TokenCard

Findings · 13

1. 1 Wallet and Licence are incompatible with non-standard ERC20 tokens Low
2. 2 Parsing large JSON integers could result in interoperability issues Low
3. 3 Base64 decoding does not validate its input Low
4. 4 Solidity compiler optimizations can be dangerous Undetermined
5. 5 Lack of contract existence check may mislead the user about the transaction’s result Medium
6. 6 Contracts used as dependencies do not track upstream changes Low
7. 7 No sanitization is performed when the Oraclize query is constructed Medium
8. 8 _licenceAmountScaled can be incorrectly initialized Low
9. 9 Multiplication overlow can block certain wallet operations Low
10. 10 AddressWhitelist owner can be added to the whitelist Medium
11. 11 Date validation is insuficient and returns imprecise timestamps Low
12. 12 Malicious price source can block withdrawal of funds Low
13. 13 Daily limits may be bypassed via executeTransaction for certain tokens Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.