Furio

Smart Contract Audit Report

Audit Summary

Furio Audit Report Furio is releasing a BEP-20 token with a compounding rewards Vault.

For this audit, we reviewed the project team's Token contract at 0x1d91581af148bdac2a1cbe05141055ae0c3af4ad and Vault contract at 0xf5188599c1f9b40673385c8557e4bedd026a7160 on the Binance Smart Chain Mainnet.

Audit Findings

All findings have been resolved, though some centralized aspects are present.
Date: June 28th, 2022.
Updated: July 6th, 2022 with updated Vault contract address.
Updated: July 12th, 2022 with updated Token contract address.

Finding #1 - Vault - High (Resolved)

Description: A user's lastRewardUpdate time is not updated before calculating their rewards during their initial deposit.
Risk/Impact: User's rewards will be calculated with the starting timestamp as 0. This will lead to a very inflated rewards amount on users' first rewards claims.
Recommendation: If a user's lastRewardUpdate is 0 in the _deposit() function, it should be set to the current block.timestamp before rewards are calculated.
Resolution: Users' lastRewardUpdate time is set to the current block timestamp on their first deposit.

Finding #2 - Vault - Medium (Resolved)

Description: The _airdrop() function does not account for the amount of tokens being added to a user's balance.
Risk/Impact: Users may exceed the maximum threshold through the use of an airdrop.
Recommendation: The team should check that a user will not exceed the maximum threshold in the _airdrop() function and mark them as maxed as appropriate.
Resolution: The _airdrop() function now requires that the recipient of an airdrop will not exceed the maximum threshold.

Finding #3 - Vault - Low (Resolved)

Description: There is no way to set a Participant's banned value to true.
Risk/Impact: The team will be unable to ban a malicious user or bot as needed.
Recommendation: The team should add a setter to allow them to set a user's banned value to true or remove the functionality involving a user's banned value.
Resolution: The team may now ban and unban users as needed.

Finding #4 - Vault - Informational (Resolved)

Description: Users are never marked as "negative" or "penalized".
Recommendation: The team should add functionality to use these two statuses or remove them from the contract.
Resolution: Users are now marked as penalized or negative when they exceed the corresponding number of claims in a specified time period.

Finding #5 - Token - Informational (Resolved)

Description: The _isSell() function is internal and never called within the contract.
Recommendation: The function should be used within the _transfer() function or can be safely removed.
Resolution: The team has removed the _isSell() function.

Contracts Overview

  • Various addresses used within these contracts are defined in an AddressBook contract; the AddressBook contract and all addresses defined within the contract are out of scope for this audit so we are unable to give an assessment in regards to their security.
  • As the contracts are implemented with Solidity v0.8.4, they are safe from any possible overflows/underflows.
  • The team has properly excluded the Vault contract to avoid issues when using fee-on-transfer tokens.
Token Contract:
  • This contract defines the $FUR token.
  • The owner, Claim, Downline, Pool, and Vault addresses may mint any amount of tokens to any address at any time.
  • No burn functions are present though the circulating supply can be decreased by sending tokens to the 0x..dead address.
  • Users will pay a fee on transfers; the Pool, Swap, LP address, and Vault addresses are exempt from fees.
  • Users will pay a "pump and dump" tax if they meet the following conditions:
    • The transfer is a sell.
    • They do not have a "maxed" balance in the Vault Contract.
    • The amount they are transferring is greater than the "pump and dump rate" percentage of their total Vault balance.
  • Once a user sells a cooldown period begins. Users may not sell again until the cooldown period has passed.
  • All transfers will incur a tax and a vault tax fee. The vault tax is taken as a percentage of the tax amount.
  • The tax fees are sent to the "Safe address" and the vault tax is sent to the "Vault address".
  • Any address may fetch updated addresses from the AddressBook contract at any time.
  • The owner may update the AddressBook address at any time.
  • The owner may pause the contract, preventing token transfers, at any time.
  • The owner may set the tax, pump and dump tax, and pump and dump rate to any value at any time.
  • The owner may set the vault tax to any amount, up to 100%, at any time.
  • The owner may set the sell cooldown period to any value at any time.
  • The contract complies with the BEP-20 token standard.
Vault Contract:
  • Any user may deposit tokens into the Vault up to the maximum threshold; users may optionally elect to provide a referrer when depositing.
  • Users will be returned any tokens that would put them over the maximum threshold when depositing.
  • Users are considered "maxed" when their deposits have reached the maximum threshold amount.
  • Users will pay a deposit tax when depositing.
  • The "Claim" and "Swap" addresses may deposit on the behalf of a user. As the contract does not require these contracts to transfer tokens within this function, the team must ensure the contracts transfer tokens to the contract before calling depositFor().
  • If no referrer is provided or the user provides their own address, the "Safe" address will be added as the user's referrer.
  • Users may update their referrer if their current referrer is the Safe address and they have not referred anyone else.
  • Users qualify as a "team wallet" when they meet a "team wallet requirement" number of referrals.
  • Users will earn a reward amount per elapsed period from their last rewards update.
  • Users will first have the "neutral claims" reward rate.
  • If the user's balance is maxed, their current reward rate will be their "maxed rate".
  • Penalized users will receive the minimum reward rate.
  • In all other cases, users will have a reward rate dependent on the number of rewards claims within a specified time frame.
  • If a user claims more than the "penalty number" of claims within the "penalty lookback period" users will receive the minimum reward rate.
  • If a user is marked as "negative" and has fewer claims than the "negative claims" amount, they will receive a reward rate as if they had claimed the negative claims number of times.
  • A user's reward rate will default to the neutral claims reward rate until the "lookback" number of periods have passed since their first deposit
  • All other cases will receive the reward rate equal to their number of claims, with a minimum reward rate at 29 claims.
  • Users may compound their rewards at any time until they reach the maximum threshold.
  • Users will pay a compound tax when compounding rewards.
  • Compounding will add all of a user's available rewards to their current balance.
  • Any compounded tokens that would put the user over the maximum threshold will be added to their available rewards and they will then be considered maxed.
  • A referral bonus will be paid to referrers when any of their referred users deposit or compound.
  • Beginning with the user who is depositing or compounding, each successive referrer will be checked up to the "max referral depth".
  • If the user depositing or compounding has previously triggered a referral bonus, the loop will begin at the user who was last rewarded.
  • The referral bonus will be given to the first referrer who meets the following characteristics:
    • They have a sufficient balance in the "Downline" contract.
    • Their balance will not exceed the max threshold if awarded the bonus.
    • They are not the same user who is depositing or compounding.
  • If the awarded user is a team wallet, the user they referred will be given a "child bonus" up to the max threshold.
  • If the awarded user is the Safe address, the tokens will be transferred to the address rather than stored in the user's balance.
  • Users may claim their rewards up to the "max payout" amount at any time.
  • Any additional rewards beyond the max payout amount will be forfeited. The user will then be considered "complete" and unable to claim any additional rewards.
  • Users will pay a flat claim tax and an additional scaling "whale tax" when claiming their rewards.
  • The whale tax will begin at 5% when a user has claimed 10,000 tokens capping at 50% when a user has claimed 100,000 tokens.
  • If there are not sufficient tokens in the contract, additional tokens will be minted.
  • Any user may airdrop tokens to a non-maxed user at any time.
  • Airdropped tokens will be transferred from the user to the contract where they are subsequently added to the specified user's balance.
  • Users will pay an airdrop tax when airdropping tokens to another user.
  • Users may airdrop tokens to their "team" at any time.
  • Airdroppping to a team will evenly distribute a specified amount of tokens among all of the user's referred addresses that are within a specified balance range and not maxed.
  • The owner may update the max payout and max return to any value at any time.
  • The owner may update the period length and lookback period to any value at any time.
  • The owner may update the negative claims and penalty claims at any time.
  • The owner may update the reward rate for any number of claims to any value at any time.
  • The owner may ban and unban any address at any time.

Audit Results

Vulnerability Category Notes Result
Arbitrary Jump/Storage Write N/A PASS
Centralization of Control
  • The team may set the FUR token transfer fees to 100%.
  • The owner may prevent transfers of the FUR token.
  • The owner may update the reward rate and maximum tokens that can be earned in the Vault contract to any value.
  • The owner may ban any address from the Vault contract.
WARNING
Compiler Issues N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Ether/Token Theft N/A PASS
Flash Loans N/A PASS
Front Running N/A PASS
Improper Events N/A PASS
Improper Authorization Scheme N/A PASS
Integer Over/Underflow N/A PASS
Logical Issues N/A PASS
Oracle Issues N/A PASS
Outdated Compiler Version N/A PASS
Race Conditions N/A PASS
Reentrancy N/A PASS
Signature Issues N/A PASS
Unbounded Loops N/A PASS
Unused Code N/A PASS
Overall Contract Safety   PASS

Token Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IAddressBook 
    - [Ext] get
    - [Ext] initialize #
    - [Ext] owner
    - [Ext] pause #
    - [Ext] paused
    - [Ext] proxiableUUID
    - [Ext] renounceOwnership #
    - [Ext] set #
    - [Ext] transferOwnership #
    - [Ext] unpause #
    - [Ext] unset #
    - [Ext] upgradeTo #
    - [Ext] upgradeToAndCall #

 + [Lib] AddressUpgradeable 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] verifyCallResult

 +  Initializable 
    - [Int] _disableInitializers #
    - [Prv] _setInitializedVersion #

 +  ContextUpgradeable (Initializable)
    - [Int] __Context_init #
       - modifiers: onlyInitializing
    - [Int] __Context_init_unchained #
       - modifiers: onlyInitializing
    - [Int] _msgSender
    - [Int] _msgData

 +  PausableUpgradeable (Initializable, ContextUpgradeable)
    - [Int] __Pausable_init #
       - modifiers: onlyInitializing
    - [Int] __Pausable_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] paused
    - [Int] _pause #
       - modifiers: whenNotPaused
    - [Int] _unpause #
       - modifiers: whenPaused

 +  OwnableUpgradeable (Initializable, ContextUpgradeable)
    - [Int] __Ownable_init #
       - modifiers: onlyInitializing
    - [Int] __Ownable_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Int] IERC1822ProxiableUpgradeable 
    - [Ext] proxiableUUID

 + [Int] IBeaconUpgradeable 
    - [Ext] implementation

 + [Lib] StorageSlotUpgradeable 
    - [Int] getAddressSlot
    - [Int] getBooleanSlot
    - [Int] getBytes32Slot
    - [Int] getUint256Slot

 +  ERC1967UpgradeUpgradeable (Initializable)
    - [Int] __ERC1967Upgrade_init #
       - modifiers: onlyInitializing
    - [Int] __ERC1967Upgrade_init_unchained #
       - modifiers: onlyInitializing
    - [Int] _getImplementation
    - [Prv] _setImplementation #
    - [Int] _upgradeTo #
    - [Int] _upgradeToAndCall #
    - [Int] _upgradeToAndCallUUPS #
    - [Int] _getAdmin
    - [Prv] _setAdmin #
    - [Int] _changeAdmin #
    - [Int] _getBeacon
    - [Prv] _setBeacon #
    - [Int] _upgradeBeaconToAndCall #
    - [Prv] _functionDelegateCall #

 +  UUPSUpgradeable (Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable)
    - [Int] __UUPSUpgradeable_init #
       - modifiers: onlyInitializing
    - [Int] __UUPSUpgradeable_init_unchained #
       - modifiers: onlyInitializing
    - [Ext] proxiableUUID
       - modifiers: notDelegated
    - [Ext] upgradeTo #
       - modifiers: onlyProxy
    - [Ext] upgradeToAndCall ($)
       - modifiers: onlyProxy
    - [Int] _authorizeUpgrade #

 +  BaseContract (Initializable, PausableUpgradeable, OwnableUpgradeable, UUPSUpgradeable)
    - [Pub] Constructor #
    - [Int] __BaseContract_init #
       - modifiers: onlyInitializing
    - [Ext] pause #
       - modifiers: onlyOwner
    - [Ext] unpause #
       - modifiers: onlyOwner
    - [Pub] setAddressBook #
       - modifiers: onlyOwner
    - [Int] _authorizeUpgrade #
       - modifiers: onlyOwner

 + [Int] IERC20Upgradeable 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20MetadataUpgradeable (IERC20Upgradeable)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  ERC20Upgradeable (Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable)
    - [Int] __ERC20_init #
       - modifiers: onlyInitializing
    - [Int] __ERC20_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _spendAllowance #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #

 + [Int] IVault 
    - [Ext] addressBook
    - [Ext] airdrop #
    - [Ext] availableRewards
    - [Ext] claim #
    - [Ext] claimPrecheck
    - [Ext] compound #
    - [Ext] deposit #
    - [Ext] deposit #
    - [Ext] depositFor #
    - [Ext] depositFor #
    - [Ext] initialize #
    - [Ext] maxPayout
    - [Ext] maxThreshold
    - [Ext] owner
    - [Ext] participantBalance
    - [Ext] participantMaxed
    - [Ext] participantStatus
    - [Ext] pause #
    - [Ext] paused
    - [Ext] proxiableUUID
    - [Ext] remainingPayout
    - [Ext] renounceOwnership #
    - [Ext] rewardRate
    - [Ext] setAddressBook #
    - [Ext] transferOwnership #
    - [Ext] unpause #
    - [Ext] updateLookbackPeriods #
    - [Ext] updateMaxPayout #
    - [Ext] updateMaxReturn #
    - [Ext] updateNegativeClaims #
    - [Ext] updateNeutralClaims #
    - [Ext] updatePenaltyClaims #
    - [Ext] updatePenaltyLookbackPeriods #
    - [Ext] updatePeriod #
    - [Ext] updateRate #
    - [Ext] upgradeTo #
    - [Ext] upgradeToAndCall #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 +  Token (BaseContract, ERC20Upgradeable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Ext] getProperties
    - [Ext] getLastSell
    - [Pub] onCooldown
    - [Int] _transfer #
    - [Int] _pumpAndDumpTaxAmount #
    - [Int] _isSell
    - [Int] _isExchange
    - [Ext] mint #
    - [Ext] setTax #
       - modifiers: onlyOwner
    - [Ext] setVaultTax #
       - modifiers: onlyOwner
    - [Ext] setPumpAndDumpTax #
       - modifiers: onlyOwner
    - [Ext] setPumpAndDumpRate #
       - modifiers: onlyOwner
    - [Ext] setSellCooldown #
       - modifiers: onlyOwner
    - [Pub] updateAddresses #
    - [Int] _beforeTokenTransfer #
       - modifiers: whenNotPaused
    - [Int] _afterTokenTransfer #
       - modifiers: whenNotPaused
    - [Int] _canMint

Vault Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IAddressBook 
    - [Ext] get
    - [Ext] initialize #
    - [Ext] owner
    - [Ext] pause #
    - [Ext] paused
    - [Ext] proxiableUUID
    - [Ext] renounceOwnership #
    - [Ext] set #
    - [Ext] transferOwnership #
    - [Ext] unpause #
    - [Ext] unset #
    - [Ext] upgradeTo #
    - [Ext] upgradeToAndCall #

 + [Lib] AddressUpgradeable 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] verifyCallResult

 +  Initializable 
    - [Int] _disableInitializers #
    - [Prv] _setInitializedVersion #

 +  ContextUpgradeable (Initializable)
    - [Int] __Context_init #
       - modifiers: onlyInitializing
    - [Int] __Context_init_unchained #
       - modifiers: onlyInitializing
    - [Int] _msgSender
    - [Int] _msgData

 +  PausableUpgradeable (Initializable, ContextUpgradeable)
    - [Int] __Pausable_init #
       - modifiers: onlyInitializing
    - [Int] __Pausable_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] paused
    - [Int] _pause #
       - modifiers: whenNotPaused
    - [Int] _unpause #
       - modifiers: whenPaused

 +  OwnableUpgradeable (Initializable, ContextUpgradeable)
    - [Int] __Ownable_init #
       - modifiers: onlyInitializing
    - [Int] __Ownable_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Int] IERC1822ProxiableUpgradeable 
    - [Ext] proxiableUUID

 + [Int] IBeaconUpgradeable 
    - [Ext] implementation

 + [Lib] StorageSlotUpgradeable 
    - [Int] getAddressSlot
    - [Int] getBooleanSlot
    - [Int] getBytes32Slot
    - [Int] getUint256Slot

 +  ERC1967UpgradeUpgradeable (Initializable)
    - [Int] __ERC1967Upgrade_init #
       - modifiers: onlyInitializing
    - [Int] __ERC1967Upgrade_init_unchained #
       - modifiers: onlyInitializing
    - [Int] _getImplementation
    - [Prv] _setImplementation #
    - [Int] _upgradeTo #
    - [Int] _upgradeToAndCall #
    - [Int] _upgradeToAndCallUUPS #
    - [Int] _getAdmin
    - [Prv] _setAdmin #
    - [Int] _changeAdmin #
    - [Int] _getBeacon
    - [Prv] _setBeacon #
    - [Int] _upgradeBeaconToAndCall #
    - [Prv] _functionDelegateCall #

 +  UUPSUpgradeable (Initializable, IERC1822ProxiableUpgradeable, ERC1967UpgradeUpgradeable)
    - [Int] __UUPSUpgradeable_init #
       - modifiers: onlyInitializing
    - [Int] __UUPSUpgradeable_init_unchained #
       - modifiers: onlyInitializing
    - [Ext] proxiableUUID
       - modifiers: notDelegated
    - [Ext] upgradeTo #
       - modifiers: onlyProxy
    - [Ext] upgradeToAndCall ($)
       - modifiers: onlyProxy
    - [Int] _authorizeUpgrade #

 +  BaseContract (Initializable, PausableUpgradeable, OwnableUpgradeable, UUPSUpgradeable)
    - [Pub] Constructor #
    - [Int] __BaseContract_init #
       - modifiers: onlyInitializing
    - [Ext] pause #
       - modifiers: onlyOwner
    - [Ext] unpause #
       - modifiers: onlyOwner
    - [Pub] setAddressBook #
       - modifiers: onlyOwner
    - [Int] _authorizeUpgrade #
       - modifiers: onlyOwner

 + [Int] IClaim 
    - [Ext] addressBook
    - [Ext] claimNft #
    - [Ext] getOwnerValue
    - [Ext] getTokenValue
    - [Ext] initialize #
    - [Ext] owned
    - [Ext] owner
    - [Ext] pause #
    - [Ext] paused
    - [Ext] proxiableUUID
    - [Ext] renounceOwnership #
    - [Ext] setAddressBook #
    - [Ext] transferOwnership #
    - [Ext] unpause #
    - [Ext] upgradeTo #
    - [Ext] upgradeToAndCall #

 + [Int] IDownline 
    - [Ext] approve #
    - [Ext] available
    - [Ext] balanceOf
    - [Ext] buy #
    - [Ext] claim #
    - [Ext] claimed
    - [Ext] furToken
    - [Ext] getApproved
    - [Ext] isApprovedForAll
    - [Ext] name
    - [Ext] owner
    - [Ext] ownerOf
    - [Ext] paymentToken
    - [Ext] renounceOwnership #
    - [Ext] safeTransferFrom #
    - [Ext] safeTransferFrom #
    - [Ext] setApprovalForAll #
    - [Ext] setFurToken #
    - [Ext] setPaymentToken #
    - [Ext] setTokenUri #
    - [Ext] setTreasury #
    - [Ext] setVerifier #
    - [Ext] sold
    - [Ext] supportsInterface
    - [Ext] symbol
    - [Ext] tokenByIndex
    - [Ext] tokenOfOwnerByIndex
    - [Ext] tokenURI
    - [Ext] tokenValue
    - [Ext] totalSupply
    - [Ext] transferFrom #
    - [Ext] transferOwnership #
    - [Ext] treasury
    - [Ext] value

 + [Int] IToken 
    - [Ext] addressBook
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] balanceOf
    - [Ext] burnTax
    - [Ext] decimals
    - [Ext] decreaseAllowance #
    - [Ext] devTax
    - [Ext] increaseAllowance #
    - [Ext] initialize #
    - [Ext] mint #
    - [Ext] mintLiquidity #
    - [Ext] name
    - [Ext] owner
    - [Ext] pause #
    - [Ext] paused
    - [Ext] proxiableUUID
    - [Ext] renounceOwnership #
    - [Ext] setAddressBook #
    - [Ext] setDevTax #
    - [Ext] setTax #
    - [Ext] setVaultTax #
    - [Ext] symbol
    - [Ext] tax
    - [Ext] totalSupply
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] transferOwnership #
    - [Ext] unpause #
    - [Ext] upgradeTo #
    - [Ext] upgradeToAndCall #
    - [Ext] vaultTax
    - [Ext] version

 +  Vault (BaseContract)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] getParticipant
    - [Ext] getStats
    - [Ext] getProperties
    - [Ext] deposit #
    - [Ext] deposit #
    - [Pub] depositFor #
    - [Pub] depositFor #
    - [Int] _deposit #
    - [Ext] compound #
    - [Int] _compound #
    - [Ext] claim #
    - [Int] _claim #
    - [Int] _effectiveClaims
    - [Int] _claimsSinceTimestamp
    - [Ext] airdrop #
    - [Ext] airdropTeam #
    - [Int] _airdrop #
    - [Int] _addReferrer #
    - [Int] _payUpline #
    - [Ext] getReferrals
    - [Ext] updateReferrer #
    - [Int] _availableRewards
    - [Int] _rewardPercent
    - [Ext] availableRewards
    - [Ext] maxPayout
    - [Ext] remainingPayout
    - [Ext] participantStatus
    - [Ext] participantBalance
    - [Ext] participantMaxed
    - [Ext] claimPrecheck
    - [Ext] rewardRate
    - [Ext] maxThreshold
    - [Int] _token
    - [Int] _downline
    - [Int] _maxThreshold
    - [Int] _maxPayout
    - [Int] _addParticipant #
    - [Int] _sendTokens #
    - [Int] _whaleTax
    - [Ext] updateMaxPayout #
       - modifiers: onlyOwner
    - [Ext] updateMaxReturn #
       - modifiers: onlyOwner
    - [Ext] updatePeriod #
       - modifiers: onlyOwner
    - [Ext] updateLookbackPeriods #
       - modifiers: onlyOwner
    - [Ext] updatePenaltyLookbackPeriods #
       - modifiers: onlyOwner
    - [Ext] updateNeutralClaims #
       - modifiers: onlyOwner
    - [Ext] updateNegativeClaims #
       - modifiers: onlyOwner
    - [Ext] updatePenaltyClaims #
       - modifiers: onlyOwner
    - [Ext] updateRate #
       - modifiers: onlyOwner

About SourceHat

SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

Contact us today to get a free quote for a smart contract audit of your project!

What is a SourceHat Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

  • High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
  • Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
  • Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
  • Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.