RYT

We express our gratitude to the RYT team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

RYT is a Layer-1 blockchain, built on its patented Proof of Majority (PoM) consensus mechanism, designed to address the core limitations that have held back blockchain from mainstream adoption: speed, scalability, accessibility, decentralization, and energy efficiency.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are not complete:

• • The project’s purpose is  described.

  • Business logic is provided.

  • Use cases are partially provided: pausing flows are not described.

  • Project’s features are described.

• Technical description is sufficient:

• • Key function descriptions are provided for the files in the scope.

  • Architectural overview is missing.

  • Roles and authorization are mentioned.

  • Information on used technologies provided.

Code quality

• The code partially follows best practices and Solidity Style Guide.

• • See informational findings for more details.

• The development environment is configured.

Test coverage

Code coverage of the Komiti project is 96.27% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Negative cases coverage is partially missed.

• Interactions by several users are tested thoroughly.

Code coverage of the RYTStablecoin project is 22.41 % (branch coverage).

• Deployment and basic user interactions are not covered with tests.

• Negative cases coverage is missed.

• Interactions by several users are not tested thoroughly.

Komiti - is a decentralized group savings and contribution contract that allows users to form groups with predetermined rules for contributions and payouts. The contract supports both randomized and sequential payout mechanisms, as well as joint contributor arrangements.

RYTStablecoin \- an ERC20-based stablecoin with role-based access control, blocklisting, pausing, and rescue functionality.

Privileged roles

• The DEFAULT_ADMIN_ROLE role of the Komiti contract can assign new roles via grantRole() and revoke via revokeRole() functions.

• The ADMIN_ROLE role can:

• • create new groups via createGroup().

  • update the existing group via updateKomiti().

  • start the payout process of the group via startKomiti().

  • start the distribution of funds via distributeFunds().

  • pause/unpause the contract via triggerJointContribution().

• The USER_ROLE role can:

• • join a group via joinGroup().

  • join a group without a joint contributor via joinGroupWithJointContributor().

  • accept the invite for the joint contributor via acceptInviteForJointContributor().

  • return the funds via returnFunds().

  • contribute to the group via contribute().

  • contribute to the group as a joint member via contributeAsJointMember().

• The MANAGER_ROLE role can:

• • assign/revoke USER_ROLE roles via assignUserRoles() and revokeUserRoles().

  • assign/revoke ORGANIZER_ROLE roles via assignOrganizerRoles() and revokeOrganizerRoles().

• The ORGANIZER_ROLE role can create new groups via createGroup().

• The DEFAULT_ADMIN_ROLE role of the RYTStablecoin contract can assign new roles via grantRole() and revoke via revokeRole() functions.

• The MINTER_ROLE role can mint new RYTStablecoin tokens via the mint() function.

• The PAUSER_ROLE role can pause/unpause the token functionality via pause/unpause() functions.

• The BLOCKLISTER_ROLE role can add/remove from the blacklist via addToBlocklist()/removeFromBlocklist() functions.

• The RESCUER_ROLE role can rescue the stuck tokens from the token contract via rescueTokens() function.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope