DECA DEcentralized CArbon tokens - ITDE
Summary
We have found a number of issues with the code. Importantly, the owner can perform arbitrary token minting and will receive a much higher number of tokens than the comment in the code would suggest. The code adheres to some best practices, but lacks a test suite. **Update (1):** although the previously found issues have been mostly addressed, the team introduced two new high-severity issues. One of the issues could've been avoided, had the team not relied on clone-and-own code reuse and used OpenZeppelin ERC20 implementation instead. Furthermore, as is, the code is not fully ERC20-compatible. We recommend against deploying the current code. **Update (2):** the two new high-severity issues have been addressed. We limited re-audit to `DECA_ERC20_0.5.3.sol`. `DECA_ERC20_0.4.26.sol` remains vulnerable. **Update (3):** the team has addressed all our findings. **Update (4):** we have reviewed the changed up to commit [efc8046](https://gitlab.com/deca-currency/dcc/-/commit/efc8046b2b45a8bb71cdea0df762a30834080484). One medium-severity issue was found. **Update (5):** All issues have been addressed as of commit [bcf24df](https://gitlab.com/deca-currency/dcc/-/commit/bcf24dfb703edd6a72452363e758b0e93f899007).
Issues (9)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 4 | - | 4 | - | 8 |
Fixed | - | 1 | - | - | 1 |
| Total | 4 | 1 | 4 | 0 | 9 |