The Customer is a group of developers of the Justglobal project. The project is a decentralized P2P smart contract on the JST token and TRON-based protocols. Backed with a well-developed community and mature ecosystem.
Tasks And Challenges
The task was to conduct a source code security audit and issue a smart contract security audit report to increase investors’ confidence in the project and their fund security when on the contract.
The audit must include the following activities:
- Error Code Analysis
- Code vulnerability assessment
- Exit scam possibility assessment
Based on the data provided in the documentation, we conducted a comprehensive code security audit and analyzed the mathematics of the contract.
The key audit results are:
- No errors that affect the security of users' funds on the contract were found
- No obvious signs of an exit scam were found
- No bugs and backdoors found
Therefore, Telescr.in guarantees the JustGlobal contract security and performance.
Still, we found an unused state variable and overflow possibility warning:
- Unused state variable. The _drawCDPool () method assigns values to the state variable pre_cd_pool_top, but this variable is not used anywhere.
- Overflow possibility. SafeMath library is not used for calculations. The general recommendation is to use SafeMath for arithmetic calculations.
Methods And Tools
Experienced in software quality assurance, we applied the following activities and tools when auditing Justglobal contract security:
- Code review
- Static and dynamic source code analysis (software-based)
- Test local Ethereum network
- Our own know-how for tracking smart contract transaction status
(December 28 – January 3)
On December 28, we signed the contract for auditing code security and set the project deadline on January 3. On December 31, we prepared a draft audit report on the provided code and sent it to the Customer.
At that time, the code wasn’t published on the network or signed. However, the final report must be on the signed code. So, we waited the code deploy day.
The Customer published the code on January 2 and changed the contract name on January 3. Thus, the final report was released and delivered on January 3.
The audit was ordered close to New Year’s Eve. Therefore, we decided to grant the Customer with a video report as a NY bonus. The video report was presented without any additional charges on January 6.
Our collaboration was smooth and highly efficient. The Customer was always available and ready to provide the necessary information. When we requested additional documentation to complete an audit in full, they provided it in a wink.