Trail of Bits
Audit Open Original ↗

MC Dai

Type

Security review

Client

Ethereum/EVM

Date

2019-08

Domain

Blockchain

Effort

13 wks

Section

Ethereum/EVM

Trail of Bits's security review of MC Dai (Aug 2019) identified 14 issues: 2 medium, 4 low, and 8 informational.

Findings · 14

  1. 1 Auctions are susceptible to transaction-reordering attacks Low
  2. 2 ABIEncoderV2 is not production-ready Informational
  3. 3 k-dss is out of sync with other repositories Informational
  4. 4 auth-checker’s use of checkRely is incomplete Informational
  5. 5 Too many notions of “permission” Informational
  6. 6 ERC20 transferFrom oten does not follow spec Informational
  7. 7 Dai Savings Rate locking is inefective Medium
  8. 8 Race condition in the ERC20 “approve” function may lead to token thet Informational
  9. 9 Race condition involving Dai “permit” nonces Informational
  10. 10 Anyone can approve themselves to take Dai owned by address 0 Low
  11. 11 “file” methods do not revert when “what” argument is unrecognized Low
  12. 12 Spotter’s “file” method lacks a “what” argument Low
  13. 13 Documentation of Dai Savings Rate is inaccurate Informational
  14. 14 A Denial of ervice attack can obstruct Flop auctions Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related