Q1 2025 Web3 Security ReportAccess control failures led to $1.63 billion in losses
Discover report insights
  • Hacken
  • Audits
  • hom-dao
  • [SCA] Hom DAO / ERC20 / Feb2024
Hom DAO logo

Hom DAO

Audit name:

[SCA] Hom DAO / ERC20 / Feb2024

Date:

Feb 29, 2024

Table of Content

Introduction
Audit Summary
Document Information
System Overview
Executive Summary
Risks
Findings
Appendix 1. Severity Definitions
Appendix 2. Scope
Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the Hom DAO team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Hom DAO Token is an ERC20 tokens with a limited supply.

titlecontent
PlatformEVM
LanguageSolidity
TagsERC-20
Timeline12/02/2024 - 22/02/2024
Methodologyhttps://hackenio.cc/sc_methodology

    Review Scope

    Repository.zip archive (HOM.sol file)
    CommitNone

    • Review Scope

      Repository
      .zip archive (HOM.sol file)
      Commit
      None

    Audit Summary

    Total8.7/10
    Security Score

    10/10

    Test Coverage

    0%

    Code Quality Score

    6/10

    Documentation Quality Score

    5/10

    3Total Findings
    1Resolved
    2Accepted
    0Mitigated

    The system users should acknowledge all the risks summed up in the risks section of the report

    Document Information

    This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.

    The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.

    Document

    NameSmart Contract Code Review and Security Analysis Report for Hom DAO
    Audited ByMaksym Fedorenko, Roman Tiutiun
    Approved ByGrzegorz Trawiński
    Websitehttps://hacken.io
    Changelog16/02/2024 - Preliminary Report; 22/02/2024 - Second Review

    • Document

      Name
      Smart Contract Code Review and Security Analysis Report for Hom DAO
      Audited By
      Maksym Fedorenko, Roman Tiutiun
      Approved By
      Grzegorz Trawiński
      Website
      https://hacken.io
      Changelog
      16/02/2024 - Preliminary Report; 22/02/2024 - Second Review

    System Overview

    HOMToken — is an ERC-20 token that transfers all initial supplies to a deployer of the contract. Additional minting is not allowed.

    The token has the following attributes:

    • Name: HOM Token

    • Symbol: HOM

    • Decimals: 9

    • Total supply: 100m tokens.

    Privileged roles

    • The owner of the HOM contract can arbitrarily transfer the ownership.

    • The contract has no functionality exclusively for the Owner of the contract.

    Executive Summary

    Documentation quality

    The total Documentation Quality score is 5 out of 10.

    • Functional requirements are not provided.

    • Technical description is not provided.

    • NatSpec covers the code, however the exact requirements are missing.

    Code quality

    The total Code Quality score is 6 out of 10.

    • The code duplicates commonly known contracts instead of reusing them.

    • The development environment is not configured.

    • Redundant code blocks have been identified.

    Test coverage

    Code coverage of the project is 0% (branch coverage).

    • Deployment configuration is not provided.

    • Test cases are missed.

    Security score

    Upon auditing, the code was found to contain 0 critical, 0 high, 0 medium, and 0 low severity issues, leading to a security score of 10 out of 10.

    All identified issues are detailed in the “Findings” section of this report.

    Summary

    The comprehensive audit of the customer's smart contract yields an overall score of 8.7. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

    Risks

    The unit tests and the development environment for the code is not provided, the exact deployed contract should be verified brfor being used.

    No documentation or technical requirements were provided.

    Findings

    Code
    Title
    Status
    Severity
    F-2024-0843Outdated Compiler Version
    accepted

    Observation
    F-2024-0837Redundant Ownable functionality
    accepted

    Observation
    F-2024-0836Redundant _burnFrom function
    fixed

    Observation
    1-3 of 3 findings

    Identify vulnerabilities in your smart contracts.

    Appendix 1. Severity Definitions

    When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.

    Reference on how risk scoring is done is available through the repository in our Github organization:

    Severity

    Description

    Critical
    		Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.

    High
    		High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.

    Medium
    		Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.

    Low
    		Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.

    • Severity

      Critical

      Description

      Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.

      Severity

      High

      Description

      High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.

      Severity

      Medium

      Description

      Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.

      Severity

      Low

      Description

      Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.

    Appendix 2. Scope

    The scope of the project includes the following smart contracts from the provided repository:

    Scope Details

    Repository.zip archive
    CommitNone
    WhitepaperNone
    RequirementsNatSpec
    Technical RequirementsNatSpec

    • Scope Details

      Repository
      .zip archive
      Commit
      None
      Whitepaper
      None
      Requirements
      NatSpec
      Technical Requirements
      NatSpec

    Contracts in Scope

    HOM.sol - HOM.sol

    Disclaimer