Phux
Smart Contract Audit Report
Audit Summary
Phux is a new ERC-20 token with an inflationary supply for the first 6 years and an additional AirDrop to distribute tokens to users.
For this audit, we reviewed the Phux, PhuxAirDrop, and BalancerTokenAdmin contracts at commit 1abfc35adfe968cdd1c0c557f3ed09188f7078ba on the team's private GitHub repository.
We did not review any other contracts in the team's repository as they were out of scope for the purpose of this audit. However, the team has indicated that the remaining contracts are a fork of the Balancer V2 GitHub repository.
Audit Findings
A Low finding was identified and the team should consider resolving this issue. In addition, minimal centralized aspects are present.
Date: June 15th, 2023.Finding #1 - PhuxAirDrop - Low
Description: The contract can only be activated if the contract's Phux token balance is exactly equal to the totalAllocation.
Risk/Impact: If a malicious user or the team mistakenly sends more than the totalAllocation the activate() function will always fail.require( phux.balanceOf(address(this)) == totalAllocation, "PhuxAirdrop: invalid Phux balance for activation" );
Recommendation: The team should consider checking that the contract's Phux token balance is at least as much as the totalAllocation.
Resolution: The team has not yet addressed this issue.
Contracts Overview
Phux Contract:
- All contracts are implemented using the Access Control permission scheme.
- This allows the contract owner to set various "roles" within each contract with each role having potentially different permissions.
- An Admin address is given the Default Admin role upon deployment.
- The Default Admin may assign and revoke any role from any address at any time.
PhuxAirDrop Contract:
- This contract defines the Phux token.
- The contract deployer is given the Default Admin, Minter, and Snapshot roles upon deployment.
- The Minter role may mint any amount of tokens to any address at any time.
- Any user may burn their own tokens to reduce the total supply.
- Any user may burn tokens on another user's behalf if an allowance has been granted.
- There are no fees associated with transferring tokens.
- The Snapshot role may perform a "snapshot" at any time.
- The contract complies with the ERC-20 token standard.
- The contract utilizes a "permit" mechanism which allows the owner of Phux tokens to sign a transaction that enables another user to transfer tokens and send them to the recipient. The recipient then submits the permit on behalf of the owner.
- As the contract is implemented with Solidity v0.8, it is safe from any possible overflows/underflows.
BalancerTokenAdmin Contract:
- This contract is used to distribute tokens to users. All tokens to be distributed must be supplied to the contract.
- The contract deployer is given the Default Admin and AirDropper roles upon deployment.
- The Default Admin role may "activate" the contract once after deployment.
- The contract must have a token balance equal to the "total allocation" that was declared upon deployment.
- Additionally, the "airdrop deadline" is set to 2.5 years from the current timestamp.
- The AirDropper role may set the tokens allocated to an address for the next airdrop round after the contract has been activated, before the airdrop deadline, and the previous round has ended.
- The contract ensures that sufficient tokens have been supplied for the next airdrop round.
- The Default Admin role may set the claim start time for the next airdrop round before the airdrop deadline and after the AirDropper role has allocated tokens for the next round.
- The claim window for the round must be at least the "min claim window" of 7 days. The claim deadline is set to the claim start time plus the number of claim window days.
- Users may claim their allocated tokens between the claim start time and the claim deadline.
- An additional penalty will be taken from all users after the first claim.
- The penalty will increase after each claim.
- Users will forfeit any tokens not claimed before the token deadline. These tokens will be included in the balance for the next airdrop round.
- The Default Admin role may claim the "residual" tokens in the contract after the airdrop deadline and the current round's claim deadline.
- The contract's current Phux balance will be transferred to the Default Admin claiming the tokens.
- As the contract is implemented with Solidity v0.8, it is safe from any possible overflows/underflows.
- The contract utilizes ReentrancyGuard to protect against reentrancy attacks in applicable functions.
- This contract is used to manage the admin restricted functions and inflation rate of a specified token.
- An authorized address may "activate" this contract at any time.
- All of the current addresses with the Minter, Snapshot, or Admin role in the token contract will have their role revoked.
- This contract will be given the Minter and Snapshot role in the token contract.
- The current epoch will start when the contract is activated.
- An authorized address may mint tokens at any time.
- The total supply of the token may not exceed the current "available supply".
- The available supply is based on the current epoch.
- The initial available supply is the token's total supply.
- The amount of tokens available will increase over time based on the current "rate".
- The total amount of tokens that can be minted in the first epoch (first year) is 2 billion tokens.
- The total amount of tokens that can be minted will decrease each year for the first 6 years after deployment.
- After 6 years no additional tokens may be minted once the available supply is reached.
- Any address may update the current rate and available supply once the current epoch has ended.
- An authorized address may trigger the token's "snapshot" functionality at any time.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Jump/Storage Write | N/A | PASS |
| Centralization of Control |
|
PASS |
| Compiler Issues | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Ether/Token Theft | N/A | PASS |
| Flash Loans | N/A | PASS |
| Front Running | N/A | PASS |
| Improper Events | N/A | PASS |
| Improper Authorization Scheme | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | The PhuxAirDrop activate() function can always fail in certain situations. | WARNING |
| Oracle Issues | N/A | PASS |
| Outdated Compiler Version | N/A | PASS |
| Race Conditions | N/A | PASS |
| Reentrancy | N/A | PASS |
| Signature Issues | N/A | PASS |
| Sybil Attack | N/A | PASS |
| Unbounded Loops | N/A | PASS |
| Unused Code | N/A | PASS |
| Overall Contract Safety | PASS |
Phux Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IAccessControl
- [Ext] hasRole
- [Ext] getRoleAdmin
- [Ext] grantRole #
- [Ext] revokeRole #
- [Ext] renounceRole #
+ [Int] IAccessControlEnumerable (IAccessControl)
- [Ext] getRoleMember
- [Ext] getRoleMemberCount
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
- [Int] toHexString
+ [Int] IERC165
- [Ext] supportsInterface
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ AccessControl (Context, IAccessControl, ERC165)
- [Pub] supportsInterface
- [Pub] hasRole
- [Int] _checkRole
- [Int] _checkRole
- [Pub] getRoleAdmin
- [Pub] grantRole #
- modifiers: onlyRole
- [Pub] revokeRole #
- modifiers: onlyRole
- [Pub] renounceRole #
- [Int] _setupRole #
- [Int] _setRoleAdmin #
- [Int] _grantRole #
- [Int] _revokeRole #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
+ AccessControlEnumerable (IAccessControlEnumerable, AccessControl)
- [Pub] supportsInterface
- [Pub] getRoleMember
- [Pub] getRoleMemberCount
- [Int] _grantRole #
- [Int] _revokeRole #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] Constructor #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _spendAllowance #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ ERC20Burnable (Context, ERC20)
- [Pub] burn #
- [Pub] burnFrom #
+ [Int] IERC20Permit
- [Ext] permit #
- [Ext] nonces
- [Ext] DOMAIN_SEPARATOR
+ [Lib] ECDSA
- [Prv] _throwError
- [Int] tryRecover
- [Int] recover
- [Int] tryRecover
- [Int] recover
- [Int] tryRecover
- [Int] recover
- [Int] toEthSignedMessageHash
- [Int] toEthSignedMessageHash
- [Int] toTypedDataHash
+ EIP712
- [Pub] Constructor #
- [Int] _domainSeparatorV4
- [Prv] _buildDomainSeparator
- [Int] _hashTypedDataV4
+ [Lib] Counters
- [Int] current
- [Int] increment #
- [Int] decrement #
- [Int] reset #
+ ERC20Permit (ERC20, IERC20Permit, EIP712)
- [Pub] Constructor #
- modifiers: EIP712
- [Pub] permit #
- [Pub] nonces
- [Ext] DOMAIN_SEPARATOR
- [Int] _useNonce #
+ Phux (AccessControlEnumerable, ERC20, ERC20Burnable, ERC20Permit)
- [Pub] Constructor #
- modifiers: ERC20,ERC20Permit
- [Ext] mint #
- modifiers: onlyRole
- [Ext] snapshot #
- modifiers: onlyRolePhuxAirDrop Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IAccessControl
- [Ext] hasRole
- [Ext] getRoleAdmin
- [Ext] grantRole #
- [Ext] revokeRole #
- [Ext] renounceRole #
+ [Int] IAccessControlEnumerable (IAccessControl)
- [Ext] getRoleMember
- [Ext] getRoleMemberCount
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
- [Int] toHexString
+ [Int] IERC165
- [Ext] supportsInterface
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ AccessControl (Context, IAccessControl, ERC165)
- [Pub] supportsInterface
- [Pub] hasRole
- [Int] _checkRole
- [Int] _checkRole
- [Pub] getRoleAdmin
- [Pub] grantRole #
- modifiers: onlyRole
- [Pub] revokeRole #
- modifiers: onlyRole
- [Pub] renounceRole #
- [Int] _setupRole #
- [Int] _setRoleAdmin #
- [Int] _grantRole #
- [Int] _revokeRole #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
+ AccessControlEnumerable (IAccessControlEnumerable, AccessControl)
- [Pub] supportsInterface
- [Pub] getRoleMember
- [Pub] getRoleMemberCount
- [Int] _grantRole #
- [Int] _revokeRole #
+ ReentrancyGuard
- [Pub] Constructor #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Permit
- [Ext] permit #
- [Ext] nonces
- [Ext] DOMAIN_SEPARATOR
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Int] safePermit #
- [Prv] _callOptionalReturn #
+ PhuxAirdrop (AccessControlEnumerable, ReentrancyGuard)
- [Pub] Constructor #
- modifiers: ReentrancyGuard
- [Ext] activate #
- modifiers: onlyRole
- [Ext] setNextRoundAllocation #
- modifiers: onlyRole,nonReentrant
- [Ext] setNextRoundAllocation #
- modifiers: onlyRole,nonReentrant
- [Ext] startNextRound #
- modifiers: onlyRole,nonReentrant
- [Ext] claim #
- modifiers: nonReentrant
- [Ext] claimOf
- [Ext] claimResidual #
- modifiers: onlyRole,nonReentrantBalancerTokenAdmin Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IAuthentication
- [Ext] getActionId
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IBalancerToken (IERC20)
- [Ext] mint #
- [Ext] getRoleMemberCount
- [Ext] getRoleMember
- [Ext] hasRole
- [Ext] getRoleAdmin
- [Ext] grantRole #
- [Ext] revokeRole #
- [Ext] DEFAULT_ADMIN_ROLE
- [Ext] MINTER_ROLE
- [Ext] SNAPSHOT_ROLE
- [Ext] snapshot #
+ [Int] IBalancerTokenAdmin (IAuthentication)
- [Ext] INITIAL_RATE
- [Ext] RATE_REDUCTION_TIME
- [Ext] RATE_REDUCTION_COEFFICIENT
- [Ext] RATE_DENOMINATOR
- [Ext] getBalancerToken
- [Ext] activate #
- [Ext] rate
- [Ext] startEpochTimeWrite #
- [Ext] mint #
+ ReentrancyGuard
- [Pub] Constructor #
- [Prv] _enterNonReentrant #
- [Prv] _exitNonReentrant #
+ [Lib] Math
- [Int] abs
- [Int] add
- [Int] add
- [Int] sub
- [Int] sub
- [Int] max
- [Int] min
- [Int] mul
- [Int] div
- [Int] divDown
- [Int] divUp
+ [Int] ISignaturesValidator
- [Ext] getDomainSeparator
- [Ext] getNextNonce
+ [Int] ITemporarilyPausable
- [Ext] getPausedState
+ [Int] IWETH (IERC20)
- [Ext] deposit ($)
- [Ext] withdraw #
+ [Int] IAsset
+ [Int] IFlashLoanRecipient
- [Ext] receiveFlashLoan #
+ [Int] IAuthorizer
- [Ext] canPerform
+ [Int] IProtocolFeesCollector
- [Ext] withdrawCollectedFees #
- [Ext] setSwapFeePercentage #
- [Ext] setFlashLoanFeePercentage #
- [Ext] getSwapFeePercentage
- [Ext] getFlashLoanFeePercentage
- [Ext] getCollectedFeeAmounts
- [Ext] getAuthorizer
- [Ext] vault
+ [Int] IVault (ISignaturesValidator, ITemporarilyPausable, IAuthentication)
- [Ext] getAuthorizer
- [Ext] setAuthorizer #
- [Ext] hasApprovedRelayer
- [Ext] setRelayerApproval #
- [Ext] getInternalBalance
- [Ext] manageUserBalance ($)
- [Ext] registerPool #
- [Ext] getPool
- [Ext] registerTokens #
- [Ext] deregisterTokens #
- [Ext] getPoolTokenInfo
- [Ext] getPoolTokens
- [Ext] joinPool ($)
- [Ext] exitPool #
- [Ext] swap ($)
- [Ext] batchSwap ($)
- [Ext] queryBatchSwap #
- [Ext] flashLoan #
- [Ext] managePoolBalance #
- [Ext] getProtocolFeesCollector
- [Ext] setPaused #
- [Ext] WETH
+ Authentication (IAuthentication)
- [Pub] Constructor #
- [Int] _authenticateCaller
- [Pub] getActionId
- [Int] _canPerform
+ SingletonAuthentication (Authentication)
- [Pub] Constructor #
- modifiers: Authentication
- [Pub] getVault
- [Pub] getAuthorizer
- [Int] _canPerform
- [Int] _canPerform
- [Pub] _require
- [Pub] _require
- [Pub] _revert
- [Pub] _revert
+ [Lib] Errors
+ BalancerTokenAdmin (IBalancerTokenAdmin, SingletonAuthentication, ReentrancyGuard)
- [Pub] Constructor #
- modifiers: SingletonAuthentication
- [Ext] getBalancerToken
- [Ext] activate #
- modifiers: nonReentrant,authenticate
- [Ext] mint #
- modifiers: authenticate
- [Ext] snapshot #
- modifiers: authenticate
- [Ext] getMiningEpoch
- [Ext] getStartEpochTime
- [Ext] getFutureEpochTime
- [Ext] getStartEpochSupply
- [Ext] getInflationRate
- [Ext] getAvailableSupply
- [Ext] startEpochTimeWrite #
- [Ext] futureEpochTimeWrite #
- [Ext] updateMiningParameters #
- [Ext] mintableInTimeframe
- [Int] _availableSupply
- [Int] _startEpochTimeWrite #
- [Int] _updateMiningParameters #
- [Int] _mintableInTimeframe
- [Ext] rate
- [Ext] available_supply
- [Ext] start_epoch_time_write #
- [Ext] future_epoch_time_write #
- [Ext] update_mining_parameters #
- [Ext] mintable_in_timeframe
About SourceHat
SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!
Contact us today to get a free quote for a smart contract audit of your project!
What is a SourceHat Audit?
Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.
How Do I Interpret the Findings?
Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:
- High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
- Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
- Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
- Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.