Worthpad smart contract security audit, conducted by the Callisto Network Security Department during December 2021.
Worthpad Token Security Audit Report
Are Your Funds Safe?
Worthpad ecosystem is powered by the $WORTH Token.
Binance Smart Chain.
1. In scope
OpenZeppelin standard imports were excluded from the audit.
In total, 1 issues were reported including:
- 0 high severity issues.
- 0 medium severity issue.
- 1 low severity issue.
In total, 10 notes were reported, including:
- 2 notes.
- 8 owner privileges.
No critical security issues were found.
2.1 Owner Privileges
WorthToken contract owner has rights to:
- Exclude/include any account from/in the fee.
- Set Worth DVC Fund fee percentage in range 1% – 10%.
- Set liquidity fee percentage in range 1% – 10%.
- Change the maximal amount per transaction from 0 to 100,000,000 tokens.
- Enable or disable adding liquidity to pool, using function
WorthTokenSale contract owner has rights to:
- Add users to whitelist and set maximum allocation amount (in USD).
- Close tokens sale calling function endSale(). Without ending sale users could not claim bought tokens.
- Withdraw all tokens from contract using function withdrawTokens include unclaimed users tokens.
2.2 allDepositIds is not necessary
The allDepositIds array contain sequence of
id from 1 to
depositId. So all deposits Ids is below or equal to
2.3 The Hard cap may be exceeded
The Hard cap is checked before adding the amount that the user sends to exchangeUSDTForToken and exchangeBUSDForToken. It may cause exceed Hard cap if a user sends a bigger amount than left to reach the hard cap.
2.4 The owner can withdraw the user’s unclaimed tokens
The function withdrawTokens allow the contract owner to withdraw the entire balance of the contract, including tokens that users bought but did not claim yet.
unclaimedTokens and add to it amount tokens when user buy it and subtract tokens when user claims it.
In the function
balance - unclaimedTokens instead of the entire balance.
3. Security practices
The audited smart contract can be deployed. Only low severity issues were found during the audit.
Pay attention to
WorthTokenSale contract owner rights that may hurt users.
It is recommended to adhere to the security practices described in pt. 4 of this report to ensure the contract’s operability and prevent any issues that are not directly related to the code of this smart contract.
Trust the Blockchain, Audit the Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!