Murder Penguin

Smart Contract Audit Report

Audit Summary

Murder Penguin is building 3 new tokens and a new token locking platform.

For this audit, we reviewed the following contracts on the Ethereum Mainnet:

• MurderPenguin contract at 0x59cEA536575D0A2688a81f95D9B89C738A177D06.
• IGLOO contract at 0xf12162FEfE50d600A6604977D6cbBB0F83B0C328.
• xIGLOOFees and xIGLOO contract at 0xb795350083Bc845e9a0a32a6F7eA78D079B21AE1.
• Icebox contract at 0x391c231AEc15926aE9c39cA0D7E3ec2f365A4459.

Audit Findings

Medium findings were identified and the team should resolve these issues. In addition, centralized aspects are present.
Date: March 2nd, 2023.

Finding #1 - Icebox - Medium

Description: In the freeze() function, the number of months assigned to a lock is automatically set to 36 when calculating the number of Igloo tokens to send to the user in the following if-statement.

else if (_pair.token1() == weth) {
	if (factory.getPair(_pair.token0(), weth) == _token) {
		uint256 _months = _seconds / 2629800;
		_months = 36;
...
			uint256 _tokens = IGLOO.balanceOf(address(this)) * _months / 10000;

Risk/Impact: The number of Igloo tokens transferred to the user will always be calculated based on the contract's maximum month value of 36, which will result in users receiving more Igloo tokens than intended.
Recommendation: The project team should remove the following line from the above if-statement:

_months = 36;	

Resolution: The team has not yet addressed this issue.

---

Finding #2 - Icebox - Low

Description: The require statement in the setFee() function improperly checks the fee state variable rather than the _fee parameter.

function setFee(uint256 _fee) external onlyTreasury {
	require(1 ether >= fee);
	fee = _fee;
}

Risk/Impact: The owner can set the fee to a value above 1 ETH. If this is performed, the change will be permanent.
Recommendation: The team should modify the above require statement as follows:

require(1 ether >= _fee);

Resolution: The team has not yet addressed this issue.

---

Finding #3 - MurderPenguin - Low

Description: The owner can use the lock() function to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and the unlock() function can be used.
Risk/Impact: The unlock() function can be used after ownership has been set to address(0), which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee percentages.
Recommendation: We recommend the team modify the unlock() function to set _previousOwner to address(0) at the end of the function or remove the lock functionality from the contract altogether.
Resolution: The team has not yet addressed this issue.

---

Finding #4 - Icebox - Informational

Description: The nonReentrant modifier is unnecessarily used in the following functions as no external calls are performed.

transfer(), refreeze(), unfreeze(), setFee(), setTreasuryMPG(), setTreasuryIGLOO(), and setTreasuryBps()

Recommendation: The nonReentrant modifier could be removed from the above functions for additional gas savings on each call.

Contracts Overview

MurderPenguin Contract:

• The total supply of the token is set to 1 trillion $MPG [1,000,000,000,000].
• No mint or burn functions are accessible, though the circulating supply can be decreased by sending tokens to the 0x..dead address.
• At the time of writing this report, there are 720 token holders. The total token allocation is as follows:
  • 80.6% of the total supply has been sent to the 0x..dead address.
  • 1.2% of the total supply is in Uniswap liquidity.
  • Of that liquidity, 88.15% of the LP tokens are locked in a Unicrypt token locking contract and will unlock on January 1st, 2026.
  • 10.7% of the LP tokens belong to the team's Murder Penguin Arsenal wallet.
  • The next five EOAs own a cumulative 4.62% of the total supply.
  
  
• Blacklisted accounts are prohibited from participating in transfers.
• The contract enforces a maximum transaction amount (determined by the owner) which imposes a limit to the number of tokens that can be transferred in a single transaction.
• There is a Tax fee and Team fee on all transfers where neither the sender nor the recipient is excluded from fees.
• The tokens collected through the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution that automatically benefits all token holders at the time of each transaction.
• The Pair address is properly excluded from the contract's reward mechanism to prevent theft-of-liquidity attacks.
• The tokens collected through the Team fee are stored in the contract address. The tokens are swapped for ETH and sent to the team's Murder Penguin Arsenal wallet when the following conditions are met:
  • The automatic liquidity add functionality is enabled by the team.
  • The threshold number of 5,000 tokens in the contract address has been reached.
  • The contract is not currently swapping tokens for ETH.
  • The caller is not initiating a buy transaction via Uniswap.
• The contract utilizes the SafeMath library to protect against overflows/underflows.
• The contract complies with the ERC-20 token standard.


• The owner can set both the Tax fee and Team fee to any percentages between 1% and 25% at any time.
• The owner can exclude and include accounts from transfer fees and reward distribution.
• The owner can add/remove accounts from the transfer blacklist at any time.
• The owner can update the maximum transaction amount to any value at any time.
• The owner can exclude and include accounts from the maximum transaction restriction at any time.
• The owner can enable/disable the automatic token swapping functionality at any time.
• The owner can swap the tokens in the contract address for ETH and withdraw the ETH from the contract at any time.
• The owner can update the team's Murder Penguin Arsenal wallet at any time.

IGLOO Contract:

• The total supply of the token is set to 100 million $IGLOO [100,000,000].
• No mint or burn functions are accessible, though the circulating supply can be decreased by sending tokens to the 0x..dead address.
• At the time of writing this report, there are 223 token holders. The total token allocation is as follows:
  • 35% of the total supply belongs to the Icebox contract.
  • 27.29% of the total supply belongs to the xIGLOO contract.
  • 10.32% of the total supply is in Uniswap liquidity.
  • Of that liquidity, 100% of the LP tokens belong to the Icebox contract.
  • 4.39% of the total supply has been sent to the 0x..dead address.
  • The next five EOAs own a cumulative 5.67% of the total supply.
• Trading must be enabled by the owner in order for all transfers to take place on the platform. Only the owner can initiate a transfer when trading is disabled.
• Blacklisted accounts are prohibited from participating in transfers.
• The contract enforces a maximum transaction amount (determined by the owner) which imposes a limit to the number of tokens that can be transferred in a single transaction.
• The contract enforces a maximum wallet amount that prevents a transfer from occurring if the recipient's token balance will exceed the limit number of tokens (determined by the owner) after the transfer occurs.
• There is a fee charged on all buys and sells via Uniswap where neither the sender nor the recipient is excluded from fees.
• The Icebox address set by the team can set a "freeze" time for any address to the current time of the transaction.
• Users that have been assigned a freeze time will initially be charged 99% fees on sells. This fee percentage is decreased for the user by 1% every day until the contract's current Sell fee is reached.
• The tokens collected through the fee are stored in the contract. The tokens are swapped for ETH on sells. 70% of the received ETH is set to the team's Treasury wallet and the remaining 30% is sent to the "Staking" contract through the use of the deposit() function.
• As the contract is deployed with Solidity v0.8.13, it is safe from any possible overflows/underflows.


• The owner can set both the buy fee and sell fee to any percentages up to 100% at any time.
• The owner can add/remove accounts from the transfer blacklist at any time.
• The owner can exclude and include accounts from transfer fees at any time.
• The owner can exclude and include accounts from the maximum transaction and maximum wallet restrictions at any time.
• The owner can set the maximum transaction amount and maximum wallet amount to any values at any time.
• The owner can set the Icebox address, Treasury address, and Staking address to any addresses at any time.
• The owner can pause/unpause trading at any time.
• The owner can withdraw any tokens or ETH from the contract at any time.

xIGLOO and xIGLOOFees contracts:

• The total supply of the token is currently ~27.289 million xIGLOO [27,289,561].
• At the time of writing this report, there are 56 token holders. The total token allocation is as follows:
  • The first five EOAs own a cumulative 37.83% of the total supply.
  • The next five EOAs own a cumulative 19.75% of the total supply.
  
  
• Any user can specify a number of Igloo tokens to stake into the contract. The user must grant the contract a sufficient Igloo allowance in order for the stake to successfully occur.
• The contract will be minted xIGLOO tokens at a 1:1 ratio to the stake amount. The xIGLOO tokens are subsequently sent from the contract to the caller.
• Any user can specify a number of xIGLOO tokens to unstake at any time. The xIGLOO tokens are sent to the contract and subsequently burned. In return, the user is transferred Igloo tokens from the contract at a 1:1 ratio to the unstake amount.
• The user must grant the contract a sufficient xIGLOO allowance in order for the unstake to successfully occur.
• The Igloo contract can call the deposit() function and transfer an amount of ETH to the xIGLOOFees contract to fund dividend rewards for holders.
• Any user that holds any amount of tokens is eligible to claim dividends at any time. Claiming automatically occurs on behalf of the sender and the recipient on all transfers.
• Claimed dividends are sent to the user's wallet address.
• As the contract is deployed with Solidity v0.8.13, it is safe from any possible overflows/underflows.
• The contract utilizes ReentrancyGuard to prevent reentrancy attacks in applicable functions.


• The owner can exclude accounts from dividends at any time.
• The owner can withdraw any tokens from the xIGLOOFees contract at any time.
• The owner can withdraw any tokens besides Igloo and xIgloo from the xIGLOO contract at any time.
• The owner can withdraw any ETH from the xIGLOO contract at any time.

Icebox Contract:

• Any user can initiate a freeze transaction by specifying a token address, a number of tokens to lock, a lock duration (in seconds), and providing an amount of ETH to cover the contract's fee.
• The specified number of tokens are transferred to the contract. The user must grant the contract a sufficient allowance in order for the transaction to successfully occur.
• The specified token cannot be a fee-on-transfer token or the Icebox contract must be excluded from the token's fee mechanism.
• The provided ETH is split between the treasuryMPG and treasuryIGLOO addresses based on the percentages set by the team.
• If the lock duration exceeds at least 1 month and the token is an LP token, a number of Igloo tokens are transferred to the caller based on the current Igloo balance of the contract and the number of months in the lock duration.
• An amount-out value is calculated based on the current reserves values of the token in the Pair. If this value exceeds the contract's maximum token value, the number of Igloo tokens the user will receive is the returned amount-in value based on the current reserves.
• A freeze time is set on behalf of the caller in the IGLOO contract.
• Any lock creator can transfer ownership of the lock to another user if the tokens are still currently locked.
• Any lock creator can extend the unlock time by a specified number of seconds if the tokens are still currently locked.
• Any lock creator can unlock their locked tokens once the unlock time has passed. The tokens are transferred from the contract to the lock creator for the full locked amount.
• The treasuryMPG address or treasuryIGLOO address can set the lock fee to any value up to 1 ETH.
• The treasuryMPG address or treasuryIGLOO address can update the treasuryMPG address and treasuryIGLOO at any time.
• The treasuryMPG address or treasuryIGLOO address can set the treasuryMPGBps and treasuryIGLOOBps to any values as long as the sum of the two values equals 10,000 (100%).
• As the contract is deployed with Solidity v0.8.13, it is safe from any possible overflows/underflows.
• The contract utilizes ReentrancyGuard to prevent reentrancy attacks in applicable functions.

Audit Results

MurderPenguin Contract

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] geUnlockTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  MurderPenguin (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcluded
    - [Ext] setExcludeFromFee #
       - modifiers: onlyOwner
    - [Ext] setExcludeFromMax #
       - modifiers: onlyOwner
    - [Ext] setBlacklist #
       - modifiers: onlyOwner
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Ext] excludeAccount #
       - modifiers: onlyOwner
    - [Ext] includeAccount #
       - modifiers: onlyOwner
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Pub] isExcludedFromMax
    - [Pub] isBlacklisted
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokensForEth #
       - modifiers: lockTheSwap
    - [Prv] sendETHToTeam #
    - [Ext] manualSwap #
       - modifiers: onlyOwner
    - [Ext] manualSend #
       - modifiers: onlyOwner
    - [Ext] setSwapEnabled #
       - modifiers: onlyOwner
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _takeTeam #
    - [Prv] _reflectFee #
    - [Ext]  ($)
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _getTaxFee
    - [Prv] _getMaxTxAmount
    - [Pub] _getETHBalance
    - [Ext] _setTaxFee #
       - modifiers: onlyOwner
    - [Ext] _setTeamFee #
       - modifiers: onlyOwner
    - [Ext] _setMurderPenguinArsenal #
       - modifiers: onlyOwner
    - [Ext] _setMaxTxAmount #
       - modifiers: onlyOwner

IGLOO Contract

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IIGLOO 
    - [Ext] balanceOf #
    - [Ext] transfer #
    - [Ext] resetLastFreeze #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Int] _checkOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Int] IRouter 
    - [Ext] factory
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    - [Ext] getAmountOut
    - [Ext] getAmountIn

 + [Int] IxIGLOO 
    - [Ext] deposit ($)

 + [Int] IFactory 
    - [Ext] getPair
    - [Ext] createPair #

 +  IGLOO (IERC20, Ownable)
    - [Pub]  #
    - [Ext] resetLastFreeze #
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Pub] balanceOf
    - [Ext] allowance
    - [Pub] approve #
    - [Ext] approveMax #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Prv] _transferFrom #
    - [Prv] _basicTransfer #
    - [Prv] _calcAmount #
    - [Prv] _payTreasury #
       - modifiers: swapping
    - [Ext] setTreasury #
       - modifiers: onlyOwner
    - [Ext] setStaking #
       - modifiers: onlyOwner
    - [Ext] setIcebox #
       - modifiers: onlyOwner
    - [Ext] setNoTax #
       - modifiers: onlyOwner
    - [Ext] reqNoTax
    - [Ext] setNoMax #
       - modifiers: onlyOwner
    - [Ext] reqNoMax
    - [Ext] setMaxTx #
       - modifiers: onlyOwner
    - [Ext] reqMaxTx
    - [Ext] setMaxWallet #
       - modifiers: onlyOwner
    - [Ext] reqMaxWallet
    - [Ext] setBlacklist #
       - modifiers: onlyOwner
    - [Ext] reqBlacklist
    - [Ext] setTradingPaused #
       - modifiers: onlyOwner
    - [Ext] reqTradingPaused
    - [Ext] setBuyTax #
       - modifiers: onlyOwner
    - [Ext] reqBuyTax
    - [Ext] setSellTax #
       - modifiers: onlyOwner
    - [Pub] reqSellTax
    - [Ext] reqLastFreeze
    - [Ext] reqDexPair
    - [Ext] reqTreasury
    - [Ext] transferETH #
       - modifiers: onlyOwner
    - [Ext] transferERC #
       - modifiers: onlyOwner
    - [Ext]  ($)

xIGLOO and xIGLOOFees contracts Contract

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Int] _checkOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 +  ReentrancyGuard 
    - [Pub]  #
    - [Prv] _nonReentrantBefore #
    - [Prv] _nonReentrantAfter #

 + [Int] IxIGLOOFees 
    - [Ext] setShare #
    - [Ext] deposit ($)
    - [Ext] claimRewards #

 +  xIGLOOFees (IxIGLOOFees, Ownable)
    - [Pub]  #
    - [Ext] getTotalRewards
    - [Ext] getTotalRewardsToUser
    - [Ext] setShare #
       - modifiers: onlyToken
    - [Ext] deposit ($)
       - modifiers: onlyToken
    - [Prv] _claimRewards #
    - [Ext] claimRewards #
    - [Pub] getPending
    - [Int] getCumulativeDividends
    - [Ext] transferERC #
       - modifiers: onlyOwner
    - [Ext]  ($)

 +  xIGLOO (IERC20, Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] stake #
       - modifiers: nonReentrant
    - [Ext] unstake #
       - modifiers: nonReentrant
    - [Ext] deposit ($)
       - modifiers: onlyIgloo
    - [Ext] setRewardExempt #
       - modifiers: onlyOwner
    - [Ext] checkRewardExempt
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Pub] balanceOf
    - [Ext] allowance
    - [Pub] approve #
    - [Ext] approveMax #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Prv] _transferFrom #
    - [Ext] reqFeesContract
    - [Ext] transferETH #
       - modifiers: onlyOwner
    - [Ext] transferERC #
       - modifiers: onlyOwner
    - [Ext]  ($)

Icebox Contract

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 +  ReentrancyGuard 
    - [Pub]  #
    - [Prv] _nonReentrantBefore #
    - [Prv] _nonReentrantAfter #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IIGLOO 
    - [Ext] balanceOf #
    - [Ext] transfer #
    - [Ext] resetLastFreeze #

 + [Int] IFactory 
    - [Ext] getPair
    - [Ext] createPair #

 + [Int] IRouter 
    - [Ext] factory
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    - [Ext] getAmountOut
    - [Ext] getAmountIn

 + [Int] IPair 
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves

 +  Icebox (ReentrancyGuard)
    - [Pub]  #
    - [Ext] freeze ($)
       - modifiers: nonReentrant
    - [Ext] transfer #
       - modifiers: nonReentrant
    - [Ext] refreeze #
       - modifiers: nonReentrant
    - [Ext] unfreeze #
       - modifiers: nonReentrant
    - [Ext] setFee #
       - modifiers: nonReentrant,onlyTreasury
    - [Ext] setTreasuryMPG #
       - modifiers: nonReentrant,onlyTreasury
    - [Ext] setTreasuryIGLOO #
       - modifiers: nonReentrant,onlyTreasury
    - [Ext] setTreasuryBps #
       - modifiers: nonReentrant,onlyTreasury
    - [Ext] reqFee
    - [Ext] reqTreasuryMPG
    - [Ext] reqTreasuryIGLOO
    - [Ext] reqTreasuryBps
    - [Ext] reqIgloo
    - [Ext] reqNumFreezes
    - [Pub] reqFreeze
    - [Ext] reqFreezes
    - [Ext] reqFreezeIDsByUser
    - [Ext] reqFreezesByUser
    - [Ext]  ($)

About SourceHat

SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

Contact us today to get a free quote for a smart contract audit of your project!

What is a SourceHat Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

• High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
• Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
• Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
• Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.

• Go Home