Q1 2025 Web3 Security ReportAccess control failures led to $1.63 billion in losses
Discover report insights
  • Hacken
  • Audits
  • goldbrick
  • [SCA] GBCK Token / ERC20 / Nov2024

GoldBrick

Audit name:

[SCA] GBCK Token / ERC20 / Nov2024

Date:

Nov 8, 2024

Table of Content

Introduction
Audit Summary
System Overview
Potential Risks
Findings
Appendix 1. Definitions
Appendix 2. Scope
Disclaimer

Want a comprehensive audit report like this?

Introduction

We express our gratitude to the GoldBrick team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

The State1 Ecosystem empowers users to accumulate and utilize its native currency, GoldBrick, as a payment method for purchasing products and services, providing access to exclusive discounts, benefits, and rewards within the ecosystem.

Document

NameSmart Contract Code Review and Security Analysis Report for GoldBrick
Audited ByAtaberk Yavuzer
Approved ByGrzegorz Trawinski
Websitehttps://goldbrick.io/
Changelog07/11/2024 - Preliminary Report
08/11/2024 - Final Report
PlatformBSC
Token Address0xdf5c227aB75D309D46fB9Df0F7Fa043e4534d2aB
LanguageSolidity
TagsERC-20
Methodologyhttps://hackenio.cc/sc_methodology

  • Document

    Name
    Smart Contract Code Review and Security Analysis Report for GoldBrick
    Audited By
    Ataberk Yavuzer
    Approved By
    Grzegorz Trawinski
    Website
    https://goldbrick.io/
    Changelog
    07/11/2024 - Preliminary Report
    08/11/2024 - Final Report
    Platform
    BSC
    Token Address
    0xdf5c227aB75D309D46fB9Df0F7Fa043e4534d2aB
    Language
    Solidity
    Tags
    ERC-20
    Methodology
    https://hackenio.cc/sc_methodology

Review Scope

Repositoryhttps://github.com/State1Dev/gbck-smart-contracts
Commiteb3805

Audit Summary

7Total Findings
6Resolved
1Accepted
0Mitigated

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

  • Tokenomics documentation is present.

  • System-wide whitepaper documentation is present.

  • Technical requirements were not provided.

Code quality

  • Instance of Unused Import was found.

  • The code is missing some gas optimization examples.

Test coverage

Code coverage of the project is 0%.

  • No test cases were presented.

System Overview

GBCKToken.sol  — simple ERC-20 token that mints all initial supply to a deployer. It has blacklisting functionality to prevent users against fraud and incidents. Additional minting is not allowed.

It has the following attributes:

  • Name: GoldBrick

  • Symbol: GBCK

  • Decimals: 18

  • Total supply: 150M tokens

Privileged roles

  • The owner of the GoldBrick Token:

    • Can add users to the blacklist or remove them from blacklist.

    • Holds the total supply when the protocol mints GBCK for the first time.

    • Can modify owner address.

Potential Risks

Centralized Minting to a Single Address: The project concentrates minting tokens in a single address, raising the risk of fund mismanagement or theft, especially if key storage security is compromised.

Single Points of Failure and Control: The project is fully or partially centralized, introducing single points of failure and control. This centralization can lead to vulnerabilities in decision-making and operational processes, making the system more susceptible to targeted attacks or manipulation.

Findings

Code
Title
Status
Severity
F-2024-7019Unnecessary Declaration of cap() Function
fixed

Observation
F-2024-7013Redundant Import
fixed

Observation
F-2024-7012Use Custom Errors For Gas Efficiency
accepted

Observation
F-2024-7010State Variables Only Set In The Constructor Should Be Declared immutable
fixed

Observation
F-2024-7009Floating Pragma
fixed

Observation
F-2024-7008Lack of Two-Step Ownership Pattern
fixed

Observation
F-2024-7007Owner Can Renounce Ownership
fixed

Observation
1-7 of 7 findings

Identify vulnerabilities in your smart contracts.

Appendix 1. Definitions

Severities

When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.

Reference on how risk scoring is done is available through the repository in our Github organization:

Severity

Description

Critical
Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.

High
High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.

Medium
Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.

Low
Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.

  • Severity

    Critical

    Description

    Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.

    Severity

    High

    Description

    High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.

    Severity

    Medium

    Description

    Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.

    Severity

    Low

    Description

    Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.

Potential Risks

The "Potential Risks" section identifies issues that are not direct security vulnerabilities but could still affect the project’s performance, reliability, or user trust. These risks arise from design choices, architectural decisions, or operational practices that, while not immediately exploitable, may lead to problems under certain conditions. Additionally, potential risks can impact the quality of the audit itself, as they may involve external factors or components beyond the scope of the audit, leading to incomplete assessments or oversight of key areas. This section aims to provide a broader perspective on factors that could affect the project's long-term security, functionality, and the comprehensiveness of the audit findings.

Appendix 2. Scope

The scope of the project includes the following smart contracts from the provided repository:

Scope Details

Repositoryhttps://github.com/State1Dev/gbck-smart-contracts
Commiteb38054984c07ac4cdb1ade8764d10e71b26f56d
WhitepaperState1 - Whitepaper
RequirementsN/A
Technical RequirementsN/A

Assets in Scope

GBCKToken.sol - GBCKToken.sol

Disclaimer