BlockSquare

We express our gratitude to the BlockSquare team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Blocksquare is a comprehensive real estate tokenization platform designed to cater to a diverse range of businesses, from those with extensive international real estate portfolios to boutique investment clubs focusing on local investment models.

The system users should acknowledge all the risks summed up in the risks section of the report

The Blocksquare Marketplace Pool System represents a sophisticated smart contract framework, aimed at streamlining investment and reward distribution processes in real estate projects. This system is uniquely structured to balance the interests of Certified Partners (CPs) and investors, promoting transparent and secure financial interactions.

Files in the scope:

• MarketplacePoolProxyFactory.sol - functions as the core factory for creating individual Marketplace Pool Proxies. It maintains critical configurations such as logic contract addresses, BST staking contracts, and governance wallets. Key functionalities include:

• • Marketplace Pool Creation: Generates new Marketplace Pool Proxies, each linked to a specific Certified Partner (CP).

  • Configuration Management: Allows for updating key components like implementation logic, BST staking contracts, and governance wallets.

• MarketplacePoolProxy.sol - Serves as a Transparent Upgradeable Proxy for each Marketplace Pool. It leverages the ERC1967Proxy pattern.

• MarketplacePool.sol - the primary contract where investment and reward mechanisms are actualized. It is upgradeable, owned, and reentrancy-guarded, incorporating ERC20 functionalities for internal accounting:

• • CP and Investor Interaction: Facilitates CPs to initialize pools with collateral and set lock periods, while allowing investors to contribute during designated campaign periods.

  • Investment Campaign Management: Manages the campaign's start time, duration, and maximum pledges, dynamically adjusting investment caps.

  • Reward Distribution: Implements a mechanism for distributing rewards based on individual stakes and total pool balance.

  • Collateral and Lock Management: Provides functions for CP collateral withdrawal, liquidation, and lock period extensions, governed by ownership privileges.

Privileged roles

• MarketplacePoolProxyFactory.sol:

• • Owner :

  • • Manages the creation of new pools, updates implementation logic, and configures key contracts like BST staking and governance wallet.

• MarketplacePool.sol:

• • Owner:

  • • Holds the power to allow CP collateral withdrawal, extend lock periods, and liquidate CP collateral under defined conditions.

The total Documentation Quality score is 10 out of 10.

• Functional requirements have some gaps:

• • Project overview is detailed.

  • Roles and permissions are described.

  • Use cases are described.

  • For each contract all futures are described.

• Technical description is robust:

• • Run instructions are provided.

  • Technical specification is provided.

  • NatSpec is sufficient.

The total Code Quality score is 10 out of 10.

• The development environment is configured.

Code coverage of the project is 85.6% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Negative cases coverage is partially missed.

• Interactions by several users are not tested thoroughly.

Upon auditing, the code was found to contain 1 critical, 0 high, 2 medium, and 4 low severity issues. All issues were fixed in the remediation part of this audit, leading to a security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 9.5. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository:

Contracts in Scope