SymToken.sol#L244
- Pause/Unpause token transfers and approvals code snippet.
- Freeze/Unfreeze tokens on every possible account address by the contract owner or delegator code snippet.
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here
Add the following code to the transfer(_to address, ...) function:
require( _to != address(this) );
This contract is subjected to high control from the owners, token holders should be aware of the risks.