• No se han encontrado resultados

SmartContractSecurityAudit

N/A
N/A
Info
Descargar
Protected

Academic year: 2022

Share "SmartContractSecurityAudit"

Copied!
10
0
0

Cargando.... (Ver texto completo ahora)

Descargar ahora ( 10 página )

Texto completo

(1)

Sma r t Co n t r a c t Se c u r i t y Au d i t

AUDIT RATE TECH for

Doge SpaceX

(2)

This is a limited report on our indings based on our analysis,in accordance with good industry practice as at the date ofthis report,in relation to cybersecurity vulnerabilities and issues in the framework and algorithms based on smart

contracts,the details ofwhich are set out in this report.In order to get a fullview of our analysis,it is crucialfor you to read the fullreport.While we have done our best in conducting our analysis and producing this report,it is important to note that you should not

should not rely on this report and cannot claim against us on the basis ofwhat it says or doesn’t say,or how we produced it,and it is important for you to conduct your own independent investigations before making any decisions.We go into more detailon this in the below disclaimer below – please make sure to read it in full. DISCLAIMER:By reading this report or any part ofit,you agree to the terms ofthis disclaimer.Ifyou do not agree to the terms,then please immediately cease reading this report,and delete and destroy any and allcopies ofthis report downloaded and/or prin

and/or printed by you.This report is provided for information purposes only and on a non-reliance basis,and does not constitute investment advice.No one shallhave any right to rely on the report or its contents,and AUDIT RATE TECH and its afiliates (including holding companies,shareholders,subsidiaries,employees,directors, oficers and other representatives) (AUDIT RATE TECH) owe no duty ofcare towards

you or any other person,nor does AUDIT RATE TECH make any warranty or representation to any person on the accuracy or completeness ofthe report.The report is provided "as is",without a

is",without any conditions,warranties or other terms ofany kind except as set out

in this disclaimer,and AUDIT RATE TECH hereby excludes allrepresentations,warranties, conditions and other terms (including,without limitation,the warranties implied by law ofsatisfactory quality, itness for purpose and the use ofreasonable care and skill) which,but for this clause,might have effect in relation to the report.Except

and only to the extent that it is prohibited by law,AUDIT RATE TECH hereby excludes all liability and responsibility,and neither you nor any other person shallhave any

claim a

claim against AUDIT RATE TECH,for any amount or kind ofloss or damage that may result to you or any other person (including without limitation,any direct,indirect,special, punitive,consequentialor pure economic loss or damages,or any loss ofincome, proits,goodwill,data,contracts,use ofmoney,or business interruption,and

whether in delict,tort (including without limitation negligence),contract,breach of statutory duty,misrepresentation (whether innocent or negligent) or otherwise under any claim ofany nature whatsoever in any jurisdiction) in any way arising f

from or connected with this report and the use,inability to use or the results ofuse ofthis report,and any reliance on this report.

The analysis ofthe security is purely based on the smart contracts alone.No applications or operations were reviewed for security.No product code has been reviewed.

2

Di scl ai mer

(3)

Audi t detai l s:

Audi t ed proj ect: Doge SpaceX

Contract address: 0x99c2D9a19ebE193E4da5B98D514e1594D9691574 Languages: Sol i di ty (Smart contract)

Pl atf orms and Tool s: Remi x I DE, Trufl e, Trufl e Team, Ganache, Sol hi nt, VScode, Mythri l , Contract Li brary

Total suppl y: 1, 000, 000, 000, 000, 000 T

Token ti cker: DOGESX Deci mal s: 9

Compi l er Versi on: v0. 8. 0+commi t. c7df d78e

Contract Depl oyer Address: 0xA269a3177956dcF7BD3652728c60c947425790f E Opti mi zati on Enabl ed: Yes wi th 200 runs

Cl i ent contacts: Doge SpaceX t eam Bl ockchai n: Bi nance Smart Chai n P

Proj ect websi t e: https: //www. dogespacex22.i nance/

The audi t i t ems and resul ts:

(Other unknown securi ty vul nerabi l i ti es are not i ncl uded i n the audi t responsi bi l i ty scope) Audi t Resul t: Passed

Audi t Dat e: December 26, 2021

Audi t Team: AUDI T RATE TECH

https: //www. audi trat e. t ech

(4)

This Audit Report mainly focuses on the overallsecurity ofDoge SpaceX SmartContract.

With this report,we have tried to ensure the reliability and correctness oftheirsmartcontractby complete and rigorous assessment oftheir system's architecture and the smart contract codebase.

Introducti on

Audi ti ng Approach and Methodol ogi es appl i ed

4

The AUDIT RATE TECH team has performed rigorous testing ofthe project starting with analyzing the code design patterns in which we reviewed the smart contract architecture to ensure it is structured and safe use ofthird-party smart contracts and libraries.

Our team then performed a formalline by line inspection ofthe Smart Contract to ind any potential issue like race conditions,transaction-ordering dependence,timestamp dependence,and denialof service attacks.

In the Unit

In the Unit testing Phase,we coded/conducted custom unit tests written for each function in the contract to verify that each function works as expected.

In Automated Testing,we tested the Smart Contract with our in-house developed tools to identify vulnerabilities and security laws.

The code was tested in collaboration ofour multiple team members and this included -

● Testing the functionality ofthe Smart Contract to determine proper logic has been followed throughout the whole process.

● Ana

● Analyzing the complexity ofthe code in depth and detailed,manualreview ofthe code,lineby-line.

● Deploying the code on testnet using multiple clients to run live tests.

● Analyzing failure preparations to check how the Smart Contract performs in case ofany bugs and vulnerabilities.

● Checking whether allthe libraries used in the code are on the latest version.

● Analyzing the security ofthe on-chain data.

(5)

The focus ofthe audit was to verify that the Smart Contract System is secure,resilient and working according to the speciications.The audit activities can be grouped in the following three categories:

Security

Identifying security related issues within each contract and the system ofcontract.

Sound Architecture

Evaluation ofthe architecture ofthis system through the lens ofestablished smart contract best p

practices and generalsoftware best practices.

Code Correctness and Quality

A fullreview ofthe contract source code.The primary areas offocus include:

● Accuracy

● Readability

● Sections ofcode with high complexity

● Quantity and quality oftest coverage

Ev

Every issue in this report was assigned a severity levelfrom the following:

High levelseverity issues

Issues on this levelare criticalto the smart contract’s performance/functionality and should be ixed before moving to a live environment.

Medium levelseverity issues

Issues on this levelcould potentially bring problems and should eventually be ixed.

Low levelseverity issues Issues on this l

Issues on this levelare minor details and warnings that can remain unixed but would be better ixed at some point in the future.

Issue Categori es

Audi t Goal s

(6)

6

(7)

ManualAudit:

For t hi s sect i on t he code was t est ed/ r ead l i ne by l i ne by our devel oper s. We al so used Remi x I DE’ s J avaScr i pt VM and Kovan net wor ks t o t est t he cont r act f unct i onal i t y.

Automated Audit

Remi x Compi l er War ni ngs

I t t hr ows war ni ngs by Sol i di t y’ s compi l er . I f i t encount er s any er r or s t he cont r act cannot be

cannot be compi l ed and depl oyed. No i ssues f ound.

Smar t cont r act s do not cont ai n any hi gh sever i t y i ssues!

Note:

Pl ease check t he di scl ai mer above and not e, t he audi t makes no st at ement s or

war r ant i es on busi ness model , i nvest ment at t r act i veness or code sust ai nabi l i t y. The r epor t i s pr ovi ded f or t he onl y cont r act ment i oned i n t he r epor t and does not

i ncl ude any ot her pot ent i al cont r act s depl oyed by Owner .

Concl usi on

Owner pri vi l eges

• Owner can aut hor i ze

• Owner can unaut hor i ze

• Tr ansf er s owner shi p of t he cont r act t o a new account ( ` newOwner ` ) .

• Owner can t r ansf er r ewar ds

• Owner can excl ude f r om r ug pr oof al go

• Owner can i ncl ude i n r ug pr oof al go

• Owner can set bl ock i nt er val

• Owner can enabl e r ug pr oof

• Owner can di sabl e r ug pr oof

• Owner can set l i qui di t y avai l

• Owner can set pr ocess r ewar d

• Owner can set dst r i but or gas l i mi t check

• Owner can set dynami c pr i ce

• Owner can set cur r ent pr i ce

• Owner can adj ust pr ev bl ock max pr i ce per uni t

• Owner can set enabl e key

(8)

Implemented events

8

Approval(address,address,uint256)

OwnershipTransferred(address) Transfer(address,address,uint256)

Implemented functions

unauthorize(address) isAuthorized(address) transferOwnership(address) allowance(address,address) pair()

transfer(address,uint256) autho

authorize(address) getAddresses() symbol() getOwner()

balanceOf(address) isOwner(address) decimals()

set

setCurrentPrice(uint256) getCirculatingSupply()

transferFrom(address,address,uint256) name()

approve(address,uint256) totalSupply()

launch() p

process(uint256) deposit()

WETH()

(9)

Not f ound Not f ound Yes

https: //www. dogespacex22.i nance/

1 years Cl ean Apache

Uni t ed Stat es 0. 62 sec Y

Yes

Not f ound Not f ound

Not f ound Not f ound Not f ound Not f ound

Opti mi zed Opti mi zed Opti mi zed Opti mi zed Yes

Yes

Websi te Audi t

(10)

Top Token Hol ders

KYC/Doxx

10

At the ti me of the audi t:

100% t okens are i n the wal l et 0xa269a3177956dcf7bd3652728c60c947425790f e Do your own research and ask the current owner about i t

At the ti me of the audi t, there i s no i nf ormati on about the conduct of KYC / Doxx

THANK YOU!

Referencias

Descargar ahora ( PDF - 10 página - 1.18 MB )

Documento similar

ON THE MEASURES TAKEN IN THE EU MEMBER STATES AS A RESULT OF THE COVID-19 CRISIS

In the preparation of this report, the Venice Commission has relied on the comments of its rapporteurs; its recently adopted Report on Respect for Democracy, Human Rights and the Rule

COMPILATION OF VENICE COMMISSION OPINIONS AND REPORTS ON STATES OF EMERGENCY

The draft amendments do not operate any more a distinction between different states of emergency; they repeal articles 120, 121and 122 and make it possible for the President to

The pillars of the Earth and the Sky:

In the previous sections we have shown how astronomical alignments and solar hierophanies – with a common interest in the solstices − were substantiated in the

Patents of introduction and the Spanish innovation system

Nevertheless, the ratio of corporations using patents of introduction is higher than that obtained from the analysis of the entire patent system as a whole (around 8.5% from 1820

The end of the end of History

Díaz Soto has raised the point about banning religious garb in the ―public space.‖ He states, ―for example, in most Spanish public Universities, there is a Catholic chapel

Sobre la «especial responsabilidad» del Tribunal de Justicia en la aplicación de la Carta de Derechos Fundamentales

teriza por dos factores, que vienen a determinar la especial responsabilidad que incumbe al Tribunal de Justicia en esta materia: de un lado, la inexistencia, en el

Large scale numerical simulations of the Sunyaev-Zel’dovich effect: the next generation tool for Precision Cosmology

Best fit values of the relation between total mass and gas, star and baryon fraction of MUSIC-2 halos for all objects, massive clusters and groups of galaxies.. Best fit values of the

RF Filters and Multiplexers Based on Acoustic Wave

The coupling matrix is defined in order to best accommodate the acoustic resonators models, based on NRNs, and a smart optimization of its elements based on the