| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Re-entrancy | Resolved in updated code. | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
TronHero Token & Staking - Smart Contract Audit Report
Summary
TronHero is a new platform on the Tron blockchain.
Notes on the Contracts:Audit Findings Summary:
- The supply at the time of deployment is 3.6 million tokens, sent to the deployer's address.
- Future tokens will be minted through the staking/mining mechanism.
- The primary owner can cap the supply at any time.
- Anyone can burn their own tokens to reduce the total supply.
- On all transactions of more than 1 token 0.004% of the sent amount is burned and 0.004% is transferred to the team's marketing wallet.
- The event emitted at the end of the transfer does not take these fees into account.
- Users can stake TRX to earn tokens.
- There is a 10% fee charged upon unstaking; and a 5% fee on rewards when withdrawing, all sent to the superFund and marketing addresses controlled by the team.
- Users can provide a referrer upline to provide their referrer with extra rewards. If an upline referrer is not provided, the primary owner's address is used.
- Referrers are rewarded for their referrals and up to 2 additional levels of their referrer's referrals
- When users unstake/withdraw, their rewards (and referral rewards) will be collected as well.
- An emergencyWithdraw function exists so users can withdraw without collecting rewards.
- The deployer is the primary owner; who can add secondary owners to delegate power.
- By default, the deployer is a primary and secondary owner; and is also the superFund and marketing address.
- Any owner can update the addresses of the bot, the superfund, and the marketing address at any time.
- The owners can also update the vesting time, mining rate, the minimum stake; and can start and permanently end mining at any time.
- The default and minimum rewards per block is 3.472 tokens, the minimum stake is 200 TRX, the minimum rewards rate is 0.001.
- The contract utilizes SafeMath to prevent overflows.
- No issues from outside attackers were identified.
- The project team has worked with us to resolve security issues in the code, optimize execution efficiency, and increase the precision of calculations.
- Date: February 14th, 2021.
- Update Date: February 18th, 2021 - Review updated code with our recommendations implemented.
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] ITRC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ TRC20 (ITRC20)
- [Pub] #
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Pub] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Pub] allowance
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] increaseAllowance #
- [Ext] decreaseAllowance #
- [Int] _transfer #
- [Int] _getTF
- [Int] _mint #
- modifiers: isCapped
- [Int] _capSupply #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ Ownable
- [Int] #
- [Pub] owner
- [Ext] transferOwnership #
- modifiers: onlyOwner
+ THEROImplementor (TRC20, Ownable)
- [Pub] #
- modifiers: TRC20
- [Ext] burn #
- [Ext] burnFrom #
- [Ext] capSupplyPermanently #
- modifiers: onlyOwner
+ THEROContract (THEROImplementor)
- [Ext] addOwner #
- [Ext] removeOwner #
- [Ext] setAddresses #
- modifiers: ROLE_A
- [Ext] getAddresses
- [Ext] setVesting #
- modifiers: ROLE_A
- [Ext] setMiningRate #
- modifiers: rewardModifer
- [Ext] setMinimum #
- modifiers: ROLE_A
- [Ext] currentMiningRate
- [Ext] startMining #
- modifiers: ROLE_A
- [Ext] stopMiningPermanently #
- modifiers: ROLE_A
- [Pub] #
- [Ext] ($)
- [Ext] getPoolInfo
- [Ext] getUserInfo
- [Pub] Stake ($)
- [Ext] Unstake #
- [Ext] emergencyUnstake #
- [Int] deposit #
- [Int] depositUpdate #
- [Int] depositACTIVE #
- [Int] withdraw #
- [Int] emergencyWithdraw #
- [Int] withdrawUpdate #
- [Int] withdrawACTIVE #
- [Pub] getMultiplier
- [Ext] pendingReward
- [Ext] getPendingRTS
- [Ext] Claim #
- [Int] refClaim #
- [Pub] updatePool #