Customer And Project Background
The Customer is a team backed by TRON Ecological Foundation. The project is a Tronecology smart contract, an investment solution based on the TRON protocol with referral and cyclical systems. The Customer ordered our smart contract audit services to get official verification of the user’s fund security when on the contract.
Tasks And Challenges
The task was to audit the Tronecology smart contract and check its security and performance.
During the audit, we were to assess the project quality and reliability for investors as well as:
- Identify or deny the exit scams possibility
- Identify or deny code vulnerabilities and logic inconsistency that affect the user’s fund security
- Provide recommendations for possible modifications in smart contract to improve its performance
Methods And Tools
To assess the project quality and performance, we use the following smart contract audit tools and methods:
- Code review
- Test local Ethereum network
- Our in-house smart contract tracking know-how
- Static and dynamic code analysis with professional software tools
- Overflow testing with the SafeMath library
At Telescr.in, we thoroughly analyze the provided source code of the contract and further project documentation. Also, we analyze the contract mathematics and business logic. Additionally, we undertake computation of existing formulas for overflow assessment.
The key audit results are as follows:
- The contract code doesn’t have vulnerabilities, obvious exit scam signs, or logical errors that affect the users' fund security.
- Overflow probability was identified. The warning is the result of not using the SafeMath library. However, further analysis showed the overflow probability to very low and not affecting the users' fund security. Still, using SafeMath for calculations is our general recommendation.
- No remarks were identified for the contract.
The results we got during the audit allow us to verify the Tronecology contract security and performance.
Email messages were the only channel for our communication with the Customer. Still, our interaction was highly efficient as the Customer was always available as well as quick and detailed in their responses.
They were ready to pay for the audit in advance. We highly appreciate this intention. However, we have a strict company policy that does not allow us to accept payment until we finish our draft report.
(December 4 – December 12)
On December 4, after negotiations about the smart contract audit cost and deadlines, we took the order for processing. Initially, we planned to complete the audit on December 11. And we emailed the Customer with the draft report on audit results as we planned. The task was successfully completed but there was some discussion about the accepted SafeMath library usage suggestion.
So, on December 12, we prepared the final version of the report and email it to the Customer.
The Customer also ordered a video for the report and paid it in advance. On December 15, we completed the video and emailed it to the Customer.