30.12.2020

Audit of Omeo Smart-Contract

Audit of Omeo Smart-Contract:
Website: omeo.finance/
Smart-contract address: TStp3xko1UpBo9RXfdNhBG6mTjUWH3Q5fB

CHECK AUDIT FILE (PDF):
— Coming soon —

DISCLAIMER:
This audit is not a call to participate in the project and applies only to the Smart-Contract code at the specified address.
Do not forget that you are doing all financial actions at your own risk, especially if you deal with high-risk projects.

CONCLUSION:

In the Omeo Smart-Contract were found no vulnerabilities and no backdoors.
The code was manually reviewed for all commonly known and more specific
vulnerabilities.
So Omeo Smart-Contract is safe for use in the main network.
Warning: the Omeo Token total supply is 20 millions, as 10 millions were created 30 Dev 2020. Additional minting of the token is impossible now. Be aware of owners OME capital.
Warning: do not send tokens to smart-contract address using usual transfer. One must use two-step transfer only: “approve” function inside of Token and “invest” function inside of Omeo.

CRITICAL ISSUES (critical, high severity): 0
Bugs and vulnerabilities that enable theft of funds, lock access to funds without possibility to restore it, or lead to any other loss of funds to be transferred to any party; high priority unacceptable bugs for deployment at mainnet; critical warnings for owners, customers or investors.

ERRORS, BUGS AND WARNINGS (medium, low severity): 0
Bugs that can trigger a contract failure, with further recovery only possible through manual modification of the contract state or contract replacement altogether; Lack of necessary security precautions; other warnings for owners and users.

OPTIMIZATION POSSIBILITIES (very low severity): 2
Possibilities to decrease cost of transactions and data storage of Smart-Contracts.

NOTES AND RECOMMENDATIONS (very low severity): 3
Tips and tricks, all other issues and recommendations, as well as errors that do not affect the functionality of the Smart-Contract.

AUDIT RESULT:

Optimization possibilities:

1. Recording statistical parameters in the blockchain (very low severity):
List of statistical parameters that also increase the cost of transactions and increase the amount of data stored in the blockchain:
uint256 public totalDeposits; uint256 public totalInvested; uint256 public totalWithdrawn; uint128 refback; uint128 bonus; uint24[5] refs;
Recommendation: use events and log this information instead of writing it to the blockchain.
Note: this comment doesn’t affect the main functionality of the smart-contract.

2. Transfers inside of referral program (very low severity):
There is five-level referral program and all bonuses (including refback) is transferred directly to the recipients inside of ‘invest’ function. That actions (up to 6 extra transfers) increase total transaction fee.
Recommendation: that is optimally to use ‘pull payment system’ instead, when user withdraws his available referral bonuses himself.

Notes:

3. Loops over dynamic variables (very low severity):
In the withdraw, getUserDividends, getUserAvailable, getUserTotalDeposits, and getUserTotalWithdrawn functions, cycles unrestrictedly grow as the number of deposits increases. If one creates a large number of parallel deposits from a single wallet, this can lead to an excessive increase in the transaction cost.
Note: maximum amount of deposits from single account — 100.

4. Closing the last payment (very low severity).
If the last user who leaves the project has a payout greater than the smart-contract balance, he will receive the entire available balance, but it will be recorded that the entire payout was closed.
Note: this comment is not critical, since after the smart contract balance is empty, it is unlikely that the contract will be used again. So it makes sense for last user to get at least something.

5. Style of the code (very low severity).
There are different naming style of the same type used in the smart-contract: uint256 and uint. Recommendation: change every use of uint256 type to only style.

Independent description of the smart-contract functionality:

The Omeo contract provides the opportunity to invest any amount in Omeo TRC20 Token in the contract and get a 200% return on investment, if the contract balance has enough funds for payment.
Dividends are paid from deposits of users (Ponzi scheme).
It is allowed to participate in the project only from usual wallet (not smart-contract nor externally owner address).
Note: Omeo TRC20 Token smart contract — TWzFp1UwJWSRkcomNjHjHxwhrJruQvzViR
Warning: do not send tokens to smart-contract address using usual transfer. Otherwise you will lost your tokens.
One must use only two-step transfer to create deposit:
1) “approve” function inside of Omeo Token.
2) “invest” function inside of Omeo.
That is because of standard critical problem of ERC20 called «event handling». More info at www.grox.solutions/all/erc20-issues
Each subsequent Deposit is kept separately in the contract, in order to maintain the payment amount for each Deposit.
The daily percentage for user dividends starts from 1% and depends on the following factors:
— Every 30,000 Omeo Token on the maximum smart contract balance +0.05% until 5%. This Contract Bonus cannot decrease.
— Every 12 hours of non-withdrawal of dividends from the smart contract +0.05% until 10% (when creating new deposits, the percent keeps growing).
Maximum daily percent is 16% (1+5+10).
All dividends are calculated at the moment of request and available for withdrawal at any time.
Withdrawal is performed by calling the “withdraw” function from the address the Deposit was made.
Contract owners fee: 10$ of the invested funds is sent to owner addresses.
There is five-level referral program: in the “invest” function, one can specify the address of the referrer.
As a result, the referrer (upline) will get direct transfer of share of the investor’s Deposit according to the following table:
Requirements for the referrer: you can not specify your own wallet as a referrer, as well as a wallet that does not have at least one contribution in the smart contract. If wrong referrer is provided, no referrer is set.
The referrer is specified once at the time of the first deposit and is assigned to the user without the possibility of changing. From each subsequent Deposit, the referrer will get his percents.
Any user that has at least one contribution in the project can specify his own ‘refBackPercent’ — share of the referral bonus that will be returned to his direct referral (only 1 referral level).
To set refBackPercent user must call ‘setRefBackPercent’ function with percent parameter with 2 decimals (means 1% = 100, 100% = 10000).

The contract contains statistical functions that do not require sending transactions:
1. getContractBalance – smart contract balance (with decimals, for Omeo Token – 6 characters).
2. getUserPercentRate – the current percentage for the specified user.
3. getUserReferrer – the user’s referrer.
4. getUserAvailable — total available amount to withdraw.
5. isActive – whether the user has active deposits.
6. getUserAmountOfDeposits – the number of user deposits.
7. getUserTotalDeposits – the sum of each deposits of the user.
8. getUserTotalWithdrawn – user dividend withdrawal amount.
9. getUserDeposits — user specified deposits info.
10. getSiteStats — total invested value, total deposits, balance of the contract, current contract percent.
11. getUserStats — user percent, available to withdraw amount, total user invested, amount of deposits and total withdrawn value.
12. getUserReferralStats — user referrer, user refback percent, referrer refback percent and array of amounts of deposits of all-level referrals.

If you have any questions or are interested in developing/auditing of Smart-Contracts, please contact us and we will consult you.
Telegram: @gafagilm
E-mail: info@grox.solutions