PRüF - Smart Contract Audit Report

Summary

PRüF Audit Report PRüF is an asset provenance platform. Using PRüF, you can be sure that the products you buy online or on the street are genuine, not fakes or copies. Each item you tokenize with PRüF is privately and provably yours, making it resistant to loss and theft.

We audited PRüF at commit 7bfef37973c8b8b15d840fe6eaf83e25ed313ea7 on GitHub. When the contracts are deployed we will add their respective addresses below.

Audit Findings Summary:
  • The PRüF system is set up so users can validate the authenticity and clear title status to real-world assets. This is achieved through assigning unique anonymous identifiers to asset classes and their members (your assets) where these assets can be reported as counterfeit or stolen.
  • Brands or other entities will be able to operate as nodes (indicated by an NFT token) in the ecosystem - defining asset classes and opening usage of the system to its customers.

  • The team has the power to upgrade/alter various parts of the ecosystem..
  • PRüF's contracts are intended to be deployed behind upgradable proxies so the team can introduce new features as the project evolves.
  • Excellent usage of ReentrancyGuard in all applicable publicly-accessible functions.

  • The PRüF code came with dozens of passing test cases and robust documentation. The team has tested both basic functionality as well as modeling possible attempted external attacks.
  • Note that the team is publicly known. We spoke to James Smyth to organize this audit.
  • Explaining the entire PRüF ecosystem here would be redundant. We recommend viewing the project's whitepaper to get more details; specifically the 'Technical Overview' section. We can verify this code supports the model laid out in the paper and functions as intended.


  • No security issues from outside attackers were identified.
  • Investing requires placing considerable trust in the project team and any node providers as they have substantial power in the ecosystem.
  • Date: December 30th, 2020

External Threats - Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
External Service ProvidersUsers will have the option to attach additional data to their tracked assets
and have that data stored on IPFS; making it essentially immutable.
PASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
Reentrancy IssuesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Name

Address

Description

AC_MGR

Not yet deployed.

Function Graph.   Inheritance Chart.

AC_TKN

Not yet deployed.

Function Graph.   Inheritance Chart.

APP

Not yet deployed.

Function Graph.   Inheritance Chart.

APP_NC

Not yet deployed.

Function Graph.   Inheritance Chart.

A_TKN

Not yet deployed.

Function Graph.   Inheritance Chart.

BASIC

Not yet deployed.

Function Graph.   Inheritance Chart.

CORE

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR2

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR_CORE

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR_MGR

Not yet deployed.

Function Graph.   Inheritance Chart.

ECR_NC

Not yet deployed.

Function Graph.   Inheritance Chart.

ID_TKN

Not yet deployed.

Function Graph.   Inheritance Chart.

NP

Not yet deployed.

Function Graph.   Inheritance Chart.

NP_NC

Not yet deployed.

Function Graph.   Inheritance Chart.

PIP

Not yet deployed

Function Graph.   Inheritance Chart.

PRESALE

0xb7D09306d0C5D3C2A5C0FDc1146efb2415445Cf3Not yet deployed.

Function Graph.   Inheritance Chart.

RCLR

Not yet deployed.

Function Graph.   Inheritance Chart.

STOR

Not yet deployed.

Function Graph.   Inheritance Chart.

UTIL_TKN

0xa49811140E1d6f653dEc28037Be0924C811C4538

Function Graph.   Inheritance Chart.

VERIFY

Not yet deployed.

Function Graph.   Inheritance Chart.


Fixes & Improvements

Fixes reccomended and implemented during the audit:
  • Confirmation that the transfer function in PRUF_VERIFY is secure.
  • Misspelling of SafeMath in imports in PRUF_helper and PRUF_STOR (Not a security issue).