TronHero Token & Staking - Smart Contract Audit Report

Summary

TronHero Audit Report TronHero is a new platform on the Tron blockchain.

We reviewed a contract provided to us by the team. The team has requested the code remain closed-source, so it is not displayed here. We have verified this contract is deployed at TEEoAG6V1soUKsdjtbRvTB29q8dicfqf3M via bytecode comparison.

Notes on the Contracts:

  • The supply at the time of deployment is 3.6 million tokens, sent to the deployer's address.
  • Future tokens will be minted through the staking/mining mechanism.
  • The primary owner can cap the supply at any time.
  • Anyone can burn their own tokens to reduce the total supply.
  • On all transactions of more than 1 token 0.004% of the sent amount is burned and 0.004% is transferred to the team's marketing wallet.
  • The event emitted at the end of the transfer does not take these fees into account.

  • Users can stake TRX to earn tokens.
  • There is a 10% fee charged upon unstaking; and a 5% fee on rewards when withdrawing, all sent to the superFund and marketing addresses controlled by the team.
  • Users can provide a referrer upline to provide their referrer with extra rewards. If an upline referrer is not provided, the primary owner's address is used.
  • Referrers are rewarded for their referrals and up to 2 additional levels of their referrer's referrals
  • When users unstake/withdraw, their rewards (and referral rewards) will be collected as well.
  • An emergencyWithdraw function exists so users can withdraw without collecting rewards.

  • The deployer is the primary owner; who can add secondary owners to delegate power.
  • By default, the deployer is a primary and secondary owner; and is also the superFund and marketing address.
  • Any owner can update the addresses of the bot, the superfund, and the marketing address at any time.
  • The owners can also update the vesting time, mining rate, the minimum stake; and can start and permanently end mining at any time.
  • The default and minimum rewards per block is 3.472 tokens, the minimum stake is 200 TRX, the minimum rewards rate is 0.001.
  • The contract utilizes SafeMath to prevent overflows.

Audit Findings Summary:
  • No issues from outside attackers were identified.
  • The project team has worked with us to resolve security issues in the code, optimize execution efficiency, and increase the precision of calculations.
  • Date: February 14th, 2021.
  • Update Date: February 18th, 2021 - Review updated code with our recommendations implemented.

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
Re-entrancyResolved in updated code.PASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] ITRC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  TRC20 (ITRC20)
    - [Pub]  #
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Pub] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Pub] allowance
    - [Ext] approve #
    - [Ext] transferFrom #
    - [Ext] increaseAllowance #
    - [Ext] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _getTF
    - [Int] _mint #
       - modifiers: isCapped
    - [Int] _capSupply #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  Ownable 
    - [Int]  #
    - [Pub] owner
    - [Ext] transferOwnership #
       - modifiers: onlyOwner

 +  THEROImplementor (TRC20, Ownable)
    - [Pub]  #
       - modifiers: TRC20
    - [Ext] burn #
    - [Ext] burnFrom #
    - [Ext] capSupplyPermanently #
       - modifiers: onlyOwner

 +  THEROContract (THEROImplementor)
    - [Ext] addOwner #
    - [Ext] removeOwner #
    - [Ext] setAddresses #
       - modifiers: ROLE_A
    - [Ext] getAddresses
    - [Ext] setVesting #
       - modifiers: ROLE_A
    - [Ext] setMiningRate #
       - modifiers: rewardModifer
    - [Ext] setMinimum #
       - modifiers: ROLE_A
    - [Ext] currentMiningRate
    - [Ext] startMining #
       - modifiers: ROLE_A
    - [Ext] stopMiningPermanently #
       - modifiers: ROLE_A
    - [Pub]  #
    - [Ext]  ($)
    - [Ext] getPoolInfo
    - [Ext] getUserInfo
    - [Pub] Stake ($)
    - [Ext] Unstake #
    - [Ext] emergencyUnstake #
    - [Int] deposit #
    - [Int] depositUpdate #
    - [Int] depositACTIVE #
    - [Int] withdraw #
    - [Int] emergencyWithdraw #
    - [Int] withdrawUpdate #
    - [Int] withdrawACTIVE #
    - [Pub] getMultiplier
    - [Ext] pendingReward
    - [Ext] getPendingRTS
    - [Ext] Claim #
    - [Int] refClaim #
    - [Pub] updatePool #