Smart Contract Audit For Shield Protocol

[rahulsharma0856]

Audit request

Our smart contract is simple solidity based program for binance smart chain. It is standard contract in which no mint/burn functions has been used for security reasons.

Source code

https://github.com/shield2protocol/smart-contract/blob/main/BinanceSmartChain_SHIELD.sol

Disclosure policy

Our team already checked the security things within contract as we are cyber security service provider too. We published our solidity smart contract publicly. We need smart contract report just for future references. If still there are some critical things, we will like it privately. Otherwise, your team can release it publicly.

Standard disclosure policy.

Contact information (optional)

Contact Person: LinkedIn: @rahulsharma0856 , Telegram: @rahulsharma0856

Project Information: Website: ( www.shieldprotocol.org ), Twitter: ( https://twitter.com/shield2protocol ) , Telegram: ( https://t.me/shield2protocol ), Medium: ( https://shield2protocol.medium.com )

Platform

BSC ( Already Deployed )

[yuriy77k]

@rahulsharma0856 the audit will cost 582 USD. Let me know if you accept it.

[rahulsharma0856]

@yuriy77k Sure. How, we can proceed?

[yuriy77k]

@rahulsharma0856 please, send 582 USDT to our treasuty address 0x74682Fc32007aF0b6118F259cBe7bCCC21641600

[rahulsharma0856]

@yuriy77k Are you sure, this is the safest usdt address for transfer? Because etherscan showing its status, phishing scam address?

[yuriy77k]

@rahulsharma0856 we checked it but some troll sent a report to ether scan and ether scan didn’t change it. This address is safe, but if you want you can send USDT to this 0x4667d0c30E6f58ef935ddAb560d41E030E4d2AeB.

[rahulsharma0856]

@yuriy77k Got it. Payment done from our side. Here is the transaction Id: ( 0x56363227dc2712c486c4205ae707c39d5b0f9b5d79045bec76ac6bdfdf45460d )

[yuriy77k]

@rahulsharma0856 received. The audit will be completed in 4 days

[danbogd]

Auditing time: 3 days.

[yuriy77k]

Auditing time: 3 days.

assigned

[MrCrambo]

Auditing time: 3 days.

[rahulsharma0856]

Okay.

[yuriy77k]

Auditing time: 3 days.

assigned

[danbogd]

My report is finished.

[MrCrambo]

My report is finished

[yuriy77k]

Shield Protocol Security Audit Report

1. Summary

Shield Protocol smart contract security audit report performed by Callisto Security Audit Department

2. In scope

Commit hash f5c1a5d77c158f84889b65a4070f7b80c3cf6898 BinanceSmartChain_SHIELD.sol

3. Findings

In total, 3 issues were reported including:

• 1 low severity issues.

• 2 notes.

No critical security issues were found.

3.1. Known vulnerabilities of ERC20 / BEP20 token

Severity: low

Description

1. Lack of transaction handling mechanism issue. WARNING! This is a very common issue and it already caused millions of dollars losses for lots of token users! More details here.

Recommendation

Add the following code to the transfer(_to address, ...) function:

require( _to != address(this) );

3.2. Unnecessary getter functions

Severity: note

Description

The variables _decimals, _symbol, _name declared as public so compiler create getter function for them. But for those variables already there are getter function decimals(), symbol(), name(). This issue caused higher gas consumption during deployment, but does not impact on contract works.

Recommendation

Variable _decimals, _symbol, _name have to be declared as private.

3.3. Wrong returns type

Severity: note

Description

The function decimals() returns type uint256 but variable _decimals has type uint8.

Recommendation

The function decimals() has to returns uint8.

4. Conclusion

The audited smart contract can be deployed. Only low severity issus was found during the audit. The pointed notes don't impact on contract works but show the how it has to be by good practice.

5. Revealing audit reports

https://gist.github.com/danbogd/c3d990fc32ccd1623e2a9898fd636904

https://gist.github.com/MrCrambo/830356e6648f5b7f5f192f4820d625a9

[rahulsharma0856]

@yuriy77k Please change the text "3.1. Known vulnerabilities of ERC-20 token" TO "3.1. Known vulnerabilities of BEP-20 token".

We already mentioned bep20 interface within smart contract. Cross check the things and replace needful text.

Also, please share direct link of this report result, so that our team can share report link publicly into our project social channels.

[yuriy77k]

@rahulsharma0856 here is direct link https://gist.github.com/yuriy77k/f5a0a9d1e0ffd36de1fa5f0c344694a2

[rahulsharma0856]

@yuriy77k Thanks.

[rahulsharma0856]

@yuriy77k If possible, Please remove ETH Pre-Keyword as per screenshot highlighted below:

[yuriy77k]

@rahulsharma0856 updated https://gist.github.com/yuriy77k/97e5b0fcee4a3764db6fa1c102256641

[rahulsharma0856]

@yuriy77k Thanks

[rahulsharma0856]

Hello @yuriy77k , We ( SHIELD PROTOCOL ) wants to audit our dapp smart contract that will be used within our mobile apps.

Repository link of dapp smart contract file is ( https://github.com/shield2protocol/dapp-contract/blob/main/shieldhash.sol )

[yuriy77k]

@rahulsharma0856 The audit fee is 515 USDT

You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB

The estimated auditing time - 3 days after payment.

[rahulsharma0856]

@yuriy77k Transaction id (BEP-20): https://bscscan.com/tx/0x4ae7c3dc2034842d2a98eeb78065c16459d5839c58a62d5d7690d75b5b772c03

[yuriy77k]

@rahulsharma0856 thank you, received

[rahulsharma0856]

@yuriy77k Keep audit results private. After all findings and fixing, We will set it to public at the right time.

[yuriy77k]

ShieldHash Security Audit Report

1. Summary

ShieldHash smart contract security audit report performed by Callisto Security Audit Department

Project Information:

• Website: https://www.shieldprotocol.org
• Twitter: https://twitter.com/shield2protocol
• Telegram: https://t.me/shield2protocol
• Medium: https://shield2protocol.medium.com

2. In scope

Commit hash a23fe0fa22d6420f6395785d10b426d42caf484a shieldhash.sol

3. Findings

In total, 1 issues were reported including:

• 1 notes.

No critical security issues were found.

3.1. Using string type

Severity: note

Description

The type hashinfo declared as string, but this type intends to use with text messages. If you need to store bytes data with arbitrary length better to use bytes type. In case if the hashinfo holds Keccak-256 or SHA-256 hash (or any other hash with length 256 bits) the more organic will be to use bytes32 type (it will save gas on storage usage).

4. Conclusion

The audited smart contract can be deployed. No security issues were found during the audit.

[yuriy77k]

@rahulsharma0856 gist with report: https://gist.github.com/yuriy77k/899ae2ef142332bade4498b22b84ff47

[yuriy77k]

Blog post: https://callisto.network/shield-hash-security-audit/

Twitter: https://twitter.com/Callisto_Audits/status/1397053915900829699

Twitter FR: https://twitter.com/CallistoNetFr/status/1397053905515732994

Twitter RU: https://twitter.com/CallistoNetRu/status/1397053895810105344

[rahulsharma0856]

@yuriy77k @Dexaran Need new audit for Token 'Shield Warriors'. Repository link of smart contract file is here i.e. ( https://github.com/shield2protocol/smart-contract/blob/main/BinanceSmartChain_WARRIOR.sol

[rahulsharma0856]

@yuriy77k Are you guys available for audit?

[yuriy77k]

@rahulsharma0856 sorry, did not see the message in the closed issue. Yes, we can audit it. The audit fee is 753 USDT. You may send USDT (ERC20 or BEP20) to: 0xb9662e592f2f0412be62f0833ca463a9b1aabebb or USDT (TRC20) to: TBzUKbek9AYVBwf91ykh3KY4Ushk95SCiB

The estimated auditing time - 4 days after payment.

[rahulsharma0856]

@yuriy77k Transaction Id: https://bscscan.com/tx/0x52b67010a169912eb670dbce1c22c976db9d1d9a48317d398550215c20758e14

[yuriy77k]

@rahulsharma0856 thank you

[yuriy77k]

Shield Warriors token Security Audit Report

1. Summary

Shield Warriors token smart contract security audit report performed by Callisto Security Audit Department

• Website: https://www.shieldprotocol.org
• Twitter: https://twitter.com/shield2protocol
• Telegram: https://t.me/shield2protocol
• Medium: https://shield2protocol.medium.com

2. In scope

Commit 2eac9a6d5711d190af0f33b4045992b08690f482

• BinanceSmartChain_WARRIOR.sol

3. Findings

In total, 0 issues were reported including:

• 0 high severity issues.

• 0 medium severity issues.

• 0 low severity issues.

• 0 notes.

• 0 owner privileges.

No critical security issues were found.

4. Conclusion

The audited smart contract can be deployed. No security issues were found during the audit.

[yuriy77k]

Report on gist: https://gist.github.com/yuriy77k/5411b302c60752f93eb5dc486d8ed984

[yuriy77k]

@rahulsharma0856 are these links correct for Shield Warriors token?

• Website: https://www.shieldprotocol.org
• Twitter: https://twitter.com/shield2protocol
• Telegram: https://t.me/shield2protocol
• Medium: https://shield2protocol.medium.com

[rahulsharma0856]

@yuriy77k According to report, We added new function into existing smart contract. Here is the link for reference ( https://github.com/shield2protocol/smart-contract/blob/main/BinanceSmartChain_WARRIOR.sol ). Please update the report and gist accordingly.

Yes. Above links are correct for Shield Warriors Token.

[yuriy77k]

@rahulsharma0856 updated

[yuriy77k]

@rahulsharma0856 thank you

[rahulsharma0856]

Okay. Thanks @yuriy77k

[rahulsharma0856]

Hello @yuriy77k , We ( Shield Protocol - @shield2protocol ), is upgrading smart contract with new functionality for our pegged tokens and bridge process. Please audit our new smart contract source file i.e. ( https://github.com/shield2protocol/smart-contract/blob/main/BNBChain_SHIELDPROTOCOL.sol ). Also, share the audit fee for the same.
Also, open this git issue for approval.

Thanks.