PRüF - Audit Report

Summary

PRüF Audit Report PRüF is an asset provenance platform. Using PRüF, you can be sure that the products you buy online or on the street are genuine, not fakes or copies. Each item you tokenize with PRüF is privately and provably yours, making it resistant to loss and theft.

We audited PRüF at commit 7bfef37973c8b8b15d840fe6eaf83e25ed313ea7 on GitHub. When the contracts are deployed we will add their respective addresses below.

Audit Findings Summary:
  • The PRüF system is set up so users can validate the authenticity and clear title status to real-world assets. This is achieved through assigning unique anonymous identifiers to asset classes and their members (your assets) where these assets can be reported as counterfeit or stolen.
  • Brands or other entities will be able to operate as nodes (indicated by an NFT token) in the ecosystem - defining asset classes and opening usage of the system to its customers.

  • The team has the power to upgrade/alter various parts of the ecosystem..
  • PRüF's contracts are intended to be deployed behind upgradable proxies so the team can introduce new features as the project evolves.
  • Excellent usage of ReentrancyGuard in all applicable publicly-accessible functions.

  • The PRüF code came with dozens of passing test cases and robust documentation. The team has tested both basic functionality as well as modeling possible attempted external attacks.
  • Note that the team is publicly known. We spoke to James Smyth to organize this audit.
  • Explaining the entire PRüF ecosystem here would be redundant. We recommend viewing the project's whitepaper to get more details; specifically the 'Technical Overview' section. We can verify this code supports the model laid out in the paper and functions as intended.


  • No security issues from outside attackers were identified.
  • Investing requires placing considerable trust in the project team and any node providers as they have substantial power in the ecosystem.
  • Date: December 30th, 2020

External Threats - Audit Results

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
External Service Providers Users will have the option to attach additional data to their tracked assets
and have that data stored on IPFS; making it essentially immutable.
PASS
Flash Loans N/A PASS
Integer Over/Underflow N/A PASS
Multiple Sends N/A PASS
Oracles N/A PASS
Reentrancy Issues N/A PASS
Suicide N/A PASS
State Change External Calls N/A PASS
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS

Name

Address

Description

AC_MGR

Not yet deployed.

Function Graph.   Inheritance Chart.

AC_TKN

Not yet deployed.

Function Graph.   Inheritance Chart.

APP

Not yet deployed.

Function Graph.   Inheritance Chart.

APP_NC

Not yet deployed.

Function Graph.   Inheritance Chart.

A_TKN

Not yet deployed.

Function Graph.   Inheritance Chart.

BASIC

Not yet deployed.

Function Graph.   Inheritance Chart.

CORE

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR2

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR_CORE

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR_MGR

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR_NC

Not yet deployed.

Function Graph.   Inheritance Chart.

ID_TKN

Not yet deployed.

Function Graph.   Inheritance Chart.

NP

Not yet deployed.

Function Graph.   Inheritance Chart.

NP_NC

Not yet deployed.

Function Graph.   Inheritance Chart.

PIP

Not yet deployed

Function Graph.   Inheritance Chart.

PRESALE

0xb7D09306d0C5D3C2A5C0FDc1146efb2415445Cf3Not yet deployed.

Function Graph.   Inheritance Chart.

RCLR

Not yet deployed.

Function Graph.   Inheritance Chart.

STOR

Not yet deployed.

Function Graph.   Inheritance Chart.

UTIL_TKN

0xa49811140E1d6f653dEc28037Be0924C811C4538

Function Graph.   Inheritance Chart.

VERIFY

Not yet deployed.

Function Graph.   Inheritance Chart.


Fixes & Improvements

Fixes reccomended and implemented during the audit:
  • Confirmation that the transfer function in PRUF_VERIFY is secure.
  • Misspelling of SafeMath in imports in PRUF_helper and PRUF_STOR (Not a security issue).