This audit is not a call to participate in the project and applies only to the Smart-Contract code at the specified address.
Do not forget that you are doing all financial actions at your own risk, especially if you deal with high-risk projects.
In the SUNexWorld Smart-Contract were found no vulnerabilities and no backdoors.
The code was manually reviewed for all commonly known and more specific
So SUNexWorld Smart-Contract is safe for use in the main network.
Warning: do not send tokens to smart-contract address using usual transfer. One must use two-step transfer only: “approve” function inside of SUN Token and “invest” function inside of SUNexWorld.
Note: that is the only third part of the TRONex project from their original team. Do not confuse with a lot of fakes.
CRITICAL ISSUES (critical, high severity): 0
Bugs and vulnerabilities that enable theft of funds, lock access to funds without possibility to restore it, or lead to any other loss of funds to be transferred to any party; high priority unacceptable bugs for deployment at mainnet; critical warnings for owners, customers or investors.
ERRORS, BUGS AND WARNINGS (medium, low severity): 0
Bugs that can trigger a contract failure, with further recovery only possible through manual modification of the contract state or contract replacement altogether; Lack of necessary security precautions; other warnings for owners and users.
OPTIMIZATION POSSIBILITIES (very low severity): 2
Possibilities to decrease cost of transactions and data storage of Smart-Contracts.
NOTES AND RECOMMENDATIONS (very low severity): 2
Tips and tricks, all other issues and recommendations, as well as errors that do not affect the functionality of the Smart-Contract.
1. Recording statistical parameters in the blockchain (very low severity):
List of statistical parameters that also increase the cost of transactions and increase the amount of data stored in the blockchain:
uint public totalDeposits; uint public totalInvested; uint public totalWithdrawn; uint128 refback; uint128 bonus; uint24 refs;
Recommendation: use events and log this information instead of writing it to the blockchain.
Note: this comment doesn’t affect the main functionality of the smart-contract.
2. Transfers inside of referral program (very low severity):
There is five-level referral program and all bonuses (including refback) is transferred directly to the recipients inside of ‘invest’ function. That actions (up to 6 extra transfers) increase total transaction fee.
Recommendation: that is optimally to use ‘pull payment system’ instead, when user withdraws his available referral bonuses himself.
3. Loops over dynamic variables (very low severity):
In the withdraw, getUserDividends, getUserAvailable, getUserTotalDeposits, and getUserTotalWithdrawn functions, cycles unrestrictedly grow as the number of deposits increases. If one creates a large number of parallel deposits from a single wallet, this can lead to an excessive increase in the transaction cost.
Note: maximum amount of deposits from single account — 100.
4. Closing the last payment (very low severity).
If the last user who leaves the project has a payout greater than the smart-contract balance, he will receive the entire available balance, but it will be recorded that the entire payout was closed.
Note: this comment is not critical, since after the smart contract balance is empty, it is unlikely that the contract will be used again. So it makes sense for last user to get at least something.
Independent description of the smart-contract functionality:
The SUNexWorld contract provides the opportunity to invest any amount in SUN TRC20 Token (from 1 SUN) in the contract and get a 200% return on investment, if the contract balance has enough funds for payment.
Dividends are paid from deposits of users (Ponzi scheme).
It is allowed to participate in the project only from usual wallet (not smart-contract nor externally owner address).
Note: SUN TRC20 Token smart contract — https://tronscan.org/#/contract/TKkeiboTkxXKJpbmVFbv4a8ov5rAfRDMf9/code
Warning: do not send tokens to smart-contract address using usual transfer. Otherwise you will lost your tokens.
One must use only two-step transfer to create deposit:
1) “approve” function inside of SUN Token.
2) “invest” function inside of SUNexWorld. The minimum amount for deposit is 1 SUN.
That is because of standard critical problem of ERC20 called «event handling». More info at www.grox.solutions/all/erc20-issues
Each subsequent Deposit is kept separately in the contract, in order to maintain the payment amount for each Deposit.
The daily percentage for user dividends starts from 1% and depends on the following factors:
— Every 3,000 SUN on the maximum smart contract balance +0.05% until 15%. This Contract Bonus cannot decrease.
— Every 12 hours of non-withdrawal of dividends from the smart contract +0.05% until 10% (when creating new deposits, the percent keeps growing).
Maximum daily percent is 26% (1+15+10).
All dividends are calculated at the moment of request and available for withdrawal at any time.
Withdrawal is performed by calling the “withdraw” function from the address the Deposit was made.
Contract owners fee: part of the invested funds is sent to two addresses:
(marketing address) — 5%.
(the platform address) — 5%.
There is five-level referral program: in the “invest” function, one can specify the address of the referrer.
As a result, the referrer (upline) will get direct transfer of share of the investor’s Deposit according to the following table:
Requirements for the referrer: you can not specify your own wallet as a referrer, as well as a wallet that does not have at least one contribution in the smart contract. If wrong referrer is provided, no referrer is set.
The referrer is specified once at the time of the first deposit and is assigned to the user without the possibility of changing. From each subsequent Deposit, the referrer will get his percents.
Any user that has at least one contribution in the project can specify his own ‘refBackPercent’ — share of the referral bonus that will be returned to his direct referral (only 1 referral level).
To set refBackPercent user must call ‘setRefBackPercent’ function with percent parameter with 2 decimals (means 1% = 100, 100% = 10000).
The contract contains statistical functions that do not require sending transactions:
1. getContractBalance – smart contract balance (with decimals, for SUN – 18 characters).
2. getUserPercentRate – the current percentage for the specified user.
3. getUserReferrer – the user’s referrer.
4. getUserAvailable — total available amount to withdraw.
5. isActive – whether the user has active deposits.
6. getUserAmountOfDeposits – the number of user deposits.
7. getUserTotalDeposits – the sum of each deposits of the user.
8. getUserTotalWithdrawn – user dividend withdrawal amount.
9. getUserDeposits — user specified deposits info.
10. getSiteStats — total invested value, total deposits, balance of the contract, current contract percent.
11. getUserStats — user percent, available to withdraw amount, total user invested, amount of deposits and total withdrawn value.
12. getUserReferralStats — user referrer, user refback percent, referrer refback percent and array of amounts of deposits of all-level referrals.
If you have any questions or are interested in developing/auditing of Smart-Contracts, please contact us and we will consult you.