PRüF - Smart Contract Audit Report
Summary
PRüF is an asset provenance platform. Using PRüF, you can be sure that the products you buy online or on the street are genuine, not fakes or copies. Each item you tokenize with PRüF is privately and provably yours, making it resistant to loss and theft.
Audit Findings Summary:
- The PRüF system is set up so users can validate the authenticity and clear title status to real-world assets. This is achieved through assigning unique anonymous identifiers to asset classes and their members (your assets) where these assets can be reported as counterfeit or stolen.
- Brands or other entities will be able to operate as nodes (indicated by an NFT token) in the ecosystem - defining asset classes and opening usage of the system to its customers.
- The team has the power to upgrade/alter various parts of the ecosystem..
- PRüF's contracts are intended to be deployed behind upgradable proxies so the team can introduce new features as the project evolves.
- Excellent usage of ReentrancyGuard in all applicable publicly-accessible functions.
- The PRüF code came with dozens of passing test cases and robust documentation. The team has tested both basic functionality as well as modeling possible attempted external attacks.
- Note that the team is publicly known. We spoke to James Smyth to organize this audit.
- Explaining the entire PRüF ecosystem here would be redundant. We recommend viewing the project's whitepaper to get more details; specifically the 'Technical Overview' section. We can verify this code supports the model laid out in the paper and functions as intended.
- No security issues from outside attackers were identified.
- Investing requires placing considerable trust in the project team and any node providers as they have substantial power in the ecosystem.
- Date: December 30th, 2020
External Threats - Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| External Service Providers | Users will have the option to attach additional data to their tracked assets and have that data stored on IPFS; making it essentially immutable. | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Reentrancy Issues | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Name | Address | Description |
AC_MGR | ||
AC_TKN | ||
APP | ||
APP_NC | ||
A_TKN | ||
BASIC | ||
CORE | ||
ECR | ||
ECR2 | ||
ECR_CORE | ||
ECR_MGR | ||
ECR_NC | ||
ID_TKN | ||
NP | ||
NP_NC | ||
PIP | Not yet deployed | |
PRESALE | 0xb7D09306d0C5D3C2A5C0FDc1146efb2415445Cf3Not yet deployed. | |
RCLR | ||
STOR | ||
UTIL_TKN | ||
VERIFY |