AXION.NETWORK Certik Audit Report Analysis Summary We have carefully studied the Certik Audit Report and note that the report does not contain any issues which can affect the function of Axion contracts. ● There are no critical issues ● There are no major issues ● There are no medium issues ● There are 3 minor issues which we do not recommend to fix since they relate to the initialization process which will be done manually, not to the contract itself. ● Informational findings are not affecting the functions, but can reduce gas costs and code maintenance in some cases. However, if we decide to fix them it will require a new audit / QA cycle since many components are affected. Analysis of the minor+ issues All of the issues below were discussed with Certik and then most of them were fixed. Found Major and Medium issues were fixed by commit cfcc6d13abda5c748ee04c68cf784515b7508d16 Minor by commit 0c5b3c6dbfa2f3a24c5208cfa2e920fed3357788. AUC-04: Double Payout The issue was found before the report and was fixed, we did not merge changes to the master branch so as not to interfere with the audit. AUC-03: Redundant Conditional The comment is accepted. The issue is fixed. SBS-14: Dangerous Conditional Execution It is recommended to change the if condition to require, because it is not correct to add shares if a session is not created. However, this is the expected logic of work, if is used to store a user staking for more than a year, otherwise add/subtract shares. And the total number of total shares we’ve duplicated the number of total shares in staking. We do not use require, because the contract is called by the staking contract, and the logic should not crash the staking. In fact, no call to stake or unstake should be stopped in any way by the SubBalances contract, so we believe that you cannot use require, otherwise execution may fail. FSP-04: Amount Inaccuracy The comment is accepted. The issue is fixed. STA-06, NSP-07, AUC-10: Inexistent Access Control In accordance with our deployment plan, the init function will be called once when the contracts are deployed, if we find that someone accidentally discovered and already called this function, the contract will be redeployed. TOK-03, NSP-05: Requisite Value of ERC-20 transferFrom() call The issue is well known and relies on USDT and some other tokens, but not to Axion ERC-20. For safeTransferFrom we have no missed return value bug. TOK-05: Incorrect require Check The comment is accepted. The issue is fixed. BPD-02: Calculation Remainder The comment is accepted. The issue is fixed.
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-