TronMatrix AUDIT
Address TRON Main Network:TRLkUaTFYMiUK1BSdtTJpTvrTA4RcWuA4g
Conclusion:
In the TronMatrix Smart-Contract were found no vulnerabilities and no backdoors. The code was manually reviewed for all commonly known and more specific vulnerabilities.
So TronMatrix Smart-Contract is safe for use in the main network.
CRITICAL ISSUES (critical, high severity): 0
Bugs and vulnerabilities that enable theft of funds, lock access to funds without possibility to restore it, or lead to any other loss of funds to be transferred to any party; high priority unacceptable bugs for deployment at mainnet.
ERRORS, BUGS (medium, low severity): 1
Bugs that can trigger a contract failure, with further recovery only possible through manual modification of the contract state or contract replacement altogether.
WARNINGS (any severity): 1
Lack of necessary security precautions; other warnings for owners and users.
OPTIMIZATION POSSIBILITIES (very low severity): 1
Possibilities to decrease cost of transactions and data storage of Smart-Contracts.
NOTES AND RECOMMENDATIONS (very low severity): 1
Tips and tricks, all other issues and recommendations, as well as errors that do not affect the functionality of the Smart-Contract.
AUDIT RESULT:
ERRORS, BUGS
1. Possibility to increase Hold Bonus without deposit (low severity).
There is no 0 dividends check at ‘withdraw’ function, so any user can call this function even though he has no deposit at all. It will give no profit except he will update his date of last withdraw (‘paidAt’ parameter). Then user will start to accumulate Hold Bonus just like if he has deposit. When user will make his first investment he will have already certain Hold Bonus.
Note: this possibility is not severe, since anyone can grow Hold Bonus using minimal investment.
WARNINGS
1. Loop on dynamic variable (low severity).
If user get more parallel deposits his withdraw transaction going to cost more transaction fee, because the loop on dynamic variable is used in the ‘withdraw’ function.
In case of exceeding TRON limit of size of transaction withdraw is not possible.
Note: this comment is relevant only if user creates excessive amount of parallel deposits (more than 300).
OPTIMIZATION POSSIBILITIES
Note: comments in this section do not affect the main functionality of the smart-contract.
1. There are 10 statistical variables that is not used in the internal logic of smart contract. It increases cost of tx and can be replaced with events.
uint referrals_tier1;
uint referrals_tier2;
uint referrals_tier3;
uint referrals_tier4;
uint totalRef;
uint invested;
uint withdrawn;
uint public totalInvestors;
uint public totalInvested;
uint public totalRefRewards;
NOTES AND RECOMMENDATIONS
1. There is a popular typo in the word «referrer» (misspelled as «referer»).
INDEPENDENT DESCRIPTION OF THE SMART-CONTRACT FUNCTIONALITY:
The TronMatrix smart-contract provides the opportunity to invest any amount of TRX (from 50 TRX) in the contract and get the certain return on investment, if the contract balance has enough funds for payment.
Dividends are payed from deposits of new users (ponzi scheme).
You can create a deposit by calling the “deposit” function and attaching the certain amount of TRX to the transaction (from 50 TRX inclusive).
Each subsequent deposit is kept separately in the contract, in order to maintain the payment amount for each deposit.
The conditions of investment:
Tariff index 0 1 2 3
Period, days 90 110 130 150
Standard ROI*, % 234 264 286 300
One must specify chosen tariff at the moment of investment.
* total ROI is not limited because of the bonus system.
Bonuses:
Hold Bonus: 0.1% per every 1 day of non-withdrawal of dividends.
Fund Bonus: 0.1% per every 1 million TRX in the balance of the smart contract.
Ref Bonus: 0.1% per every 1 million TRX of total invested amount of user referrals of all levels.
Withdrawals of dividends are available at any time.
Withdrawal by the user is performed by calling the “withdraw” function from the address the deposit was made.
All dividends are calculated at the moment of request and available for withdrawal at any time.
Owner commission:
Part of the invested funds is sent to address:
[support] — 10%.
Referral program:
Four-level referral program: in the moment of the first deposit, you can specify the address of the referrer. As a result, the referrer will get opportunity to withdraw % of the investor’s deposit according to the following table:
Referrel level 1 2 3 4
Percentage, % 4 3 2 1
Requirements for the referrer: you can not specify a wallet that have not had at least one contribution in the smart contract and your own wallet.
The referrer is specified once at the time of first deposit and is assigned to the user without the possibility of changing.
If no referrer or invalid referrer was given there will be no possibility to add referrer later for this user.
The referrers will get their bonuses, from each subsequent deposit of user in the future.
Functions:
Write contract (call of these function changes state and requires tx fee payed):
1. deposit – make an invesment (index of tariff, referrer address).
2. withdraw – withdraw available dividends.
3. via — sending of TRX via smart contract balance (that is safe and doesn’t concern main bank of project, the purpose of this function is to increase turnover of project on dappradars).
Read contract (call of these function doesn’t require tx fee payed):
1. investors – user info.
2. withdrawable – dividends available to withdraw.
3. getRefBonus — hold bonus (1 = 0.1%).
4. getFundBonus – fund bonus (1 = 0.1%).
5. getHoldBonus – hold bonus (1 = 0.1%).
6. totalInvestors — amount of investors.
7. totalInvested — invested amount.
8. totalRefRewards — ref rewards.
9. support — admin address fo comission.
Disclaimer
This audit is not a call to participate in the project and applies only to the Smart-Contract code at the specified address.
Do not forget that you are doing all financial actions at your own risk, especially if you deal with high-risk projects.
If you have any questions or are interested in developing/auditing of Smart-Contracts, please contact us and we will consult you.
Telegram: @gafagilm
E-mail: info@grox.solutions