Professional Documents
Culture Documents
SmartContract Audit Solidproof CryptoInu
SmartContract Audit Solidproof CryptoInu
1
Disclaimer 3
Description 5
Project Engagement 5
Logo 5
Contract Link 5
Methodology 7
Source Lines 10
Risk Level 10
Capabilities 11
Inheritance Graph 12
CallGraph 13
Critical issues 22
High issues 22
Medium issues 22
Low issues 22
Informational issues 23
Audit Comments 23
SWC Attacks 24
2
fi
Disclaimer
SolidProof.io reports are not, nor should be considered, an “endorsement”
or “disapproval” of any particular project or team. These reports are not,
nor should be considered, an indication of the economics or value of any
“product” or “asset” created by any team. SolidProof.io do not cover
testing or auditing the integration with external contract or services (such
as Unicrypt, Uniswap, PancakeSwap etc’...)
Network
Binance Smart Chain (BEP20)
Website
https://cabcd.org/
Telegram
https://t.me/cryptoinu_main
Twitter
https://twitter.com/CryptoInu_ABCD
Github
https://github.com/cryptoinu-abcd
Medium
https://medium.com/@crypto_inu
Description
Crypto Inu is an immersive multiplayer board game with 3D and VR
modes that incorporates metaverse real estate investment where players
own, sell, trade, and collect NFT assets.
Project Engagement
During the 27th of January 2022, CryptoInu Team engaged Solidproof.io
to audit smart contracts that they created. The engagement was
technical in nature and focused on identifying security aws in the design
and implementation of the contracts. They provided Solidproof.io with
access to their code repository and whitepaper.
Logo
Contract Link
v1.0
• https://bscscan.com/address/
0xa0cc3a881aef241d6cb3b7db3168bd26094560be#code
fl
A vulnerability that
can disrupt the
contract functioning
Immediate action to
Critical 9 - 10 in a number of
reduce risk level.
scenarios, or creates a
risk that the contract
may be broken.
A vulnerability that
affects the desired
outcome when using Implementation of
High 7 – 8.9 a contract, or provides corrective actions as
the opportunity to soon aspossible.
use a contract in an
unintended way.
A vulnerability that
could affect the
Implementation of
desired outcome of
Medium 4 – 6.9
executing the
corrective actions in a
certain period.
contract in a speci c
scenario.
A vulnerability that
does not have a
Implementation of
signi cant impact on
certain corrective
Low 2 – 3.9 possible scenarios for
actions or accepting
the use of the
the risk.
contract and is
probably subjective.
A vulnerability that
have informational An observation that
Informational 0 – 1.9 character but is not does not determine a
effecting any of the level of risk
code.
6
fi
fi
Methodology
The auditing process follows a routine series of steps:
1. Code review that includes the following:
i) Review of the speci cations, sources, and instructions provided to SolidProof
to make sure we understand the size, scope, and functionality of the smart
contract.
ii) Manual review of code, which is the process of reading source code line-by-
line in an attempt to identify potential vulnerabilities.
iii) Comparison to speci cation, which is the process of checking whether the
code does what the speci cations, sources, and instructions provided to
SolidProof describe.
3. Best practices review, which is a review of the smart contracts to improve ef ciency,
effectiveness, clarify, maintainability, security, and control based on the established
industry and academic practices, recommendations, and research.
7
fi
fi
fi
fi
fi
fi
Used Code from other Frameworks/Smart
Contracts (direct imports)
Imported packages:
v1.0
9
fi
fi
fi
Metrics
Source Lines
v1.0
Risk Level
v1.0
10
Capabilities
Components
Version Contracts Libraries Interfaces Abstract
1.0 2 2 1 1
Exposed Functions
This section lists functions that are explicitly declared public or payable.
Please note that getter methods for public stateVars are not included.
1.0 30 0
1.0 10 47 13 10 20
State Variables
Version Total Public
1.0 17 4
Capabilities
Has
Solidity Experim Can Uses Destroya
Version Versions ental Receive Assembl ble
observed Features Funds y Contract
s
1.0 yes
^0.6.1
(2 asm
2 blocks)
11
Inheritance Graph
v1.0
12
CallGraph
v1.0
13
TotalSupply
provides information about the total
token supply ✓ ✓ ✓
BalanceOf
provides account balance of the
owner's account ✓ ✓ ✓
executes transfers of a speci ed
Transfer number of tokens to a speci ed
address
✓ ✓ ✓
executes transfers of a speci ed
TransferFrom number of tokens from a speci ed
address
✓ ✓ ✓
allow a spender to withdraw a set
Approve number of tokens from a speci ed
account
✓ ✓ ✓
Allowance
returns a set number of tokens from
a spender to the owner ✓ ✓ ✓
14
fi
fi
fi
fi
fi
fi
fi
fi
15
16
17
18
✓ ✓
Legend
Attribute Symbol
Ver ed / Checked ✓
Partly Veri ed ⚑
Unveri ed / Not checked ✘
Not available -
19
fi
fi
fi
fi
fi
Comments
• Deployer can set following state variables without any limitations
• _maxTxAmount
20
fi
fl
fi
Legend
Attribute Description
21
Audit Results
AUDIT PASSED
Critical issues
No critical issues
High issues
No high issues
Medium issues
No medium issues
Low issues
Issue File Type Line Description
#3 Main Missing Zero Address 682 Check that the address is not
Validation (missing- zero
zero-check)
22
fl
fl
fi
Informational issues
Issue File Type Line Description
#2 Main Functions that are not 345, 305, Remove unused functions
used 315, 330,
340, 252,
279, 14, 212,
228
Line Comment
Recommendation
Remove the commented code, or address them properly.
Audit Comments
29. January 2022:
• Re ect cannot be called if address is excluded
• Read whole report for more information
23
fi
fl
SWC Attacks
ID Title Relationships Status
SW
Code With No
C-1 CWE-1164: Irrelevant Code PASSED
Effects
35
Message call
SW
with CWE-655: Improper
C-1 PASSED
hardcoded Initialization
34
gas amount
Hash
Collisions With
SW
Multiple CWE-294: Authentication
C-1 PASSED
Variable Bypass by Capture-replay
33
Length
Arguments
SW
Unexpected
C-1 CWE-667: Improper Locking PASSED
Ether balance
32
SW Presence of
C-1 unused CWE-1164: Irrelevant Code PASSED
31 variables
Right-To-Left-
SW Override CWE-451: User Interface (UI)
C-1 control Misrepresentation of Critical PASSED
30 character Information
(U+202E)
SW
Typographical CWE-480: Use of Incorrect
C-1 PASSED
Error Operator
29
SW DoS With
CWE-400: Uncontrolled
C-1 Block Gas PASSED
Resource Consumption
28 Limit
24
Arbitrary
SW
Jump with CWE-695: Use of Low-Level
C-1 PASSED
Function Type Functionality
27
Variable
SW Incorrect
CWE-696: Incorrect Behavior
C-1 Inheritance PASSED
Order
25 Order
Write to
SW
Arbitrary CWE-123: Write-what-where
C-1 PASSED
Storage Condition
24
Location
SW
Requirement CWE-573: Improper Following
C-1 PASSED
Violation of Speci cation by Caller
23
Missing
SW Protection CWE-347: Improper
C-1 against Veri cation of Cryptographic PASSED
21 Signature Signature
Replay Attacks
Weak Sources
SW of
CWE-330: Use of Insuf ciently
C-1 Randomness PASSED
Random Values
20 from Chain
Attributes
SW
Shadowing CWE-710: Improper Adherence NOT
C-11
State Variables to Coding Standards PASSED
9
SW Incorrect
CWE-665: Improper
C-11 Constructor PASSED
Initialization
8 Name
SW CWE-347: Improper
Signature
C-11 Veri cation of Cryptographic PASSED
Malleability
7 Signature
25
fi
fi
fi
fi
fi
fi
fi
SW CWE-829: Inclusion of
Timestamp
C-11 Functionality from Untrusted PASSED
Dependence
6 Control Sphere
SW Authorization
CWE-477: Use of Obsolete
C-11 through PASSED
Function
5 tx.origin
CWE-362: Concurrent
SW Transaction Execution using Shared
C-11 Order Resource with Improper PASSED
4 Dependence Synchronization ('Race
Condition')
Use of
SW
Deprecated CWE-477: Use of Obsolete
C-11 PASSED
Solidity Function
1
Functions
SW
Assert CWE-670: Always-Incorrect
C-11 PASSED
Violation Control Flow Implementation
0
SW Uninitialized
CWE-824: Access of
C-1 Storage PASSED
Uninitialized Pointer
09 Pointer
SW State Variable
CWE-710: Improper Adherence
C-1 Default PASSED
to Coding Standards
08 Visibility
SW CWE-841: Improper
C-1 Reentrancy Enforcement of Behavioral PASSED
07 Work ow
SW Unprotected
CWE-284: Improper Access
C-1 SELFDESTRUC PASSED
Control
06 T Instruction
26
fl
SW Unprotected
CWE-284: Improper Access
C-1 Ether PASSED
Control
05 Withdrawal
SW Unchecked
CWE-252: Unchecked Return
C-1 Call Return PASSED
Value
04 Value
SW Outdated
CWE-937: Using Components
C-1 Compiler PASSED
with Known Vulnerabilities
02 Version
SW Integer
CWE-682: Incorrect
C-1 Over ow and PASSED
Calculation
01 Under ow
SW Function
CWE-710: Improper Adherence
C-1 Default PASSED
to Coding Standards
00 Visibility
27
fl
fl
28