USDC (USD Coin) Security Audit Report
Are Your Funds Safe?
Our expert team at Callisto Network has conducted an in-depth security audit of the USDC (USD Coin) smart contract. This audit aims to ensure the security of your funds by identifying and assessing any potential vulnerabilities. Here, we present our findings:
Executive Summary
This report presents the results of the security audit conducted by the Callisto Network Security Department on the USDC (USD Coin) smart contract in April 2023. It analyzes the contract’s security in-depth and highlights any identified vulnerabilities.
1. Scope of the Audit
The audit focused on the following USDC contracts:
- USDC Proxy contract: 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48.
- USDC Implementation contract: 0xa2327a938febf5fec13bacfb16ae10ecbc4cbdcf.
2. Audit Findings
Our audit reported a total of 1 finding(s), categorized as follows:
- 0 high-severity issue(s).
- 0 medium severity issue(s).
- 1 low-severity issue(s).
In addition to these findings, our audit identified 4 additional points, detailed in the following sections:
- 0 note(s).
- 4 owner privilege(s).
No critical security issues were found.
2.1 Known Vulnerabilities of ERC-20 Token
Add the following code to the
transfer(_to address, ...)
function:require( _to != address(this) );
[/bsf-info-box]
2.2 Upgradeable Contract
2.3 Blacklist System
2.4 Multiple Minters
The USDC contract has the capability to support multiple minters. This feature provides greater flexibility in managing the token’s supply. However, it also introduces potential risks if one minter becomes compromised. Maintaining strict control over the minters is essential to minimize potential security risks.
[/bsf-info-box]
2.5 Pauseable Contract
The USDC contract includes a pausable feature, allowing the token’s operations to be halted in case of an emergency, such as a de-pegging event. This functionality can help protect user funds and prevent further damage in the event of a severe issue. However, it also centralizes control over the token’s operations, which may be a point of concern for some users.
[/bsf-info-box]
3. Security Practices
4. Conclusion
The USDC token is a well-established stablecoin with a robust design. However, it is important for users to be aware of the potential risks associated with its upgradeable, blacklist, multiple minter, and pausable features. It is highly recommended to closely monitor any upgrades to the contract and stay informed about changes in the blacklist policy to ensure the continued security and stability of the token.
5. Revealing Audit Reports
About Callisto Network
Founded by Dexaran, co-founder of Ethereum Classic, Callisto Network is a blockchain platform that prioritizes security. We’ve conducted over 330 smart contract audits across platforms like Ethereum, Ethereum Classic, and EOS. In addition to our audits, we’ve developed the ERC 223 token standard and CallistoNFT standard, enhancements over existing standards that address flaws and offer new capabilities, further establishing us as industry leaders in crypto-security.
