CryptoDrop Token - Smart Contract Audit Report
CryptoDrop is creating a new ERC-20 governance token in support of their platform.
For this audit, we reviewed the team's CdropToken contract using code provided to us by the project team. We previously reviewed the team's Presale Contract and Staking/Lottery Contracts.
Notes on the Contracts:
- There is a total supply of 10 billion CryptoDrop ($CDrop) tokens that are initially minted to the owner upon deployment.
- The whitelist is initially enabled upon deployment, and several features (burn, delegate, and delegateBySig) are initially disabled.
- The $CDrop token is designed to be a governance token where 1 token = 1 vote.
- Another contract will be needed to collect votes and execute transactions on behalf of the governance token holders.
- While the whitelist is enabled, only whitelisted users are able to participate in transfers; There are no fees for transferring the tokens.
- When the delegate functionality is enabled, token holders can delegate their voting rights to any address.
- When the delegateBySig functionality is enabled, users can also delegate their voting rights using an EIP-712 signature.
- When the burn functionality is enabled, the owner can burn any tokens in their own wallet at any time; the votes associated with the burnt tokens are also destroyed.
- The owner can add or remove any address on the whitelist at any time.
- The owner can disable the whitelist at any time; once it has been disabled, it cannot be enabled again.
- The owner can enable the burn, delegate, and delegateBySig functionality at any time. This functionality is initially disabled and must be enabled by the owner; once it is enabled, it cannot be disabled again.
- As the contract is developed with Solidity v0.8.4, it is protected from overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have some control in the ecosystem.
- Date: October 26th, 2021.
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
Details: CryptoDrop Token Contract
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Int] IERC20Permit - [Ext] permit # - [Ext] nonces - [Ext] DOMAIN_SEPARATOR + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Int] IERC20Metadata (IERC20) - [Ext] name - [Ext] symbol - [Ext] decimals + Context - [Int] _msgSender - [Int] _msgData + ERC20 (Context, IERC20, IERC20Metadata) - [Pub]
# - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _beforeTokenTransfer # - [Int] _afterTokenTransfer # + [Lib] ECDSA - [Prv] _throwError - [Int] tryRecover - [Int] recover - [Int] tryRecover - [Int] recover - [Int] tryRecover - [Int] recover - [Int] toEthSignedMessageHash - [Int] toTypedDataHash + EIP712 - [Pub] # - [Int] _domainSeparatorV4 - [Prv] _buildDomainSeparator - [Int] _hashTypedDataV4 + [Lib] Counters - [Int] current - [Int] increment # - [Int] decrement # - [Int] reset # + ERC20Permit (ERC20, IERC20Permit, EIP712) - [Pub] # - modifiers: EIP712 - [Pub] permit # - [Pub] nonces - [Ext] DOMAIN_SEPARATOR - [Int] _useNonce # + [Lib] Math - [Int] max - [Int] min - [Int] average - [Int] ceilDiv + [Lib] SafeCast - [Int] toUint224 - [Int] toUint128 - [Int] toUint96 - [Int] toUint64 - [Int] toUint32 - [Int] toUint16 - [Int] toUint8 - [Int] toUint256 - [Int] toInt128 - [Int] toInt64 - [Int] toInt32 - [Int] toInt16 - [Int] toInt8 - [Int] toInt256 + ERC20Votes (ERC20Permit) - [Pub] checkpoints - [Pub] numCheckpoints - [Pub] delegates - [Pub] getVotes - [Pub] getPastVotes - [Pub] getPastTotalSupply - [Prv] _checkpointsLookup - [Pub] delegate # - [Pub] delegateBySig # - [Int] _maxSupply - [Int] _mint # - [Int] _burn # - [Int] _afterTokenTransfer # - [Int] _delegate # - [Prv] _moveVotingPower # - [Prv] _writeCheckpoint # - [Prv] _add - [Prv] _subtract + Ownable (Context) - [Pub] # - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Prv] _setOwner # + CdropToken (ERC20Votes, Ownable) - [Pub] # - modifiers: ERC20,ERC20Permit - [Pub] transfer # - modifiers: whitelisted - [Pub] transferFrom # - modifiers: whitelisted - [Ext] burn # - modifiers: asFeature,onlyOwner - [Ext] setWhitelistDisabled # - modifiers: onlyOwner - [Ext] setFeaturesEnabled # - modifiers: onlyOwner - [Ext] setWhitelist # - modifiers: onlyOwner - [Ext] setWhitelists # - modifiers: onlyOwner - [Int] _setWhitelist # - [Pub] delegate # - modifiers: asFeature - [Pub] delegateBySig # - modifiers: asFeature