Vinci
Smart Contract Audit Report
Audit Summary
Vinci is a platform of an ERC-20 token, NFTs, Staking Pools, and an NFT marketplace.
For this audit, we reviewed the following contracts:
- Vinci contract at 0xc4398e483b178ac559b4fe665c6bce70a179f80f on the Ethereum Mainnet.
- VinciNFT contract at 0xd7518Fb521Eb41Cd0dF072363227e6624DecF179 on the Rinkeby Testnet.
- SimpleLPPool contract at 0x4381d8191be655c7fdac93a741a06b8a972b47dd on the Binance Smartchain.
- VinciStakingV1 contract at 0x60c1664E71B918C53fae153cc1d216e8175FC34F on the Binance Smartchain.
- Auction contract at 0xffb99157741238b60adedd7efe4316f497dbbfb9 on the Rinkeby Testnet.
Audit Findings
All findings have been resolved, though some centralized aspects are present.
Date: June 10th, 2022.
Updated: June 12th, 2022 with updates to resolve findings.
Updated: June 13th, 2022 with mainnet addresses.
Updated: June 20th, 2022 with NFT auction contract.Finding #1 - SimpleLPPool - High (Resolved)
Description: Staking rewards are only received if users stake for 12 months.
Risk/Impact: Users who lock their tokens for 4 or 8 months will not receive any rewards.
Recommendation: All users should receive rewards when unstaking their LP tokens.
Resolution: Users now receive a reward scaling with the LP lock duration.Finding #2 - SimpleLPPool - High (Resolved)
Description: Users' LP tokens are still staked if there are not sufficient Vinci reward tokens.
Risk/Impact: Users may inadvertently stake their tokens for no rewards.
Recommendation: The transaction should revert if there are insufficient tokens, or users should be given the option to revert if there are insufficient tokens.
Resolution: The staking transaction will now revert if there are insufficient tokens for rewards.
Contracts Overview
Vinci Contract
- The contracts utilize ReentrancyGuard to protect against reentrancy attacks in applicable functions.
- As the contracts are implemented with Solidity v0.8.14, they are safe from any possible overflows/underflows.
- The team must exercise caution when assigning the staking token to avoid using fee-on-transfer tokens.
VinciSale Contract
- The total supply of the token is set to 100 billion $VINCI.
- No mint or burn functions are present though the circulating supply can be decreased by sending tokens to the 0x..dead address.
- The owner may lock tokens at any time. This will transfer the specified amount of tokens to a newly created TokenTimeLock contract where they release to the recipient at the specified time.
- The owner may create a sales contract at any time. This will create a VinciSale contract and transfer the specified amount of tokens where they may subsequently be purchased.
- The owner may transfer any amount of tokens to any address at any time.
TokenTimeLock Contract
- Any user may use this contract to purchase Vinci tokens using an "exchange asset".
- Users must supply the raw number of tokens to be purchased as the contract will convert to the correct number of decimals.
- Users must supply the cost of the number of tokens in the exchange asset.
- If the "release time" specified upon deployment has passed, users will receive the Vinci tokens immediately.
- If the release time has not passed, the tokens will be transferred to a new TokenTimeLock contract where they can be withdrawn after the release time.
- The Vinci tokens to be purchased must be supplied to the contract or purchases will fail.
- The owner may withdraw all of the exchange asset from the contract at any time.
- The owner may withdraw all Vinci tokens from the contract at any time.
VinciNFT Contract
- This contract is used to lock a specified token until a specified time.
- The token, recipient, and release time are specified upon deployment.
- The recipient may withdraw all of the tokens from the contract after the release time.
SimpleLPPool Contract
- This contract is used to mint VinciNFTs.
- The contract complies with the EIP-2981 NFT royalty standard.
- There is no maximum supply of NFTs.
- A "royalty percentage" is set for each NFT; the default value is 10%.
- The royalty percentage has no functionality within this contract but is intended to be used by NFT marketplaces to calculate royalty during a transaction.
- The owner can mint any number of NFTs to any address at no cost; if the recipient address is a contract, they must have implemented the onERC721Received() function in order to successfully receive the NFT.
- The owner may update the default royalty receiver and default royalty percentage at any time.
VinciStakingV1 Contract
- Any user may use this contract to stake LP tokens to earn rewards in Vinci tokens.
- Staked LP tokens are locked for an increment of 4, 8, or 12 months.
- Users will receive a "vinci per LP token" amount of Vinci tokens for each LP token staked based on the number of months users are staking; a higher stake duration corresponds to a higher Vinci reward.
- Users may retrieve their staked LP tokens once the lock duration has passed.
- Vinci tokens must be supplied to the contract for rewards using the provided functionality or users will not earn rewards; any address may provide Vinci tokens to the contract.
Auction Contract
- Any user may use this contract to stake Vinci tokens for rewards in additional Vinci tokens.
- The contract correctly keeps separate balances of staked and rewards tokens to prevent a user from receiving another user's staked tokens as rewards.
- Users are given a checkpoint when they first stake in the contract.
- Checkpoints are set to the block duration times the user's multiplier in the future.
- Users' multiplier decrease as they cross each checkpoint.
- When a checkpoint is crossed and another action is performed in the contract, the user's checkpoint will be updated.
- Users may also manually trigger a checkpoint update if they have passed their checkpoint time.
- Updating a checkpoint will move users' checkpoints in the future, update their staking tier as needed, and give them "superstaker" status if they are staking any amount of tokens.
- Tokens may be in various "states" based on the various actions users may perform in the contract.
- Staked tokens will be in the "active staking" state.
- Users will receive a reward amount on each block based on the amount staked, the length of time staked, and the contract's APR.
- Accumulated rewards are in the "unclaimable" status.
- A "pledge share" will be taken from all earned rewards and added to the "owners pot".
- Users may unstake their tokens at any time.
- Unstaking will move tokens out of the active staking state into the "currently unstaking" state. Tokens will no longer accumulate rewards in this state.
- The user's unlock time will be set the "unstaking duration" from the current timestamp.
- Users will pay a penalty when unstaking based on the amount being unstaked relative to the user's total staked balance and the user's tokens in the "unclaimed" state.
- The penalty is added to the pool's "penalty pot" balance.
- Users may schedule an unstake at any time.
- Scheduling an unstake will move tokens from the active staking state to the "scheduled unstaking" state. Tokens will continue to earn rewards in this state.
- Users may cancel a scheduled unstake at any time. Canceling a scheduled unstake will move all tokens in the scheduled unstaking state back into the active staking state.
- Once a user's unlock time has passed and a checkpoint update occurs, their tokens are moved from the currently unstaking and unclaimable status to the claimable status.
- Users may claim their unstaked tokens and rewards when they are in the "claimable" status; the contract must have sufficient Vinci tokens or the claim will fail.
- Users may trigger a relock at any time. This will recalculate their staking tier and move their checkpoint the block duration times their multiplier in the future.
- Users may move their tokens between pools at any time; this has no on-chain effect and relies on the use of off-chain logic.
- Any user may contribute tokens to the staking rewards; users must explicitly use the contract's fund functionality or the tokens will not contribute to the staking rewards.
- Users may airdrop any user Vinci tokens at any time; this will add the tokens to their unclaimable balance. If not already staking, users must stake to receive a checkpoint in order to claim the tokens
- The owner may distribute any amount of the penalty pot to less than 50 addresses' unclaimable balance at any time.
- The owner may transfer any amount of tokens from the rewards fund to any address' unclaimable rewards at any time.
- The owner may update the threshold for each tier to any value at any time.
- The owner may withdraw the collected owners pot at any time.
- The owner may set any users pledge share at any time.
- The owner may withdraw any non-Vinci ERC-20 token from the contract at any time.
- Any address may use this contract to auction a VinciNFT; an NFT may be sold in a standard, English, or Dutch auction.
- In a standard auction, users may specify up to 10 different prices and tokens. The 0x0 address is used to represent ETH.
- Users may purchase an NFT from a standard auction by specifying the desired token and price.
- Users may create an English auction by specifying a token used to bid, minimum price, end time, and time increase amount.
- A first bid may be placed for at least the specified minimum amount; each additional bid must be higher than the current highest bid.
- After a bid is placed, the auction end time is delayed by the time increase amount.
- The user who created the auction may choose to close the auction and accept the current bid at any time.
- Any user may close the auction once the end time has passed.
- Users may create a Dutch auction by specifying a start and end time with a start and end price.
- The auction's price will begin at the start price and time. The price will decrease over time until reaching the end price at the end time.
- Users may purchase the NFT for at least the auction's current price up to a "Dutch auction margin" at any time.
- Users will pay a fee when purchasing an NFT in a standard or Dutch auction; only the final bid will pay fees in an English auction.
- Users may withdraw tokens from a successful auction or a failed bid at any time.
- Users may cancel any of their auctions at any time.
- The owner may set the fees to any value up to 100% at any time.
- The owner may set the Dutch auction margin to any non-zero value at any time.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Jump/Storage Write | N/A | PASS |
| Centralization of Control |
| WARNING |
| Compiler Issues | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Ether/Token Theft | N/A | PASS |
| Flash Loans | N/A | PASS |
| Front Running | N/A | PASS |
| Improper Events | N/A | PASS |
| Improper Authorization Scheme | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Oracle Issues | N/A | PASS |
| Outdated Compiler Version | N/A | PASS |
| Race Conditions | N/A | PASS |
| Reentrancy | N/A | PASS |
| Signature Issues | N/A | PASS |
| Unbounded Loops | N/A | PASS |
| Unused Code | N/A | PASS |
| Overall Contract Safety | PASS |
Vinci Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] Constructor #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _spendAllowance #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ TokenTimelock
- [Pub] Constructor #
- [Pub] token
- [Pub] beneficiary
- [Pub] releaseTime
- [Pub] release #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ TokenTimelock
- [Pub] Constructor #
- [Pub] token
- [Pub] beneficiary
- [Pub] releaseTime
- [Pub] release #
+ VinciSale (Ownable)
- [Pub] Constructor #
- [Pub] buy #
- [Pub] getProceeds #
- modifiers: onlyOwner
- [Pub] getVinci #
- modifiers: onlyOwner
+ Vinci (ERC20, Ownable)
- [Pub] Constructor #
- modifiers: ERC20
- [Pub] lockTokens #
- modifiers: onlyOwner
- [Pub] withdraw #
- modifiers: onlyOwner
- [Pub] createSalesContract #
- modifiers: onlyOwner
VinciNFT Contract
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata)
- [Pub] Constructor #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Int] _setApprovalForAll #
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ [Int] IERC2981 (IERC165)
- [Ext] royaltyInfo
+ ERC2981 (IERC2981, ERC165)
- [Pub] supportsInterface
- [Ext] royaltyInfo
- [Int] _feeDenominator
- [Int] _setDefaultRoyalty #
- [Int] _deleteDefaultRoyalty #
- [Int] _setTokenRoyalty #
- [Int] _resetTokenRoyalty #
+ ERC721Royalty (ERC2981, ERC721)
- [Pub] supportsInterface
- [Int] _burn #
+ VinciNFT (ERC721Royalty, Ownable)
- [Pub] Constructor #
- modifiers: ERC721
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] mintToUser #
- modifiers: onlyOwner
- [Int] _baseURI
- [Pub] setDefaultRoyalty #
- modifiers: onlyOwner
- [Pub] contractURI
SimpleLPPool Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] Constructor #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _spendAllowance #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ SimpleLPPool (Ownable)
- [Pub] Constructor #
- [Ext] setVinciPerLPToken #
- modifiers: onlyOwner,reentrancyLock
- [Ext] newStake #
- modifiers: reentrancyLock
- [Ext] retrieveStake #
- modifiers: reentrancyLock
- [Ext] addVinci #
- modifiers: reentrancyLock
- [Pub] getNumberOfStakes
- [Pub] getMyNumberOfStakes
- [Pub] getStakeAmount
- [Pub] getMyStakeAmount
- [Pub] getStakeLockedUntil
- [Pub] getMyStakeLockedUntil
- [Pub] getStakeMonthsLocked
- [Pub] getMyStakeMonthsLocked
VinciStakingV1 Contract
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ [Int] IERC721Metadata (IERC721)
- [Ext] name
- [Ext] symbol
- [Ext] tokenURI
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ ERC721 (Context, ERC165, IERC721, IERC721Metadata)
- [Pub] Constructor #
- [Pub] supportsInterface
- [Pub] balanceOf
- [Pub] ownerOf
- [Pub] name
- [Pub] symbol
- [Pub] tokenURI
- [Int] _baseURI
- [Pub] approve #
- [Pub] getApproved
- [Pub] setApprovalForAll #
- [Pub] isApprovedForAll
- [Pub] transferFrom #
- [Pub] safeTransferFrom #
- [Pub] safeTransferFrom #
- [Int] _safeTransfer #
- [Int] _exists
- [Int] _isApprovedOrOwner
- [Int] _safeMint #
- [Int] _safeMint #
- [Int] _mint #
- [Int] _burn #
- [Int] _transfer #
- [Int] _approve #
- [Int] _setApprovalForAll #
- [Prv] _checkOnERC721Received #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ [Int] IERC2981 (IERC165)
- [Ext] royaltyInfo
+ ERC2981 (IERC2981, ERC165)
- [Pub] supportsInterface
- [Ext] royaltyInfo
- [Int] _feeDenominator
- [Int] _setDefaultRoyalty #
- [Int] _deleteDefaultRoyalty #
- [Int] _setTokenRoyalty #
- [Int] _resetTokenRoyalty #
+ ERC721Royalty (ERC2981, ERC721)
- [Pub] supportsInterface
- [Int] _burn #
+ VinciNFT (ERC721Royalty, Ownable)
- [Pub] Constructor #
- modifiers: ERC721
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] mintToUser #
- modifiers: onlyOwner
- [Int] _baseURI
- [Pub] setDefaultRoyalty #
- modifiers: onlyOwner
- [Pub] contractURI
Auction Contract
($) = payable function
# = non-constant function
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ AuctionContract (Ownable)
- [Pub] Constructor #
- [Pub] withdraw #
- modifiers: reentrancyLock
- [Pub] setFee #
- modifiers: onlyOwner
- [Pub] setMarginSecondsForDutchAuction #
- modifiers: onlyOwner
- [Pub] startSale #
- modifiers: reentrancyLock,notSoldOrInAuction
- [Pub] cancelSale #
- modifiers: reentrancyLock,beingSold
- [Pub] buy ($)
- modifiers: reentrancyLock,beingSold
- [Pub] englishStartAuction #
- modifiers: reentrancyLock,notSoldOrInAuction
- [Pub] englishBid ($)
- modifiers: reentrancyLock,beingEnglishAuctioned
- [Pub] englishCancelAuction #
- modifiers: reentrancyLock
- [Pub] englishFinalizeAuction #
- modifiers: reentrancyLock
- [Pub] dutchStartAuction #
- modifiers: reentrancyLock,notSoldOrInAuction
- [Pub] dutchAuctionPriceAtTimestamp
- modifiers: beingDutchAuctioned
- [Pub] dutchAuctionCurrentPrice
- [Pub] dutchBuyToken ($)
- modifiers: reentrancyLock,beingDutchAuctioned
- [Pub] dutchCancelAuction #
- modifiers: reentrancyLock,beingDutchAuctioned
- [Pub] getSaleOwner
- [Pub] getSalePricesLength
- [Pub] getSalePrice
- [Pub] isBeingSold
- [Pub] isInEnglishAuction
- [Pub] isInDutchAuction
- [Pub] isBeingSoldOrAuctioned
- [Prv] _addWithdrawable #
- [Prv] _deleteEnglishAuction #
- [Prv] _deleteDutchAuction #
- [Int] _priceDropPerSecondForDutchAuction #
About SourceHat
SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1300+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value across 1500 projects!.
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!
Contact us today to get a free quote for a smart contract audit of your project!
What is a SourceHat Audit?
Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.
How Do I Interpret the Findings?
Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:
- High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
- Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
- Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
- Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.