SMART CONTRACT SECURITY AUDIT TRXFOX [ TRON BLOCKCHAIN ] Audit NO: 02100340068 November , 2020 ▪ Project Name : TRXFOX ▪ Technology : Blockchain Smart Contract ▪ Blockchain : Tron Blockchain ▪ Programming Language : Solidity ▪ Version : 0.5.12 ▪ Contract Type : Decentralized Smart Contract ▪ Category : High - Risk Dapp ▪ Website : https://www.trxfox.com ▪ Audit Type : Function Report ▪ File(s) Audited : TrxFox.sol ▪ Audit No : 02100340068 ▪ The contract source code is verified on TRONSCAN ▪ Contract name : TrxFox ▪ Optimization : Yes with 200 runs ▪ Compiler version : solidity 0.5.12 ▪ License : MIT ▪ E - mail : trxfox@mailsire.com ▪ Telegram : https://t.me/trxfoxsupportbot PROJECT DETAILS NOTE : This Audit Report was issued before the launch of the project. All tests are performed with the given Source Code on the test network. After the project’s launch, we will verify and issue another Audit Mentioning the contract's Address . Disclaimer INFIGO only audits the source code for security and its functions. We don’t audit for the contract logic honesty. This report is for the source code given and the contract deployed at the address mentioned in this document and doesn’t guarantee if the contract is being deployed to another address or any alterations made. We have nothing to do if the contract functioning contains risks like gambling and other functions. Security Items and Results NO ITEM SEVERITY DESCRIPTION RESULT 1 Race Condition High All types of Race Condition Attacks Passed 2 Overflow High Integer overflows / underflows. Fulfilled by using SafeMath library Passed 3 Denial of Service High Fulfilled by implementing “ balance withdrawal” design pattern Passed 4 Time - based Decisions High Doesn’t rely on small time periods Passed 5 Function / Data Structure Exposure High Passed NO ITEM SEVERITY DESCRIPTION RESULT 6 Parameter Sanitization High Passed 7 Require Statement Medium Passed 8 Contract ownership High Doesn’t required Passed 9 Inline assembly Warning isContract() function Passed 10 Loops Low Controlled Passed Function Report Constants and Read Functions : 1. MAX_DAILY_WITHDRAW: Showing maximum withdrawal per day and is set to 50,000 TRX. 2. INVEST_MIN_AMOUNT: Stores the minimum investment amount and is equivalent to 50 TRX. 3. FIX_PERCENT: Showing the daily fix percentage. Its set to 1% (100/ PERCENTS_DIVIDER). 4. DAILY_HOLD_PERCENT: Showing the percentage increase per non - withdrawal day and is equivalent to 0.05% per day. The total will be reset when withdraw. 5. REFERRAL_PERCENTS: Showing the referral levels percent and is equivalent to 7%, 3%, 3%, 1%, 0.5%, 0.5%, 0.5%, 0.5%, 0.5%, 0.5%, 0.5%, 0.5%, 0.25%, 0.25%, 0.25%, 0.25%, 0.25%, 0.25%, 0.25%, 0.25% for levels 1 to 20. 6. MARKETING_FEE: Showing the marketing fee and is equivalent to 5%. 7. SUPPORTING_FEE: Showing the supporting fee and is equivalent to 2.5%. 8. RESERVE_FEE: Showing the reservation fee and is equivalent to 2.5%. 9. PERCENTS_DIVIDER: All percentage values is divided to this number in calculations and is equivalent to 10,000. 10. CONTRACT_BALANCE_STEP: Showing the contract step and it is 1,000,000 TRX. 11. CONTRACT_BALANCE_PERCENT: Showing the contract balance increase amount per increase of CONTRACT_BALANCE_PERCENT and is equivalent to 0.1%. 12. CONTRACT_BONUS_LIMIT: Showing the maximum balance percentage and is 7%. 13. TIME_STEP: Showing the time step and is 1 days or 86400 14. totalUsers: Number of total users can be read from this variable. 15. totalInvested: Showing the total invested amount. 16. totalWithdrawn: Showing the total withdrawn amount. 17. totalDeposits: Showing the total number of deposits. 18. defaultReferrer: This is used as default referrer if the user come to system without any invitation. 19. getContractBalance() : This function is used to get contract balance. 20. getContractBalanceRate(): This function is used to get current contract balance rate percentage.. 21. getUserDividends(): This function is used to get user real time dividends. 22. getUserReferrer(): Gets a user referrer address. 23. getUserReferralBonus(): Returns users referral bonus . 24. getUserDepositInfo(): Returns user information. 25. getStatsView(): Returns statistics. 26. getDailyCap(): Returns daily withdrawal capacity. Each user can only get 50,000 TRX per 24 hours. 27. getUserAmountOfDeposits(): Returns number of deposits of a user. 28. isContract(): Checks if an address is a contract address. Write Functions : 1. payUplines(): This function updates up - line referral bonuses except level 1. The level one is updated directly on deposit. This is a private function and can’t be called from outside the contract. 2. invest(): This function is used to make a deposit in the system. This function accepts a referral address. This is a public function and can be called from outside. This function is the only payable function and the admin fees are paid in this function. The total of 10% of each deposit is transferred to four admin accounts. The first referral bonus is calculated here as 7% of the deposit and is set to the corresponding referrer user account. Note that new deposit amount must be more than the previous deposit amount and minimum amount to make a successful deposit is 50 TRX 3. withdrawDividends(): This function is used to withdraw the dividends so far. There is no backdoor in this function and the only transfer () call is used to send dividends to the user wallet. Referral bonuses of level greater than one is calculated here and set to their account. Calculation is based on an array of size 20 as 7% 3% 3% 1% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.5% 0.25% 0.25% 0.25% 0.25% 0.25% 0.25% 0.25% 0.25% • There are two constraints that determine profit maximum value withdrawal. One is maximum profit constraint which ensures the total withdraw amount be less than 200% of all deposits. So in order to withdraw profits more than 200% users have to invest again. Another limit check is daily withdraw limit check. Users can not withdraw more than 50K TRX a day. 4. withdrawBonus(): This function is used to withdraw referral bonus so far. There is no backdoor in this function and the only transfer () call is used to send referral profit to the user wallet. Referral bonuses of level greater than one is calculated here too and set to their account. The withdrawal limits explained in the previous section is also applied here. Summary of the Audit : • Overall the Code is good and performs well. • No Backdoors or Vulnerabilities were found on the TRXFOX Contract. • TRXFOX’s code is safe to use in the Tron Main Network. Website : www.infigo.solutions Mail : team@infigo.solutions Telegram : @ InfigoSolutions NOTE : This Audit Report was issued before the launch of the project. All tests are performed with the given Source Code on the test network. After the project’s launch, we will verify and issue another Audit Mentioning the contract's Address .