NEBA Token

We express our gratitude to the NEBA Token team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

NEBA Token is a secure, upgradeable ERC-20 token implementation designed to combine regulatory readiness with strong operational controls. It integrates role-based access management, pausable transfers, and UUPS upgradeability, ensuring a controlled token environment with built-in mechanisms for emergency halts and governance-driven upgrades.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are evident from the spec: fixed 1B supply at init, role-gated pausing/unpausing, and UUPS-based upgrading.

• The in-code comments provide a sufficient technical overview of access control, pause flow, and upgrade authorization.

Code quality

• Implements Solidity best practices with OpenZeppelin upgradeable libraries (ERC20, Pausable, AccessControl, UUPS), custom errors, and explicit events.

• Upgradeable deployment is correctly structured (initializer pattern, disabled constructor, storage gap, proxy-safe overrides), indicating a properly configured development approach.

Test coverage

Code coverage of the project is 100% (branch coverage).

• All core functionalities such as deployment, pausing, unpausing, role-based access control, upgrades, and transfers are thoroughly tested.

• The development team included integration, unit, fuzz, and invariant tests, validating both normal and edge-case behaviours across multiple roles.

• Invariant tests confirm total supply consistency and prevent balance overflows, while fuzz tests simulate randomized user interactions under varying conditions.

NEBAToken is an upgradeable ERC-20 compliant token designed with enhanced administrative control and safety mechanisms. It features a fixed total supply of 1 billion tokens minted at initialization and allocated to the designated treasury address. The contract implements role-based access control to separate key responsibilities, allowing specific roles to handle pausing, and upgrading while keeping minting closed post-deployment.

It has the following attributes:

• Name: NEBA Token

• Symbol: NEBA

• Decimals: 18

• Total Supply: 1,000,000,000 tokens

Privileged roles

• The DEFAULT_ADMIN_ROLE of the NEBAToken contract holds full administrative privileges, including the ability to grant and revoke any other role within the system. This role effectively governs the token’s access control and overall management.

• The ADMIN_PAUSER_ROLE can pause and unpause the contract, enabling or restoring token transfers during emergency or maintenance situations.

• The BOT_PAUSER_ROLE is limited to pausing the contract and is intended for automated systems or bots to halt token activity in response to predefined triggers or abnormal behavior.

• The UPGRADER_ROLE is authorized to upgrade the contract’s implementation through the UUPS proxy mechanism, granting the ability to deploy new logic versions while retaining the existing contract state.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope