TrustFi Booster - Audit Report
Summary
TrustFi Booster is building a voting system in which users exchange ERC20 tokens for an NFT representing their vote.
Notes on the Contracts:Ownership Controls:
- The RunFor contract is used to facilitate a voting machanism in which users deposit ERC20 tokens determined by the team and receive a VoteNFT representing their "vote" in return.
- While the voting period is still active, users can submit a vote by depositing an amount of tokens within the acceptable range; only one submission is allowed per wallet address.
- A portion of the tokens based on the destruction rate is sent to the 0x..01 address. The remaining portion of tokens is transferred to the admin address controlled by the team.
- Votes are collected until the end time has elapsed or the maximum total token limit has been reached.
- The VoteNFT contract is ERC721 compliant; all standard functionality is present.
- The userVoting() function is protected against any re-entrancy attacks.
- The Math library is never used and should be removed.
- The following functions should be declared external instead of public, in the Runfor contract, to save a small amount of gas on each call: setStartTime, setEndTime, setUpperLimit, setLowerLimit, setPoolUpperLimit, setDestructionRate, userVoting, queryMyNft, and queryProjectInfo.
- The following functions should be declared external instead of public, in the VoteNft contract, to save a small amount of gas on each call: setNftUri, mintNft, and queryUserNftInfo.
- The following functions should be declared external instead of public, in the Auth contract, to save a small amount of gas on each call: isOperator, addAuth, removeAuth.
- As the contracts utilize the SafeMath library, the contracts are protected from overflows/underflows.
Audit Findings Summary
- The owner can add any address to the operator list.
- The operator can set the start time and end time for voting at any time.
- The operator can set the maximum and minimum vote amount limit at any time.
- The operator can set the maximum total token limit at any time.
- The operator can set the destruction rate of tokens at any time.
- The operator can set the current NFT base URI at any time.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have some control in the ecosystem.
- Date: December 29th, 2021
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Centralization of Control | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Details: RunFor Contract
+ [Lib] Math
- [Int] max
- [Int] min
- [Int] average
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ Auth (Context, Ownable)
- [Int] Constructor #
- [Pub] isOperator
- [Pub] addAuth #
- modifiers: onlyOwner
- [Pub] removeAuth #
- modifiers: onlyOwner
+ [Int] IVoteNft
- [Ext] mintNft #
- [Ext] queryUserNftInfo
+ RunFor (Auth)
- [Pub] Constructor #
- [Pub] setStartTime #
- modifiers: onlyOperator
- [Pub] setEndTime #
- modifiers: onlyOperator
- [Pub] setUpperLimit #
- modifiers: onlyOperator
- [Pub] setLowerLimit #
- modifiers: onlyOperator
- [Pub] setPoolUpperLimit #
- modifiers: onlyOperator
- [Pub] setDestructionRate #
- modifiers: onlyOperator
- [Pub] userVoting #
- modifiers: inspectTime,inspectLock
- [Pub] isStart
- [Pub] isEnd
- [Pub] queryMyNft
- [Pub] queryProjectInfo
Details: VoteNft Contract
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Int] IERC721Enumerable (IERC721)
- [Ext] totalSupply
- [Ext] tokenOfOwnerByIndex
- [Ext] tokenByIndex
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ ERC165 (IERC165)
- [Int] Constructor #
- [Pub] supportsInterface
- [Int] _registerInterface #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ [Lib] EnumerableMap
- [Prv] _set #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _get
- [Prv] _get
- [Int] set #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] get
- [Int] get
+ [Lib] Strings
- [Int] toString
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata, IERC721Enumerable)
- [Pub] Constructor #
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Pub] baseURI
- [Pub] tokenOfOwnerByIndex
- [Pub] totalSupply
- [Pub] tokenByIndex
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _setTokenURI #
- [Int] _setBaseURI #
- [Prv] _checkOnERC721Received #
- [Prv] _approve #
- [Int] _beforeTokenTransfer #
+ [Lib] Counters
- [Int] current
- [Int] increment #
- [Int] decrement #
+ Ownable (Context)
- [Int] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ Auth (Context, Ownable)
- [Int] Constructor #
- [Pub] isOperator
- [Pub] addAuth #
- modifiers: onlyOwner
- [Pub] removeAuth #
- modifiers: onlyOwner
+ VoteNft (ERC721, Auth)
- [Pub] Constructor #
- modifiers: ERC721
- [Pub] setNftUri #
- modifiers: onlyOperator
- [Pub] mintNft #
- modifiers: onlyOperator
- [Pub] queryUserNftInfo