TronCore Audit
Audit of TronCore Smart-Contract:
Website: www.troncore.net
Smart-contract address: TAzg2Z3T94DTvpjBAvVepAUN12y2KyUaNM
CHECK AUDIT FILE (PDF):
— ENGLISH — CHINESE — RUSSIAN —
DISCLAIMER:
This audit is not a call to participate in the project and applies only to the Smart-Contract code at the specified address.
Do not forget that you are doing all financial actions at your own risk, especially if you deal with high-risk projects.
CONCLUSION:
In the TronCore Smart-Contract were found no vulnerabilities and no backdoors.
The code was manually reviewed for all commonly known and more specific
vulnerabilities.
So TronCore Smart-Contract is safe for use in the main network.
CRITICAL ISSUES (critical, high severity): 0
Bugs and vulnerabilities that enable theft of funds, lock access to funds without possibility to restore it, or lead to any other loss of funds to be transferred to any party; high priority unacceptable bugs for deployment at mainnet; critical warnings for owners, customers or investors.
ERRORS, BUGS AND WARNINGS (medium, low severity): 0
Bugs that can trigger a contract failure, with further recovery only possible through manual modification of the contract state or contract replacement altogether; Lack of necessary security precautions; other warnings for owners and users.
OPTIMIZATION POSSIBILITIES (very low severity): 1
Possibilities to decrease cost of transactions and data storage of Smart-Contracts.
NOTES AND RECOMMENDATIONS (very low severity): 2
Tips and tricks, all other issues and recommendations, as well as errors that do not affect the functionality of the Smart-Contract.
AUDIT RESULT:
Optimization possibilities:
1. Recording statistical parameters in the blockchain (very low severity):
List of statistical parameters that also increase the cost of transactions and increase the amount of data stored in the blockchain:
uint24 public totalUsers; uint256 public totalInvested; uint256 public totalWithdrawn; uint256 public totalDeposits; uint256 refback; uint24[5] levels;
Recommendation: use events and log this information instead of writing it to the blockchain.
Note: this comment doesn’t affect the main functionality of the smart-contract.
Notes:
2. Loops over dynamic variables (very low severity):
In the withdraw, getUserDividends, getUserAvailable, getUserTotalDeposits, getUserDividendsWithdrawn, getUserTotalRefback functions loops unrestrictedly grow as the number of deposits increases. If one creates a large number of parallel deposits from a single wallet, it can lead to an excessive increase of the transaction cost.
Note: maximum amount of deposits from single account — 60.
3. Closing the last payment (very low severity).
If the last user who leaves the project has a payout greater than the smart-contract balance, he will receive the entire available balance, but it will be recorded that the entire payout was closed.
Note: this comment is not critical, since after the smart contract balance is empty, it is unlikely that the contract will be used again. So it makes sense for last user to get at least something.
If you have any questions or are interested in developing/auditing of Smart-Contracts, please contact us and we will consult you.
Telegram: @gafagilm
E-mail: info@grox.solutions