Audit name:
[SCA] GEMx AG | GEMx Token | Mar2025
Date:
Apr 8, 2025
Table of Content
Introduction
We express our gratitude to the GEMx team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
EmGEMx is a blockchain solution, transforming physical emeralds into digitally-tradable assets through an innovative Proof-of-Reserve system with dynamic ESU valuation. The multi-chain ERC-20 token bridges traditional gemstone investments with DeFi opportunities, offering unprecedented liquidity and transparent redemption for the underlying emerald assets.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for GEMx |
| Audited By | Farrukh Odinaev |
| Approved By | Oleksii Haponiuk |
| Website | https://www.gemx.ag→ |
| Changelog | 31/01/2025 - Preliminary Report |
| 08/04/2025 - Final Report | |
| Platform | Avalanche C-Chain |
| Language | Solidity |
| Tags | Fungible Token; Permit Token; Centralization; Upgradable |
| Methodology | https://hackenio.cc/sc_methodology→ |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for GEMx
- Audited By
- Farrukh Odinaev
- Approved By
- Oleksii Haponiuk
- Website
- https://www.gemx.ag→
- Changelog
- 31/01/2025 - Preliminary Report
- 08/04/2025 - Final Report
- Platform
- Avalanche C-Chain
- Language
- Solidity
- Tags
- Fungible Token; Permit Token; Centralization; Upgradable
- Methodology
- https://hackenio.cc/sc_methodology→
Review Scope | |
|---|---|
| Repository | https://github.com/EmGEMx/gemx-token→ |
| Commit | 2b27ff31ee0f185ab83d67e2d5dd1bbf129c187a |
| Retest Commit | 71d0797c3a5a1967150a0729d5d92c84a9d9af17 |
Review Scope
- Repository
- https://github.com/EmGEMx/gemx-token→
- Commit
- 2b27ff31ee0f185ab83d67e2d5dd1bbf129c187a
- Retest Commit
- 71d0797c3a5a1967150a0729d5d92c84a9d9af17
Audit Summary
The system users should acknowledge all the risks summed up in the risks section of the report
Documentation quality
Functional requirements are provided.
Technical description is provided.
Code quality
The development environment is configured.
Contracts can be successfully compiled and deployed.
Test coverage
Code coverage of the project is 100%.
System Overview
EmGEMx Token is a sophisticated tokenized emerald platform built on Avalanche, consisting of the following key components:
EmGEMxToken: An upgradeable ERC-20 token representing physical emeralds stored in a secure vault with the following attributes:
Name: EmGEMx Switzerland
Symbol: EmCH
Decimals: 8
Total supply: Variable based on Proof-of-Reserve
Proof-of-Reserve Oracle: A Chainlink oracle integration that verifies and reports the quantity of emeralds in the vault (ESU value), enabling transparent asset backing.
ESU Management System: A dynamic mechanism that calculates the maximum token supply based on the ESU (Emerald Standard Unit) value and the esu_per_token parameter, which decreases by approximately 0.1% monthly.
Cross-Chain Bridge: Implementation leveraging Chainlink's CCIP via Token Manager for seamless token transfers between Avalanche (parent chain) and other supported blockchains (child chains), following a lock-and-release model on the parent chain and a mint-and-burn model on child chains.
Redemption Mechanism: A structured process allowing token holders to exchange tokens for physical emeralds, requiring transfer to a designated redeem address followed by token burning.
Privileged roles
The contract implements a comprehensive role-based access control system:
Admin: The contract owner with privileges to upgrade the contract, modify parameters, and assign or revoke roles.
Minter: Authorized to mint new tokens (constrained by the
ESU/esu_per_tokencalculation) and burn tokens under specific conditions.ESU per Token Modifier: Can update the
esu_per_tokenparameter which directly impacts the maximum token supply.Pauser: Can pause and unpause all token transfers in emergency situations.
Freezer: Can freeze or unfreeze specific token addresses.
Limiter: Has authority to block or unblock users from token operations.
Redeemer: The only role authorized to burn tokens from the designated redeem address as part of the physical emerald redemption process.
Potential Risks
Single Points of Failure and Control: The project is fully or partially centralized, introducing single points of failure and control. This centralization can lead to vulnerabilities in decision-making and operational processes, making the system more susceptible to targeted attacks or manipulation.
Key Management Risk: Compromise of privileged role keys (Admin, Minter) could lead to unauthorized token minting, blocking of users, or manipulation of critical parameters.
Oracle Dependency: Failure or inaccuracy in the Chainlink Oracle could create misalignment between physical emerald inventory and token supply.
Cross-Chain Complexity: Issues with CCIP service might result in temporarily locked tokens across different blockchains, fragmenting liquidity.
Physical Asset Risk: Market fluctuations in emerald prices or security breaches at vault locations could affect the token's underlying value.
Upgrade Governance: Improper contract upgrades might introduce vulnerabilities or unexpected economic changes affecting token holders.
Supply Algorithm: Monthly adjustment of the esu_per_token value could potentially lead to unexpected token supply changes if not carefully calibrated.
Centralized Control of Minting Process: The token contract’s design allows for centralized control over the minting process, posing a risk of unauthorized token issuance, potentially diluting the token value and undermining trust in the project's economic governance.
Arbitrary Oracle Address Setting by Admin: Allowing the admin to set oracle addresses without constraints or verification mechanisms introduces the risk of incorrect or malicious oracle selection, affecting the accuracy of data and potentially leading to financial losses.
Absence of Time-lock Mechanisms for Critical Operations: Without time-locks on critical operations, there is no buffer to review or revert potentially harmful actions, increasing the risk of rapid exploitation and irreversible changes.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2025-9568 | Missing ERC20PermitUpgradeable Initialization Impairs EIP712 Domain Setup | fixed | Medium | |
| F-2025-9558 | Inadequate Oracle Data Validation | fixed | Medium | |
| F-2025-9557 | Public Exposure of Inherited Burn Functions Enables Unauthorized Token Burns | fixed | Medium | |
| F-2025-9564 | Uninitialized Upgradeable Storage Variables Lead to Division by Zero and Operational Freeze | fixed | Low | |
| F-2025-9565 | Custom Contracts’ Incompatible Storage Pattern Lacks Reserved Gaps | fixed | Observation | |
| F-2025-9563 | Missing _disableInitializers() in Upgradable Contract Constructor | fixed | Observation | |
| F-2025-9562 | Inefficient State Query in Blocklist Function Lacks View Declaration | fixed | Observation | |
| F-2025-9452 | Missing Zero Address Validations | fixed | Observation | |
| F-2025-9451 | Floating pragma | fixed | Observation | |
| F-2025-9567 | Redundant Inheritance of OwnableUpgradeable | mitigated | Observation |
Appendix 1. Definitions
Severities
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.
Potential Risks
The "Potential Risks" section identifies issues that are not direct security vulnerabilities but could still affect the project’s performance, reliability, or user trust. These risks arise from design choices, architectural decisions, or operational practices that, while not immediately exploitable, may lead to problems under certain conditions. Additionally, potential risks can impact the quality of the audit itself, as they may involve external factors or components beyond the scope of the audit, leading to incomplete assessments or oversight of key areas. This section aims to provide a broader perspective on factors that could affect the project's long-term security, functionality, and the comprehensiveness of the audit findings.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/EmGEMx/gemx-token→ |
| Commit | 2b27ff31ee0f185ab83d67e2d5dd1bbf129c187a |
| Retest Commit | 71d0797c3a5a1967150a0729d5d92c84a9d9af17 |
| Whitepaper | N/A |
| Requirements | README.md of the repository |
| Technical Requirements | N/a |
Scope Details
- Repository
- https://github.com/EmGEMx/gemx-token→
- Commit
- 2b27ff31ee0f185ab83d67e2d5dd1bbf129c187a
- Retest Commit
- 71d0797c3a5a1967150a0729d5d92c84a9d9af17
- Whitepaper
- N/A
- Requirements
- README.md of the repository
- Technical Requirements
- N/a