Dai Token (DAI) security audit, conducted by the Callisto Network Security Department in August 2019.
Dai Token (DAI) Specificities
Audit Top 200 CoinMarketCap tokens.
Dai (DAI) stablecoin.
Symbol : DAI Name : Dai
Number of lines:
Dai Token (DAI) Smart Contract Security Audit Report
Are Your Funds Safe?
1. In scope
In total, 4 issues were reported including:
3 low severity issues.
1 owner privileges (the ability of an owner to manipulate contract, may be risky for investors).
No critical security issues were found.
2.1. Known vulnerabilities of ERC-20 token
- It is possible to double withdrawal attack. More details here
- Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.
Add the following code to the
transfer(_to address, ...)function:
require( _to != address(this) );
2.2. Blocking transferring
Severity: owner privileges
The contract owner allowed to block transfer functions( transferFrom, approve, mint, burn).
- Line 234.
2.3. ERC20 Compliance — event missing
According to ERC20 standard when coins are minted(or burned) a
Transfer event should be emitted.
- Lines 423, 428, 303.
2.4. Checking input addresses
Incoming addresses should be checked for an empty value(
0x0 address) to avoid loss of funds or blocking some functionality.
- setOwner function (lines 129-135)
- transferFrom function (lines 390-405)
The audited smart contract can be deployed. Only low severity issues were found during the audit.
4. Revealing audit reports
Trust The Blockchain, Audit Your Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!