Astra Nova

We express our gratitude to the Astra Nova team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

REVIVE Token is a ERC20 token with custom burning functionality, transfer controls, and whitelisting for pre-TGE campaign.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are present, but only at a high-level.

• • Basic system description is provided.

  • Tokenomics is provided and roles are described in the documentation.

• Technical description is limited.

• • No run instructions.

  • No technical specification.

  • NatSpec is sufficient.

Code quality

• The development environment is configured.

Test coverage

Code coverage of the project is 94.12% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Missing test run instructions.

REVIVE Token is an upgradeable ERC20 token (symbol: RVV) designed to support a controlled pre-TGE (Token Generation Event) campaign. The contract mints a fixed supply of 10 billion tokens to a multisig treasury wallet upon initialization. The core functionality centers around time-gated transfer restrictions: before a configurable timestamp, only whitelisted addresses can transfer tokens, ensuring controlled distribution during the early campaign phase. After this timestamp expires, transfers become unrestricted for all holders.

Privileged roles

The REVIVE Token contract implements multiple privileged roles with distinct capabilities:

• owner - Inherited from OwnableUpgradeable, with administrative control over:

• • Whitelist Management: Add or remove addresses individually or in batches via addToWhitelist(), removeFromWhitelist(), and batchSetWhitelisted()

  • Transfer Timing Control: Modify the transferAllowedTimestamp through setTransferAllowedTimestamp(), with safeguards preventing extension beyond ETA (original timestamp + 1 day) after the initial period expires

• treasuryWallet - A designated multisig wallet (intended to be 4-of-6 Gnosis Safe):

• • Token Custody: Receives the entire initial supply of 10 billion tokens upon initialization

  • Protected by onlyMultisig Modifier: Though defined, this modifier is not currently utilized by any functions

• burnWallet - A dedicated address authorized for token destruction:

• • Burn Authority: Exclusively authorized to call burnFromBurnWallet() to burn tokens from its own balance

• DEFAULT_ADMIN_ROLE - Standard OpenZeppelin AccessControlUpgradeable role:

• • Granted to Deployer: Assigned to msg.sender during initialization

  • Currently Unused: No contract functions check for this role, suggesting it may be reserved for future upgrades

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope