flexUSD

Off-Chain (Private)

Audited on 2021/01/06

No active critical issues

Summary

Throughout this audit, we have found nine potential issues of various severities, including three medium-risk issues and six informational-level. Plus, we have made multiple best practice recommendations. They are listed in the `Adherence to Best Practices` section and `Adherence to Specification` section. We recommend addressing the findings before going to production. ** 2020-12-14 update **: during this first reaudit, CoinFlex team has either brought the status of findings into fixed or acknowledged, leaving only one finding unresolved. The folder structure of the project has been modified, and a `test` folder was added. However, 13 out of 16 tests did not pass. In addition, we found two informative-severity issues in this round of reaudit. ** 2021-01-06 update **: during this second reaudit, CoinFlex team has either brought the status of findings into fixed or acknowledged, leaving two finding unresolved. In addition, all tests were removed.

Project

flexUSD

Ethereum

Issues (11)

	Low	Medium	High	Critical	Total
Not fixed	5	2	-	-	7
Fixed	3	1	-	-	4
Total	8	3	0	0	11

#	File Name
1	202101B-reaudit-79ce4e1/fUSDStorage.sol
2	202101B-reaudit-79ce4e1/fUSD.sol

flexUSD

Summary

Issues (11)

Allowance Double-Spend Exploitnot_fixed/medium

Misleading Usage of `approve()` in `transferFrom()`not_fixed/medium

Centralization of Powernot_fixed/low

Clone-and-Ownnot_fixed/low

Hardcoded Infura Keynot_fixed/low

Contracts (2)