[SCA] ESCAPE | Escape Token | Jul2025

ESCAPE

Audit name:

[SCA] ESCAPE | Escape Token | Jul2025

Date:

Aug 15, 2025

Table of Content

→Introduction

→Audit Summary

→System Overview

→Findings

→Appendix 1. Definitions

→Appendix 2. Scope

→Appendix 3. Additional Valuables

→Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the ESCAPE team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

ESCAPE - a platform with its own ESCAPE ERC20 token which aims to provide tools for various activities, including digital asset creation, market flow analysis, portfolio management, and community tool deployment.

Document
Name	Smart Contract Code Review and Security Analysis Report for ESCAPE
Audited By	Olesia Bilenka, Viktor Lavrenenko
Approved By	Ataberk Yavuzer
Website	https://escapehub.ai/→
Changelog	28/07/2025 - Preliminary Report
	15/08/2025 - Final Report
Platform	Ethereum
Language	Solidity
Tags	ERC20
Methodology	https://hackenio.cc/sc_methodology→

Document
Name
Smart Contract Code Review and Security Analysis Report for ESCAPE
Audited By
Olesia Bilenka, Viktor Lavrenenko
Approved By
Ataberk Yavuzer
Website
https://escapehub.ai/→
Changelog
28/07/2025 - Preliminary Report
15/08/2025 - Final Report
Platform
Ethereum
Language
Solidity
Tags
ERC20
Methodology
https://hackenio.cc/sc_methodology→

Review Scope
Repository	https://github.com/OmniJunk/escape-token-audit→
Commit	90e9cab
Remediation Commit	2456976

Review Scope
Repository
https://github.com/OmniJunk/escape-token-audit→
Commit
90e9cab
Remediation Commit
2456976

Audit Summary

2Total Findings

2Resolved

0Accepted

0Mitigated

2observation

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

Functional requirements are complete:

The project's purpose is described.
Project's features and use cases are provided.
Business logic is provided.

Technical description is partially provided:

Key functions descriptions are provided for the file in the scope.
Architectural overview is missing.
Roles and authorization are not provided.
Information on used technologies is complete.

Code quality

Best practices are followed.
The development environment is configured.

Test coverage

Code coverage of the project is 100% (branch coverage):

Deployment and basic user interactions are covered with tests.
Negative cases coverage is provided.
Interactions by several users are tested thoroughly.

System Overview

ESCAPE — simple ERC-20 token that mints all supply to the defined addresses. Additional minting is not allowed.

It has the following attributes:

Name: ESCAPE
Symbol: ESC
Decimals: 18
Total supply: 1618033988 * 1e18.
Presale allocation: 647213596 * 1e18;
Staking allocation: 323606798 * 1e18;
Development allocation: 323606798 * 1e18;
Liquidity pool allocation: 161803398 * 1e18;
Growth & marketing allocation: 129442719 * 1e18;
Airdrop allocation: 32360679 * 1e18;

Findings

Code ―	Title	Status	Severity
F-2025-1191	Risk of Ownership Control Loss in Owner-Dependent Contract	fixed	Observation
F-2025-1191	Redundant Pausable Functionality in Token Contract	fixed	Observation

1-2 of 2 findings

Identify vulnerabilities in your smart contracts.

Appendix 1. Definitions

Severities

When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.

Reference on how risk scoring is done is available through the repository in our Github organization:

hknio/severity-formula →

Severity	Description
Critical	Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
High	High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Medium	Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Low	Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.

Severity
Critical
Description
Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
High
Description
High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
Medium
Description
Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
Low
Description
Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.

Potential Risks

The "Potential Risks" section identifies issues that are not direct security vulnerabilities but could still affect the project’s performance, reliability, or user trust. These risks arise from design choices, architectural decisions, or operational practices that, while not immediately exploitable, may lead to problems under certain conditions. Additionally, potential risks can impact the quality of the audit itself, as they may involve external factors or components beyond the scope of the audit, leading to incomplete assessments or oversight of key areas. This section aims to provide a broader perspective on factors that could affect the project's long-term security, functionality, and the comprehensiveness of the audit findings.

Appendix 2. Scope

The scope of the project includes the following smart contracts from the provided repository:

Scope Details
Repository	https://github.com/OmniJunk/escape-token-audit→
Commit	90e9cab8be447022aa88fdcaf6bfe5bba1ccc0db
Remediation Commit	24569761c872f9b61884d56ed27cf7931a6fb99c
Whitepaper	https://escapehub.ai/assets/documents/ESCAPE%20HUB%20Whitepaper.pdf→
Requirements	https://escapehub.ai/assets/documents/ESCAPE%20HUB%20Whitepaper.pdf→
Technical Requirements	NatSpec

Scope Details
Repository
https://github.com/OmniJunk/escape-token-audit→
Commit
90e9cab8be447022aa88fdcaf6bfe5bba1ccc0db
Remediation Commit
24569761c872f9b61884d56ed27cf7931a6fb99c
Whitepaper
https://escapehub.ai/assets/documents/ESCAPE%20HUB%20Whitepaper.pdf→
Requirements
https://escapehub.ai/assets/documents/ESCAPE%20HUB%20Whitepaper.pdf→
Technical Requirements
NatSpec

Assets in Scope

ESCAPE.sol - ESCAPE.sol

Appendix 3. Additional Valuables

Additional Recommendations

The smart contracts in the scope of this audit could benefit from the introduction of automatic emergency actions for critical activities, such as unauthorized operations like ownership changes or proxy upgrades, as well as unexpected fund manipulations, including large withdrawals or minting events. Adding such mechanisms would enable the protocol to react automatically to unusual activity, ensuring that the contract remains secure and functions as intended.

To improve functionality, these emergency actions could be designed to trigger under specific conditions, such as:

Detecting changes to ownership or critical permissions.
Monitoring large or unexpected transactions and minting events.
Pausing operations when irregularities are identified.

These enhancements would provide an added layer of security, making the contract more robust and better equipped to handle unexpected situations while maintaining smooth operations.

Disclaimer

Hacken Disclaimer

Technical Disclaimer

Hacken Extractor