Q1 2025 Web3 Security ReportAccess control failures led to $1.63 billion in losses
Discover report insights
  • Hacken
  • Audits
  • astra-nova
  • [SCA] Astra Nova | Rvv-Token | Feb2025

Astra Nova

Audit name:

[SCA] Astra Nova | Rvv-Token | Feb2025

Date:

Feb 20, 2025

Table of Content

Introduction
Audit Summary
System Overview
Potential Risks
Findings
Appendix 1. Definitions
Appendix 2. Scope
Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the Astra Nova team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

The ReviveToken (RVV) is an ERC20 token deployed by Astra Nova with a fixed total supply of 10 billion tokens, featuring role-based access controls for burning, a structured administrative model, and secure treasury management via a multi-signature wallet. This audit report focuses solely on the core token implementation (ReviveToken.sol), excluding the associated vesting and staking contract functionality.

Document

NameSmart Contract Code Review and Security Analysis Report for Astra Nova
Audited ByFarrukh Odinaev
Approved ByOleksii Haponiuk
Websitehttps://astranova.world
Changelog18/02/2025 - Preliminary Report
20/02/2025 - Final Report
PlatformBase
LanguageSolidity
TagsERC20
Methodologyhttps://hackenio.cc/sc_methodology

  • Document

    Name
    Smart Contract Code Review and Security Analysis Report for Astra Nova
    Audited By
    Farrukh Odinaev
    Approved By
    Oleksii Haponiuk
    Website
    https://astranova.world
    Changelog
    18/02/2025 - Preliminary Report
    20/02/2025 - Final Report
    Platform
    Base
    Language
    Solidity
    Tags
    ERC20
    Methodology
    https://hackenio.cc/sc_methodology

Review Scope

Repositoryhttps://github.com/Astra-Nova/RVV-token-contracts
Commit375179f

Audit Summary

3Total Findings
3Resolved
0Accepted
0Mitigated

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

  • Functional requirements are provided.

  • Technical description is provided.

Code quality

  • The development environment is configured and contract can be deployed

Test coverage

Code coverage of the project is 100% (branch coverage):

  • Tests are not mandatory for project with LoC less than 250.

System Overview

ReviveToken (RVV) is an ERC-20 token with role-based access control, implementing a secure administrative structure and burning mechanism. The token features a predefined total supply that is minted entirely to a treasury wallet at deployment, with distinct roles for administration and token burning functionality.

Key Attributes

  • Name: ReviveToken

  • Symbol: RVV

  • Decimals: 18

  • Total Supply: 10 billion tokens (10,000,000,000 RVV)

Privileged Roles

  • Burner Wallet:

    • Immutable address set at deployment

    • Exclusive permission to burn tokens through burnFromBurnWallet function

    • Can only burn tokens from its own balance

  • Treasury Wallet:

    • Immutable address set at deployment

    • Receives the entire initial token supply (10 billion RVV tokens)

    • Critical for initial token distribution and management

Potential Risks

Centralization Risk: While having a single minter role presents a centralization risk, AstraNova's claim to use Safe multisig for managing the treasury wallet mitigates it.

Findings

Code
Title
Status
Severity
F-2025-8872Unclear naming for burn() function.
fixed

Observation
F-2025-8871Use Custom Errors Instead of Long Revert Strings
fixed

Observation
F-2025-8870Solidity Version 0.8.28 Might Not Work On All Chains
fixed

Observation
1-3 of 3 findings

Identify vulnerabilities in your smart contracts.

Appendix 1. Definitions

Severities

When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.

Reference on how risk scoring is done is available through the repository in our Github organization:

Severity

Description

Critical
Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.

High
High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.

Medium
Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.

Low
Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.

  • Severity

    Critical

    Description

    Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.

    Severity

    High

    Description

    High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.

    Severity

    Medium

    Description

    Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.

    Severity

    Low

    Description

    Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.

Potential Risks

The "Potential Risks" section identifies issues that are not direct security vulnerabilities but could still affect the project’s performance, reliability, or user trust. These risks arise from design choices, architectural decisions, or operational practices that, while not immediately exploitable, may lead to problems under certain conditions. Additionally, potential risks can impact the quality of the audit itself, as they may involve external factors or components beyond the scope of the audit, leading to incomplete assessments or oversight of key areas. This section aims to provide a broader perspective on factors that could affect the project's long-term security, functionality, and the comprehensiveness of the audit findings.

Appendix 2. Scope

The scope of the project includes the following smart contracts from the provided repository:

Scope Details

Repositoryhttps://github.com/Astra-Nova/RVV-token-contracts
Commit375179f54c060f045b825fe3217ce4dfa85bbfc1
WhitepaperN/a
RequirementsReviveToken (RVV) - Technical _ Functional Document.pdf
Technical RequirementsReviveToken (RVV) - Technical _ Functional Document.pdf

  • Scope Details

    Repository
    https://github.com/Astra-Nova/RVV-token-contracts
    Commit
    375179f54c060f045b825fe3217ce4dfa85bbfc1
    Whitepaper
    N/a
    Requirements
    ReviveToken (RVV) - Technical _ Functional Document.pdf
    Technical Requirements
    ReviveToken (RVV) - Technical _ Functional Document.pdf

Assets in Scope

ReviveToken.sol - ReviveToken.sol

Disclaimer