Bitso Smart contract security audit

[JorgeLPacheco]

Audit request

We would like to know more about a smart contract security audit for a fork of USDC. Can we arrange a call to better understand times and requirements?

Source code

... Give a link to the source code of contracts ...

Payment plan

... Write [x] at the checkbox of the payment plan that suits your needs ...

• [x] Standard (standard projects such as ICOs, ERC20, ERC223, ERC721, ERC721A tokens and NFTs fall in this category - 2 auditors. $600 + $1.2 per line of code / minimum $1200)
• [ ] Advanced (non-standard projects requiring more careful review - 3 auditors. $1200 + $1.5 per line / minimum $2400)
• [ ] Corporate (projects that require post-launch support - 3 auditors - Callisto Team will handle the bugbounty and provide a 1 month long period of technical support regarding the necessary security enhancement procedures and track/highlight any issues and potential threats - this plan allows to further apply for Callisto DAPP Insurance program)

Disclosure policy

... Do you want us to publish the report as it is or to notify you privately in case of finding critical mistakes? ... Notify ... provide your conditions for publishing the report or leave only standard disclosure policy link ... TBD Standard disclosure policy.

Contact information (optional)

... Provide information to contact you or the smart contract-developer in case high severity issues will be found ...

... Provide information about the media resources of the project you want us to audit (website/ twitter account/ reddit/ telegram channel/ etc.) ...

Platform

... In which network will your contract be deployed? (EOS/TRX/ETC/ETH/CLO/UBQ/something else ) ...

[chhajershrenik]

@JorgeLPacheco Please provide the source code and add Contact information, if the source code is private please add @yuriy77k to the private repository. He will review the code and update with the audit payment plan and time period for the audit.

[JorgeLPacheco]

https://etherscan.io/address/0xF197FFC28c23E0309B5559e7a166f2c6164C80aA You may contact me directly. Jorge.Pacheco@bitso.com

[chhajershrenik]

Thank you,Yuriy will reach out with the details.

[yuriy77k]

@JorgeLPacheco can you send me a link to your GitHub repository with the contract code? It will be easier to point out issues than using Etherscan.

[JorgeLPacheco]

Thanks yuriy, our team told me that they have not created a fork of the code in github. The contract code is based on circle one. Would this be enough? https://github.com/circlefin/stablecoin-evm

[chhajershrenik]

Thanks yuriy, our team told me that they have not created a fork of the code in github. The contract code is based on circle one. Would this be enough? https://github.com/circlefin/stablecoin-evm

@JorgeLPacheco This is the repository of the Circle's smart contract, the audit team would require access to the modified fork developed by Bitso's team to reference the code in the audit report.

[JorgeLPacheco]

Understood, I will get in touch with my team and come back with you once it is done. Thank you for your support.

[JorgeLPacheco]

Hello again! The github repository is up in the following link: https://github.com/MXNB-Token/MXNB

Do you need something else to quote the service?

Thanks!

[yuriy77k]

@JorgeLPacheco This is not a standard project so the audit can be performed by Advanced payment plan. Should be audited un total 28 files (1446 lines of code) in two contracts: FiatTokenProxy contract (5 files): https://etherscan.io/address/0xF197FFC28c23E0309B5559e7a166f2c6164C80aA#code Implementation contract (23 files): https://etherscan.io/address/0x72beddf7032EEC58F199857b79A8e37020c14e42#code

The audit fee is 3369 USDT. You may send USDT (ERC20 or BEP20) to: 0x6317c6944bd1cD3932d062cce39d7Fd602119529 (valid for Ethereum and Binance Smart Chain). The estimated auditing time is 14 days after payment.

[JorgeLPacheco]

Thank you! Do we sign up a contract and NDA before the transfer?

[yuriy77k]

@JorgeLPacheco Usually we don't sign contracts. But if you need it, we can. Please send it to yuriy@callistoenterprise.com for review.

[JorgeLPacheco]

Thanks! My legal team will prepare the text for your review. We will need the following documentation to add you in our vendor system. If you are based on US we will need the following:

• W9
• Legal representative’s ID
• Certificate of good standing

Let me know if there is an issue to provide the documents. My information security team also will need to run a due diligence basically just some questions to ensure best practices from your side. To whom we should send the request for info?

[yuriy77k]

@JorgeLPacheco we are based in the Czech Republic. You can send a request for info to my email yuriy@callistoenterprise.com

[JorgeLPacheco]

Understood, no problem I will work with the legal team on this. I will need a document that shows that you pay taxes or you are a registered tax payer in Czech republic and some certificate or document that states that the company legally exists. Does not matter if it is in Czech, it is just a legal formality.

I will send over an email to you with my GPG signature in a moment. Once we have this we will proceed with the contract and payment.

I will be your main contact for this engagement in Bitso so let me know if you need something.

[JorgeLPacheco]

Hi Yuriy! did you received my email? Any update with the documentation? Let me know if you have issues. Regards.

[JorgeLPacheco]

Just touching base @yuriy77k. How can we move on with the process?

[JorgeLPacheco]

@yuriy77k, @chhajershrenik we have not received further information from your side. We have chosen to move on with another vendor. Thank you for time.