Smart Contract #Audit, For Heodefi: Date: June 11,11:35amest
Smart Contract #Audit, For Heodefi: Date: June 11,11:35amest
Smart Contract #Audit, For Heodefi: Date: June 11,11:35amest
This material has been prepared for general informational purposes only. Audit Version1.0.39
Date: June 11,11:35amEST
© 2016-2021 Bloqchain Science, The Bloqchain. 99 Wall Street Suite Page1
1808, New York, NY 10005.
thebloqchain.com
HEODefi Smart Contracts Initial Audit
Audit Version2.0.25
Date: Saturday,February27 , 2021
Disclaimer
The audit makes no statements or warrantees about utility of
thecode, safety of the code,suitability of the business model,
regulatory regime for thebusine ss model, or any other statements
about fitness of the contracts to purpose, or their bug free status.
This is a limited report on our findings based on our analysis, in
accordance with good industry practice as at the date of this
report, in relation to:
(a)cybersecurity vulnerabilities and issues in the smart
contract source code analyzed, the details of which are set out in
this report, (Source Code); and
(b)the Source Code compiling,deploying and performing the
intended functions.
We recommend proceeding to multiple independent audits to
ensure t he security of the smart contracts.
Audit Version2.0.25
Date: February 27,1:25amEST
page2
Project Name : HEODefi
├── HEODefi.sol
├──Viewer.sol
├──MavroToken
│ ├── Extra.sol
│ └── Player.sol
├── Order.sol
├── Founder.so
Audit Version2.0.25
Date: February 27,1:25amEST
page3
Audit Team: Bloqchain Science Security Team
Statement: Bloqchain Science only issues this report based on the fact that has
o c c u r r e d o r e x i s t e d b e fo r e t h e r e p o r t i s i ssued, and b e a r s t h e
corresponding responsibility in this regard. For the facts occur or exist later after
the report, Bloqchain Science cannot judge the security status of its
smart contract. Bloqchain Science is not responsible for it. The security audit
analysis and other contents of this report are based on the documents and
reflected and is inconsistent with the actual situation, Bloqchain Science will not
bear any responsibility for the resulting loss and adverse effects.
Audit Version2.0.25
Date: February 27,1:25amEST
page4
Introduction :
This Audit Report will only highlight the overall security and business logic
of HEO Smart C o n t r a c t . With this r e p o r t , we have t ried t o ensure the
reliability, security of their smart c o n t r a c t by c o m p l e t e a s s e s s m e n t of
their system’s architecture, and the smart contract codebase.
Our team then performed a formal line by line inspection of the code of the Smart
Contract to find any potential issue like race conditions, transaction-ordering
dependence, timestamp dependence, and denial of service attacks as mentioned in
the above table.
In the Unit testing Phase, we coded/conducted Custom unit tests written for each
function in the contract to verify that each function works as expected. In
Audit Version2.0.25
Date: February 27,1:25amEST
page5
Automated Testing, Wetested the Smart Contract with our in-house developed
tools to identify vulnerabilities and security flaws.
process.
Audit Version2.0.25
Date: February 27,1:25amEST
page6
3. Deploying the code on testnet using multiple clients to
Audit Details
● Platforms and Tools: Remix IDE, Truffle, Truffle Team, Ganache, Slither, Surya
HEODefi contract is used to create the TRC token, which is a Mavro, Smart
Audit Version2.0.25
Date: February 27,1:25amEST
page7
Audit Goals
The focus of the audit was to verify that the smart contract system is
secure, resilient and working according to its specifications that has
been provided to the Auditing team. The audit activities can be grouped
in the following three categories:
Security: Identifying security related issues within each contract and the
system of contracts.
● Correctness
● Readability
Audit Version2.0.25
Date: February 27,1:25amEST
page8
Security Level references:
Every issue in this report was assigned a severity level from
the following:
as recommended.
recommendations.
Low severity issues are minor details and warnings that can
remain unfixed but would be better fixed at some point in
the future.
Audit Version2.0.25
Date: February 27,1:25amEST
page9
The source code of the HEO smart contract:
pragma solidity >=0.5.4;
interface ITRC20 {
function transfer(address to, uint value) external returns (bool); function
approve(address spender, uint value) external returns (bool);
function transferFrom(address from, address to, uint value) external returns (bool);
function totalSupply() external view returns (uint);
function balanceOf(address who) external view returns (uint);
function allowance(address owner, address spender) external view returns (uint);
event Transfer(address indexed from, address indexed to, uint value);
event Approval(address indexed owner, address indexed spender, uintvalue);
}
contract Managable {
address payable public owner;
Audit Version2.0.25
Date: February27,1:25amEST
page10
_;
}
{ struct User {
uint8 cycle; uint8 level;
address upline; uint16
referees;
uint256 teams;
uint256 refBonus; uint256
poolBonus; uint256
teamsBonus; uint256
investPayouts; uint256
payouts; uint256
depositAmount;
uint256 depositTop;
Audit Version2.0.25
Date: February27,1:25amEST
page11
uint256 depositPayouts;
uint40 depositTime; uint256
investLast;
struct Uext {
uint256 directBonus; uint256
totalDeposits; uint256
totalPayouts;
ITRC20 usdtToken;
Audit Version2.0.25
Date: February27,1:25amEST
page12
uint256 private maxDeposit;
uint8[] private refBonusScale;
uint8[] private teamsBonusScale;
uint8[] private poolBonuses;
uint40 private poolLastDraw = uint40(block.timestamp);
uint256 public poolCycle; uint256 private poolBalance;
mapping(uint256 => mapping(address => uint256)) private
poolUsersRefsDepositsSum;
Audit Version2.0.25
Date: February27,1:25amEST
page13
event withdrawEvent(address indexed addr, uint256 amount); event
logDate(uint40 date);
Audit Version2.0.25
Date: February27,1:25amEST
page14
adminAddr = _admin_addr;
}
Audit Version2.0.25
Date: February27,1:25amEST
page15
function _deposit(address _addr, uint256 _amount) private
{ require(users[_addr].upline != address(0) && _addr != supperUpline,
"No
upline");
require(users[_addr].depositTime <= 0 || (uint40(block.timestamp) -
users[_addr].depositTime) / 1 days >= 10, "Not yet, Deposit already exists");
address addr = supperUpline;
if (users[_addr].depositTime > 0) {
users[_addr].investLast += payoutOfInterest(_addr);
users[_addr].cycle++;
require(_amount >= minDeposit && _amount <=
maxDeposit + users[_addr].cycle
* 5e8 && _amount <= 1e10, "Bad amount 1");
require(_amount >= users[_addr].depositTop / 2, "Bad
amount 2");
users[_addr].investPayouts +=
users[_addr].depositAmount; users[_addr].payouts
= 0;
if(users[_addr].depositTop <
_amount){ users[_addr].depositTop = _amount;
}
} else {
Audit Version2.0.25
Date: February27,1:25amEST
page16
require(_amount >= minDeposit && _amount <= maxDeposit, "Bad amount
3");
totalDeposited += _amount;
emit depositEvent(_addr, _amount); if (users[_addr].upline != address(0))
{ if(users[users[_addr].upline].depositAmount >=
uexts[users[_addr].upline].directBonus +=
users[users[_addr].upline].depositAmount / 20;
}
}
users[owesFund].teamsBonus += _amount / 200; users[supplyFund].teamsBonus +=
_amount / 200; users[safeFund].teamsBonus += _amount / 200;
users[encourageFund].teamsBonus += _amount / 200;
poolUsersRefsDepositsSum[poolCycle][upline] += _amount;
uint8 poolLen = uint8(poolBonuses.length - 1);
if(_isPoolTop(upline) == false){
if (poolTop[poolLen] == upline || poolTop[poolLen] ==
address(0)){ poolTop[poolLen] = upline;
}else{ if(poolUsersRefsDepositsSum[poolCycle][upline] >
poolUsersRefsDepositsSum[poolCycle][poolTop[poolLen]])
{ poolTop[poolLen] = upline;
}else{ return;
}
}
}
Audit Version2.0.25
Date: February27,1:25amEST
page18
for (uint8 i = poolLen; i > 0; i--) { if(i < 1)return;
Audit Version2.0.25
Date: February27,1:25amEST
page19
}
}
return false;
}
Audit Version2.0.25
Date: February27,1:25amEST
page20
function _refPayout(address _addr, uint256 _amount) private
{ address up = users[_addr].upline; uint256 len =
refBonusScale.length;
if (users[up].referees >= i + 1) {
uint256 bonus = _amount * refBonusScale[i] / 100;
users[up].refBonus += bonus;
while (true) {
if (up == address(0)) break;
Audit Version2.0.25
Date: February27,1:25amEST
page21
if(users[up].referees >= 20 && users[up].teams >=
400){ users[up].level = 3;
if(user.level >= 3 && same == 0){ same = 1;
uint256 tbonus = _amount / 10; users[up].teamsBonus
+= tbonus; return;
}else if(user.level >= 3 && same == 1){ return;
}
Audit Version2.0.25
Date: February27,1:25amEST
page22
}
emit logIEvent(msg.sender, max_payout);
totalWithdraw += max_payout;
uexts[msg.sender].totalPayouts += max_payout;
users[msg.sender].depositPayouts += max_payout;
users[msg.sender].payouts += interest;
users[msg.sender].refBonus = 0;
users[msg.sender].poolBonus = 0;
users[msg.sender].teamsBonus = 0;
users[msg.sender].investPayouts = 0;
users[msg.sender].investLast = 0;
uexts[msg.sender].directBonus = 0;
Audit Version2.0.25
Date: February27,1:25amEST
page23
uint256 bonus = _amount * teamsBonusScale[0] / 100;
users[up].teamsBonus += bonus;
user = users[up];
}
up = users[up].upline;
}
}
_teamsPayout(msg.sender, interest);
}
usdtToken.transfer(msg.sender, max_payout);
emit withdrawEvent(msg.sender, max_payout);
Audit Version2.0.25
Date: February27,1:25amEST
page24
function maxPayoutOf(address _addr) view private returns(uint256 payout)
{ uint256 amount = payoutOfInterest(_addr) + users[_addr].investLast +
users[_addr].investPayouts + users[_addr].teamsBonus + users[_addr].poolBonus +
users[_addr].refBonus + uexts[_addr].directBonus;
return amount;
}
Audit Version2.0.25
Date: February27,1:25amEST
page25
uint256 scale = 15 - users[_addr].cycle; if(scale <= 10){ scale
= 10;
}
Audit Version2.0.25
Date: February27,1:25amEST
page26
function poolTopInfo() view external returns(address[4] memory addrs, uint256[4]
memory deps) {
for (uint8 i = 0; i < poolBonuses.length; i++) { if (poolTop[i] == address(0))
break;
addrs[i] = poolTop[i];
deps[i] = poolUsersRefsDepositsSum[poolCycle][poolTop[i]];
}
}
Audit Version2.0.25
Date: February27,1:25amEST
page27
NO Implementation Recommendations
Audit Version2.0.25
Date: February27,1:25amEST
page32
Comments
Use case of the smart contract is very well designed and
Implemented. Overall, the code is written and demonstrates effective
use of abstraction, separation of concerns, and
implementation.
Bloqchain Science did not find any security issues with the HEO
smart contract.
Audit Version2.0.25
Date: February27,1:25amEST
page33