Dr. Maurice Herlihy recently completed a security audit of the Ethos Smart Contract that backs the token.  We wanted to publicly share the results here:

“I did a code review of the Ethos ERC20 contract.  This contract implements the (best-practice) ERC20 standard, The contract is protected against various known exploits: it uses the SafeMath library to avoid arithmetic anomalies, it protects against a “short address attack” by checking that all messages have the correct length (“onlyPayloadSize” modifier), and it protects against the approve race condition by requiring all changes to first set the amount to zero before it can be changed in a second call. Critical functions that modify the long-lived token state are protected by the “onlyOwner” modifier that checks the caller is the owner. The contract does not make external calls, so there are no reentrancy attack vulnerabilities. The contract has no fallback function, avoiding a class of related vulnerabilities.”

Dr. Maurice Herlihy, PhD