Hacken
Audits
wigl
[SCA] Wigl | ICO-Contracts | Aug2024

Wigl

Audit name:

[SCA] Wigl | ICO-Contracts | Aug2024

Date:

Aug 19, 2024

Table of Content

→Introduction

→Audit Summary

→System Overview

→Risks

→Findings

→Appendix 1. Severity Definitions

→Appendix 2. Scope

→Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the Wigl team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

WIGL is an ERC20 token with built-in vesting functionalities. The contract manages token distribution according to predefined vesting schedules.

Document
Name	Smart Contract Code Review and Security Analysis Report for Wigl
Audited By	Kornel Światłowski
Approved By	Przemyslaw Swiatowiec
Website	https://wigl.fr/→
Changelog	07/08/2024 - Preliminary Report; 19/08/2024 - Final Report
Platform	Ethereum
Language	Solidity
Tags	ERC20, Vesting
Methodology	https://hackenio.cc/sc_methodology→

Document
Name
Smart Contract Code Review and Security Analysis Report for Wigl
Audited By
Kornel Światłowski
Approved By
Przemyslaw Swiatowiec
Website
https://wigl.fr/→
Changelog
07/08/2024 - Preliminary Report; 19/08/2024 - Final Report
Platform
Ethereum
Language
Solidity
Tags
ERC20, Vesting
Methodology
https://hackenio.cc/sc_methodology→

Review Scope
Repository	https://github.com/imadJlwk/ICO_Contract→
Commit	4ddf86ed801a1a05002228bfeddc373db5268ed0

Review Scope
Repository
https://github.com/imadJlwk/ICO_Contract→
Commit
4ddf86ed801a1a05002228bfeddc373db5268ed0

Audit Summary

11Total Findings

10Resolved

1Accepted

0Mitigated

1medium

10observation

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

Functional requirements are detailed.
Technical description is detailed.

Code quality

The code duplicates commonly known contracts instead of reusing them.

Test coverage

Code coverage of the project is 71.88% (branch coverage).

Deployment and basic user interactions are covered with tests.
Negative cases coverage is missed.
Not every function is covered with tests.

System Overview

The WIGL contract is an ERC20 token implementation. A portion of the tokens is distributed during the contract deployment within the constructor() function. The remaining tokens are released according to eight defined vesting schedules, with a vesting period of 30 days. It has the following attributes:

Name: WIGL
Symbol: WIGL
Decimals: 9
Initial supply: 73999969 * 10^9
Max supply: 600000000 * 10^9

Privileged roles

The WIGL contract does not have a privileged role.

Risks

No additional risks were defined.

Findings

Code ―	Title	Status	Severity
F-2024-4728	The mint() Function Edge Case Can Lead to Unreleased Tokens	fixed	Medium
F-2024-4838	Ensure Accurate Vesting Period by Adjusting ThirtyDays Variable	fixed	Observation
F-2024-4823	Improve Readability by Using Constants for Addresses in Constructor	fixed	Observation
F-2024-4813	Readability Improvement For Long Literals	fixed	Observation
F-2024-4812	For Loop Optimization in Mint() Function to Reduce Gas Consumption	fixed	Observation
F-2024-4731	Some Public Functions Should Be Declared as External	fixed	Observation
F-2024-4729	Redundant Storage Reads Increases Gas Cost	fixed	Observation
F-2024-4727	Commented Code Parts	fixed	Observation
F-2024-4726	TODO Comment Left in the Code	fixed	Observation
F-2024-4725	Optimize Gas Usage by Removing Redundant startTime Fields in WIGL	fixed	Observation

1-10 of 11 findings

Identify vulnerabilities in your smart contracts.

Appendix 1. Severity Definitions

When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.

Reference on how risk scoring is done is available through the repository in our Github organization:

hknio/severity-formula →

Severity	Description
Critical	Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
High	High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Medium	Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Low	Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.

Severity
Critical
Description
Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
High
Description
High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
Medium
Description
Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
Low
Description
Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.

Appendix 2. Scope

The scope of the project includes the following smart contracts from the provided repository:

Scope Details
Repository	https://github.com/imadJlwk/ICO_Contract→
Initial Commit	4ddf86ed801a1a05002228bfeddc373db5268ed0
Whitepaper	https://www.wigl.fr/white-paper-fr.pdf→
Requirements	Hackenpointsus.pdf; SHA3-256: d78a39ee93410f2888632f49b42f4b201991c122fee60fc6c96ad4a7efc7c5df
Technical Requirements	SmartContractWIGL_us.pdf; SHA3-256: b07a09731ce52162e8217348996e94957d4b99beffdb2a8eb67256405c6620e2

Scope Details
Repository
https://github.com/imadJlwk/ICO_Contract→
Initial Commit
4ddf86ed801a1a05002228bfeddc373db5268ed0
Whitepaper
https://www.wigl.fr/white-paper-fr.pdf→
Requirements
Hackenpointsus.pdf; SHA3-256: d78a39ee93410f2888632f49b42f4b201991c122fee60fc6c96ad4a7efc7c5df
Technical Requirements
SmartContractWIGL_us.pdf; SHA3-256: b07a09731ce52162e8217348996e94957d4b99beffdb2a8eb67256405c6620e2

Contracts in Scope

contracts

WIGL.sol - contracts › WIGL.sol

Disclaimer

Hacken Disclaimer

Technical Disclaimer

Extractor by Hacken