TrustFi Booster - Audit Report

Summary

TrustFi Booster Audit Report TrustFi Booster is building a voting system in which users exchange ERC20 tokens for an NFT representing their vote.

For this audit, we reviewed the VoteNFT and RunFor contracts provided to us by the project team.

Notes on the Contracts:
  • The RunFor contract is used to facilitate a voting machanism in which users deposit ERC20 tokens determined by the team and receive a VoteNFT representing their "vote" in return.
  • While the voting period is still active, users can submit a vote by depositing an amount of tokens within the acceptable range; only one submission is allowed per wallet address.
  • A portion of the tokens based on the destruction rate is sent to the 0x..01 address. The remaining portion of tokens is transferred to the admin address controlled by the team.
  • Votes are collected until the end time has elapsed or the maximum total token limit has been reached.
  • The VoteNFT contract is ERC721 compliant; all standard functionality is present.
  • The userVoting() function is protected against any re-entrancy attacks.
  • The Math library is never used and should be removed.
  • The following functions should be declared external instead of public, in the Runfor contract, to save a small amount of gas on each call: setStartTime, setEndTime, setUpperLimit, setLowerLimit, setPoolUpperLimit, setDestructionRate, userVoting, queryMyNft, and queryProjectInfo.
  • The following functions should be declared external instead of public, in the VoteNft contract, to save a small amount of gas on each call: setNftUri, mintNft, and queryUserNftInfo.
  • The following functions should be declared external instead of public, in the Auth contract, to save a small amount of gas on each call: isOperator, addAuth, removeAuth.
  • As the contracts utilize the SafeMath library, the contracts are protected from overflows/underflows.
Ownership Controls:
  • The owner can add any address to the operator list.
  • The operator can set the start time and end time for voting at any time.
  • The operator can set the maximum and minimum vote amount limit at any time.
  • The operator can set the maximum total token limit at any time.
  • The operator can set the destruction rate of tokens at any time.
  • The operator can set the current NFT base URI at any time.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have some control in the ecosystem.
  • Date: December 29th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS


Details: RunFor Contract


RunFor Graph

RunFor


 + [Lib] Math 
    - [Int] max
    - [Int] min
    - [Int] average

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int] Constructor #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  Auth (Context, Ownable)
    - [Int] Constructor #
    - [Pub] isOperator
    - [Pub] addAuth #
       - modifiers: onlyOwner
    - [Pub] removeAuth #
       - modifiers: onlyOwner

 + [Int] IVoteNft 
    - [Ext] mintNft #
    - [Ext] queryUserNftInfo

 +  RunFor (Auth)
    - [Pub] Constructor #
    - [Pub] setStartTime #
       - modifiers: onlyOperator
    - [Pub] setEndTime #
       - modifiers: onlyOperator
    - [Pub] setUpperLimit #
       - modifiers: onlyOperator
    - [Pub] setLowerLimit #
       - modifiers: onlyOperator
    - [Pub] setPoolUpperLimit #
       - modifiers: onlyOperator
    - [Pub] setDestructionRate #
       - modifiers: onlyOperator
    - [Pub] userVoting #
       - modifiers: inspectTime,inspectLock
    - [Pub] isStart
    - [Pub] isEnd
    - [Pub] queryMyNft
    - [Pub] queryProjectInfo


Details: VoteNft Contract


VoteNft Graph

VoteNft


  +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Metadata (IERC721)
    - [Ext] name
    - [Ext] symbol
    - [Ext] tokenURI

 + [Int] IERC721Enumerable (IERC721)
    - [Ext] totalSupply
    - [Ext] tokenOfOwnerByIndex
    - [Ext] tokenByIndex

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 +  ERC165 (IERC165)
    - [Int] Constructor #
    - [Pub] supportsInterface
    - [Int] _registerInterface #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Lib] EnumerableSet 
    - [Prv] _add #
    - [Prv] _remove #
    - [Prv] _contains
    - [Prv] _length
    - [Prv] _at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at

 + [Lib] EnumerableMap 
    - [Prv] _set #
    - [Prv] _remove #
    - [Prv] _contains
    - [Prv] _length
    - [Prv] _at
    - [Prv] _get
    - [Prv] _get
    - [Int] set #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] get
    - [Int] get

 + [Lib] Strings 
    - [Int] toString

 +  ERC721 (Context, ERC165, IERC721, IERC721Metadata, IERC721Enumerable)
    - [Pub] Constructor #
    - [Pub] balanceOf
    - [Pub] ownerOf
    - [Pub] name
    - [Pub] symbol
    - [Pub] tokenURI
    - [Pub] baseURI
    - [Pub] tokenOfOwnerByIndex
    - [Pub] totalSupply
    - [Pub] tokenByIndex
    - [Pub] approve #
    - [Pub] getApproved
    - [Pub] setApprovalForAll #
    - [Pub] isApprovedForAll
    - [Pub] transferFrom #
    - [Pub] safeTransferFrom #
    - [Pub] safeTransferFrom #
    - [Int] _safeTransfer #
    - [Int] _exists
    - [Int] _isApprovedOrOwner
    - [Int] _safeMint #
    - [Int] _safeMint #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _transfer #
    - [Int] _setTokenURI #
    - [Int] _setBaseURI #
    - [Prv] _checkOnERC721Received #
    - [Prv] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] Counters 
    - [Int] current
    - [Int] increment #
    - [Int] decrement #

 +  Ownable (Context)
    - [Int] Constructor #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  Auth (Context, Ownable)
    - [Int] Constructor #
    - [Pub] isOperator
    - [Pub] addAuth #
       - modifiers: onlyOwner
    - [Pub] removeAuth #
       - modifiers: onlyOwner

 +  VoteNft (ERC721, Auth)
    - [Pub] Constructor #
       - modifiers: ERC721
    - [Pub] setNftUri #
       - modifiers: onlyOperator
    - [Pub] mintNft #
       - modifiers: onlyOperator
    - [Pub] queryUserNftInfo