The top three DomusCoins (DOC) wallets appear to hold over 200 percent of the total supply, perhaps indicating that the token suffers from leakage and that the vulnerability has already been exploited.
According to data from Etherscan, the top three wallets of DOC hold 89, 79, and 78 percent of the token supply respectively, accounting for a combined 246 percent of DOC supply, something which should be impossible. The problem lies with token leakage, which may indicate that the vulnerability is already being exploited by third-party users.
The vulnerability appears in the transferFrom function (line 138) of the project’s source code. Instead of subtracting the amount of tokens permitted to be sent, the address’ balance is doubled.