OracleSwap

Smart Contract Audit Report

Audit Summary

OracleSwap Audit Report OracleSwap is developing two token contracts, a decentralized exchange, and a yield farming platform.

For this audit, we reviewed the following contracts on the Flare Mainnet:

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: April 21st, 2022.
Updated: April 22nd, 2022 to address changes made by the team.

Finding #1 - OracleToken - High

Description: The _transfer() function is missing a call to the _moveDelegates() function.
Risk/Impact: Any user could delegate votes to a delegatee, then transfer their tokens to another address which is then able to delegate additional votes to the same delegatee by using those newly acquired tokens.
Recommendation: The project team should add a call to the _moveDelegates() function within the _transfer() function so delegated votes from those tokens are also transferred to the new user.
Update: The team has indicated they won't be utilizing the voting and delegation aspects of the token.

Finding #2 - MasterOracle - High (Resolved)

Description: The migrate() function can swap all LP tokens from any staking pool for an equivalent amount of tokens from the "Migrator" contract which is set by the owner.
Risk/Impact: The owner can transfer all LP tokens from all pools to the "Migrator" contract using the migrate() function at any time.
Recommendation: The project team should remove the migrate() function.
Resolution: The team has burned ownership of the MasterOracle contract without setting the "Migrate" address (see transaction here). By doing so, the migrate() function cannot be called on any pool and no LP tokens can be exchanged.

Contracts Overview

  • The contracts utilize the SafeMath library to prevent overflow/underflow attacks.
OracleToken Contract:
  • The current total supply of the token is set to 1 billion $ORACLE.
  • At the time of writing this report, 99.99% of the total supply is held by the team.
    • 0.00001% of the total supply is held by the OracleBar contract.
    • The other three holders own a cumulative 0.0001% of the total supply.
  • A mint function is present in the contract and could be previously utilized only by the MasterOracle contract to mint any amount of tokens to specified addresses, increasing the total supply at any time; the MasterOracle contract can no longer utilize the mint function preset as its ownership has been revoked.
  • There is no burn function but users may transfer their tokens to the 0x..dead address to reduce the circulating supply at any time.
  • Each $ORACLE token represents votes intended to be used in a DAO where one token represents one vote.
  • Users may delegate their votes to another address allowing them to vote on behalf of the user.
  • Once votes are delegated, the user must explicitly delegate them back to themselves to regain their votes.
  • Users also have the option to delegate through the use of a signed message generated off-chain, allowing for a gasless delegation for the user.
  • The owner was previously able to transfer ownership at any time.
  • The contract complies with the ERC-20 token standard.
OracleBar Contract:
  • Users can use this contract in order to swap a team-designated token in exchange for $xORACLE tokens; the $ORACLE token is intended to be the team-designated token.
  • The total supply of the token is currently 100 $xORACLE.
  • At the time of writing this report, 100% of the total supply is held by an unverified address.
  • A mint function is present in the contract but can only be utilized when users deposit $ORACLE tokens, which increases the total supply.
  • A burn function is present in the contract but can only be used when exchanging $xORACLE tokens back for $ORACLE tokens.
  • Users can deposit $ORACLE tokens in exchange for $xORACLE tokens that represent shares; $xORACLE tokens are minted to the user.
  • Users can exchange their $xORACLE tokens back to $ORACLE tokens at any time; $xORACLE tokens are burned from the user when exchanging back to $ORACLE tokens which decreases the total supply.
  • The exchange rate is calculated based on the total supply of $xORACLE tokens and the total number of $ORACLE tokens within the contract.
  • The team must exercise caution when setting the oracle token and must avoid using any fee-on-transfer tokens; if a fee-on-transfer token is used as the oracle token then this contract should be excluded from the token's fee mechanism.
  • The contract complies with the ERC-20 token standard.
MasterOracle Contract:
  • This contract allows anyone to deposit team-designated staking tokens in order to earn rewards in the form of a reward token; the $ORACLE token is intended to be used as the reward token.
  • On deposits and withdrawals, pending rewards are calculated and transferred to the user.
  • Users' rewards are dependent on their amount staked, time staked, and the pool's reward per share amount.
  • There is a bonus multiplier of 10 applied to all users' time staked accrued before the bonus end block; the start block and bonus end block are set on deployment.
  • The reward per share amount is calculated using the contract's reward per block rate and the pool's allocation point percentage.
  • Each time rewards are calculated, the required amount of reward tokens are minted to the contract; additionally, the developer address is minted 10% of the calculated reward amount.
  • The user can also trigger an emergency withdrawal, which will transfer all the user's deposited tokens to their wallet address, forfeiting any rewards.
  • Users can migrate any of the pools' LP tokens to a new LP contract at any time; the "Migrator" contract is used to create an equal amount of new LP tokens which are then used as the pool's LP token.
  • The "Migrator" contract was not provided in the scope of this audit, so we are unable to provide an assessment of the contract with regards to security.
  • Ownership of the contract has been renounced by the team.
  • The owner was previously able to transfer ownership at any time.
  • The owner was previously able to add new staking pools at any time.
  • The owner was previously able to change the "Migrator" address at any time.
  • The owner was previously able to change all pools' allocation points at any time.
  • The owner was previously able to update the reward per block rate to any value at any time; the reward per block rate has been set to 0.
  • The developer address can set a new developer address at any time.
  • The team should be careful not to add the same token twice.
  • The team must exercise caution when setting the staking token and must avoid using any fee-on-transfer tokens; if a fee-on-transfer token is used as the staking token then this contract should be excluded from the token's fee mechanism.
UniswapV2Pair Contract:
  • This contract supports the core functionality of the Liquidity Pool token, which contains the logic behind LP minting, burning, and swapping between the assets in the liquidity pool.
  • Anyone can use the mint function to mint an amount of LP tokens proportional to the amount of tokens in the contract that are not accounted for in the reserves.
  • Users can add liquidity by providing an equivalent value of each token and are minted an LP token in return. The LP tokens may be burned to receive the underlying assets at any time.
  • If the "Migrator" contract address from the OracleSwapFactory contract is the caller of the initial liquidity add, then the liquidity amount is set by the "Migrator" contract's desiredLiquidity() function.
  • The "Migrator" contract was not provided in the scope of this audit, so we are unable to provide an assessment of the contract with regards to security.
  • Anyone can use the swap function to transfer out an amount of the assets from the pool such that the new K value is at least as much as the current K value.
  • The swap function supports flash swaps which allows anyone to use a contract to borrow any amount of any asset, as long as the borrowed amount of each asset is returned within the call.
  • A 0.3% fee is taken on an exchange between tokens which is sent to the "FeeTo" address set by the OracleSwapFactory contract.
  • In the event that the team's platform fee is enabled, 25% of the fee is minted as LP tokens to an address controlled by the team.
  • Anyone can use the skim function to transfer out any excess tokens that are not accounted for in the reserve amounts.
  • Alternatively, anyone can use the sync function to include any excess tokens in the reserve amounts so that they cannot be removed.
OracleSwapFactory Contract:
  • This contract is used to deploy new UniswapV2Pair contracts specifying two underlying token assets.
  • A "FeeTo Setter" address is set upon deployment.
  • Anyone can create any pair any any time, as long as the pair has not been created yet.
  • Only one UniswapV2Pair contract can exist for any combination of two token assets.
  • The "FeeTo Setter" address can set the "FeeTo", "Migrator", and "FeeTo Setter" addresses to any address at any time.
OracleSwapRouter Contract:
  • This contract is used to interact with any UniswapV2Pair liquidity pool contract created by the OracleSwapFactory contract.
  • Upon adding liquidity, the user specifies the desiried minimum amount of each token in the pair to add to the liquidity pool; the user is minted UniswapV2Pair LP tokens representing their share of ownership of the liquidity pool.
  • Upon removing liquidity, the user specifies the desired minimum amount of each token asset to receive from the liquidity pool; the user's LP tokens are burnt in the process.
  • Liquidity removals support ERC-712 permits which allow the user to approve the Router to spend the user's LP tokens in a gasless manner.
  • Anyone can use this contract to swap one token asset for any other supported asset along a user-specified path of token assets.
  • When dealing with tokens that have a fee-on-transfer, the estimated output does not properly subtract the fee. As a result, users of fee-on-transfer tokens must set a slippage percentage prior to executing trades.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Jump/Storage WriteN/APASS
Centralization of ControlN/APASS
Compiler IssuesN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Ether/Token TheftN/APASS
Flash LoansN/APASS
Front RunningN/APASS
Improper EventsN/APASS
Improper Authorization SchemeN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Oracle IssuesN/APASS
Outdated Compiler VersionN/APASS
Race ConditionsN/APASS
ReentrancyN/APASS
Signature IssuesN/APASS
Unbounded LoopsN/APASS
Unused CodeN/APASS
Overall Contract Safety PASS

OracleToken Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
  +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  OracleToken (ERC20, Ownable)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

OracleBar Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
   + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  OracleBar (ERC20)
    - [Pub]  #
    - [Pub] enter #
    - [Pub] leave #

MasterOracle Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
  + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Lib] EnumerableSet 
    - [Prv] _add #
    - [Prv] _remove #
    - [Prv] _contains
    - [Prv] _length
    - [Prv] _at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  OracleToken (ERC20, Ownable)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 + [Int] IMigratorChef 
    - [Ext] migrate #

 +  MasterOracle (Ownable)
    - [Pub]  #
    - [Ext] poolLength
    - [Pub] add #
       - modifiers: onlyOwner
    - [Pub] set #
       - modifiers: onlyOwner
    - [Pub] setMigrator #
       - modifiers: onlyOwner
    - [Pub] migrate #
    - [Pub] getMultiplier
    - [Ext] pendingOracle
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Pub] deposit #
    - [Pub] withdraw #
    - [Pub] emergencyWithdraw #
    - [Int] safeOracleTransfer #
    - [Pub] dev #
    - [Pub] updateOraclePerBlock #
       - modifiers: onlyOwner

OracleSwapFactory Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
  + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] migrator
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #
    - [Ext] setMigrator #

 + [Lib] SafeMathUniswap 
    - [Int] add
    - [Int] sub
    - [Int] mul

 +  UniswapV2ERC20 
    - [Pub]  #
    - [Int] _mint #
    - [Int] _burn #
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] permit #

 + [Lib] Math 
    - [Int] min
    - [Int] sqrt

 + [Lib] UQ112x112 
    - [Int] encode
    - [Int] uqdiv

 + [Int] IERC20Uniswap 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #

 + [Int] IUniswapV2Callee 
    - [Ext] uniswapV2Call #

 + [Int] IMigrator 
    - [Ext] desiredLiquidity

 +  UniswapV2Pair (UniswapV2ERC20)
    - [Pub] getReserves
    - [Prv] _safeTransfer #
    - [Pub]  #
    - [Ext] initialize #
    - [Prv] _update #
    - [Prv] _mintFee #
    - [Ext] mint #
       - modifiers: lock
    - [Ext] burn #
       - modifiers: lock
    - [Ext] swap #
       - modifiers: lock
    - [Ext] skim #
       - modifiers: lock
    - [Ext] sync #
       - modifiers: lock

 +  OracleSwapFactory (IUniswapV2Factory)
    - [Pub]  #
    - [Ext] allPairsLength
    - [Ext] pairCodeHash
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setMigrator #
    - [Ext] setFeeToSetter #

OracleSwapRouter Contract

Smart Contract Audit - Inheritance

Smart Contract Audit - Graph


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
  + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Lib] SafeMathUniswap 
    - [Int] add
    - [Int] sub
    - [Int] mul

 + [Lib] UniswapV2Library 
    - [Int] sortTokens
    - [Int] pairFor
    - [Int] getReserves
    - [Int] quote
    - [Int] getAmountOut
    - [Int] getAmountIn
    - [Int] getAmountsOut
    - [Int] getAmountsIn

 + [Lib] TransferHelper 
    - [Int] safeApprove #
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeTransferETH #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] migrator
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #
    - [Ext] setMigrator #

 + [Int] IERC20Uniswap 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #

 + [Int] IWETH 
    - [Ext] deposit ($)
    - [Ext] transfer #
    - [Ext] withdraw #

 +  OracleSwapRouter (IUniswapV2Router02)
    - [Pub]  #
    - [Ext]  ($)
    - [Int] _addLiquidity #
    - [Ext] addLiquidity #
       - modifiers: ensure
    - [Ext] addLiquidityETH ($)
       - modifiers: ensure
    - [Pub] removeLiquidity #
       - modifiers: ensure
    - [Pub] removeLiquidityETH #
       - modifiers: ensure
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Pub] removeLiquidityETHSupportingFeeOnTransferTokens #
       - modifiers: ensure
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Int] _swap #
    - [Ext] swapExactTokensForTokens #
       - modifiers: ensure
    - [Ext] swapTokensForExactTokens #
       - modifiers: ensure
    - [Ext] swapExactETHForTokens ($)
       - modifiers: ensure
    - [Ext] swapTokensForExactETH #
       - modifiers: ensure
    - [Ext] swapExactTokensForETH #
       - modifiers: ensure
    - [Ext] swapETHForExactTokens ($)
       - modifiers: ensure
    - [Int] _swapSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
       - modifiers: ensure
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
       - modifiers: ensure
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
       - modifiers: ensure
    - [Pub] quote
    - [Pub] getAmountOut
    - [Pub] getAmountIn
    - [Pub] getAmountsOut
    - [Pub] getAmountsIn

About SourceHat

SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

Contact us today to get a free quote for a smart contract audit of your project!

What is a SourceHat Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

  • High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
  • Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
  • Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
  • Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.