The Moonpot

We express our gratitude to the The Moonpot team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

The Moonpot is a multi-round token sale platform deployed on Base that mints TMP (ERC-20) and TMPNFT (ERC-721A) in exchange for USDC, assigns each NFT a deterministic redemption value via Chainlink VRF-seeded permutation, and seeds a Uniswap v4 TMP/USDC pool with a custom hook enforcing price-floor defense and dynamic anti-dump taxation.

Audit Summary

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

• A README.md and a dedicated SCOPE.md handoff document are provided and cover the overall system architecture, lifecycle, trust model, privileged actors, known limitations, and deployment instructions. All eleven contracts under review are listed in the primary audit scope with one-line purpose descriptions.

• NatSpec documentation is minimal and limited to contract-level @title and @notice tags. Individual function-level specifications are not provided.

Code quality

• The codebase is clean and follows a consistent structure across all contracts. The implementation follows the Uniswap v4 documentation and conventions for hook integration.

• The development environment is configured

Test coverage

Code coverage of the project is 60.83% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Negative cases coverage is partial.

• Interactions by several users are not tested thoroughly.

The system is orchestrated by MoonpotManager, which controls up to 28 sequential sale rounds. Each round has a fixed token price, token supply, NFT count, and a reward pool funded by the community share portion of each purchase. When a user calls buyFor, USDC is split three ways: a community share deposited into the round's reward pool, a company share transferred immediately, and a liquidity share queued for periodic injection into the Uniswap v4 pool. The buyer receives TMP tokens, and a Chainlink VRF v2.5 request is issued to seed a Bernoulli-trial NFT allocation performed in processBuy. Once the round sells out and receives its VRF seed, NFT holders may call claimNFT or claimNFTs to redeem USDC; the value is computed deterministically via a TEA-based format-preserving permutation over the round's reward table.

MoonpotHook is a Uniswap v4 hook attached to the TMP/USDC pool. It enforces a price floor by intercepting TMP→USDC swaps: any sell volume that would push the price below the current round's floor tick is burned rather than swapped. A dynamic tax ramps from a base rate (0.3%) at high prices to a maximum (50%) at or below the floor, discouraging aggressive dumps. The hook also manages liquidity injection (triggered by the manager every 2.5% of a round's supply sold) and fee harvesting (owner-only), sending USDC fees to the company and burning collected TMP.

Token contracts follow standard patterns: MoonpotToken implements ERC-20 with Ownable2Step and manager-only minting; MoonpotNFT implements ERC-721A with ERC721AQueryable, storing the round ID in ERC-721A extraData for efficient lookup at claim time. Round logic is abstracted in AbstractMoonpotRound, which holds immutable price/supply/share parameters, tracks lifecycle state, and exposes the valueOf function that combines permutation and reward-table lookup; concrete rounds (MoonpotRound1–MoonpotRound5) provide round-specific constants and 16-tier reward tables scaling linearly with pool size.

MoonpotManager.sol — Central orchestrator contract. Manages the round lifecycle via start and setRound, handles purchases via buyFor, dispatches VRF callbacks for purchase and round seeds, performs Bernoulli-trial NFT allocation in processBuy, processes NFT claims, and triggers periodic liquidity injection into the Uniswap v4 pool.

MoonpotHook.sol — Uniswap v4 hook implementing beforeInitialize and beforeSwap. Enforces a price-floor defense by burning excess TMP on sells that would breach the floor, applies a dynamic anti-dump tax ramping with distance from the floor, and provides injectLiquidity and harvestFees for liquidity management.

MoonpotToken.sol — ERC-20 token (TMP) with Ownable2Step. Exposes mint restricted to the one-time-set manager and burn callable by any holder.

MoonpotNFT.sol — ERC-721A token (TMPNFT) with ERC721AQueryable and Ownable2Step. Provides mintTo (manager-only) that stamps the round ID into extraData, and getRound to retrieve it for claim-time reward lookup.

AbstractMoonpotRound.sol — Abstract base for round contracts. Holds immutable pricing and supply parameters, tracks sales and NFT minting state, manages the reward pool, and implements valueOf by delegating permutation and reward-table lookup to subclass overrides.

MoonpotRound1.sol — Concrete round 1 configuration: $1.15 price, 1,000,000 tokens, 99,991 NFTs, $1,000,000 reward pool. Defines a 16-tier reward table and uses TEAPermuter.permute17 for deterministic value assignment.

MoonpotRound2.sol — Concrete round 2 configuration: $1.15 price, 2,000,000 tokens, 99,991 NFTs, $2,000,000 reward pool. Reward tiers scale 2× relative to round 1.

MoonpotRound3.sol — Concrete round 3 configuration: $1.15 price, 3,000,000 tokens, 99,991 NFTs, $3,000,000 reward pool. Reward tiers scale 3× relative to round 1.

MoonpotRound4.sol — Concrete round 4 configuration: $1.15 price, 4,000,000 tokens, 99,991 NFTs, $4,000,000 reward pool. Reward tiers scale 4× relative to round 1.

MoonpotRound5.sol — Concrete round 5 configuration: $1.15 price, 5,000,000 tokens, 99,991 NFTs, $5,000,000 reward pool. Reward tiers scale 5× relative to round 1.

lib/TEAPermuter.sol — Library providing format-preserving permutations via a TEA-style Feistel cipher with cycle-walking. Offers permute9, permute10, permute14, permute17, and permute20 for domains up to ~1M states, enabling deterministic, verifiable NFT-to-reward mapping without per-token storage.

Privileged roles

MoonpotManager.sol

• owner (inherited from VRFConsumerBaseV2Plus): Controls system initialization, round management, and administrative configuration.

• • Can call init to initialize the Uniswap v4 pool with initial liquidity and set up the protocol.

  • Can call start to start the first round or advance to subsequent rounds.

  • Can call setRound to register a round contract at a specified round ID.

  • Can call retryRoundReveal to retry a failed VRF request for round seed reveal.

  • Can call setVRFParams to update the Chainlink VRF key hash, subscription ID, and callback gas limit.

  • Can call setCompany to change the company address that receives protocol fees.

  • Can call reDrawPurchase to immediately re-request VRF for a purchase (bypasses the 24-hour timeout required for non-owners).

MoonpotHook.sol

• owner (inherited from Ownable): Controls fee harvesting, manager assignment, and defense mechanism parameters.

• • Can call harvestFees to collect accumulated LP fees (USDC transferred to the company, TMP burned).

  • Can call setManager to set the manager's address (one-time, non-reversible).

  • Can call setDefenseParams to configure the base defense tax, max defense tax, and tax ramp tick parameters.

• manager: Controls liquidity injection and pool position parameters. Expected to be the MoonpotManager contract.

• • Can call injectLiquidity to add USDC liquidity to the Uniswap v4 position.

  • Can call setPositionId to configure the LP position ID, tick bounds, and initial liquidity.

  • Can call setCurrentFloorTick to update the floor tick and corresponding floor tick bounds.

MoonpotToken.sol

• owner (inherited from Ownable2Step): Controls manager assignment with two-step ownership transfer capability.

• • Can call setManager to set the manager's address (one-time, non-reversible).

  • Can call transferOwnership to initiate ownership transfer (inherited from Ownable2Step).

  • Can call renounceOwnership to permanently renounce ownership (inherited from Ownable2Step).

• manager: Controls token minting. Expected to be the MoonpotManager contract.

• • Can call mint to mint TMP tokens to any address.

MoonpotNFT.sol

• owner (inherited from Ownable2Step): Controls manager assignment, metadata configuration, and ownership with two-step transfer capability.

• • Can call setManager to set the manager's address (one-time, non-reversible).

  • Can call setBaseURI to update the base URI for NFT metadata.

  • Can call freezeBaseURI to permanently freeze the base URI, preventing future changes.

  • Can call transferOwnership to initiate ownership transfer (inherited from Ownable2Step).

  • Can call renounceOwnership to permanently renounce ownership (inherited from Ownable2Step).

• manager: Controls NFT minting. Expected to be the MoonpotManager contract.

• • Can call mintTo to mint NFTs to any address with a specified quantity and round ID.

AbstractMoonpotRound.sol (inherited by MoonpotRound1–MoonpotRound5)

• manager (set immutably at deployment): Controls all round lifecycle and reward distribution. Expected to be the MoonpotManager contract.

• • Can call start to set the round start time.

  • Can call end to set the round end time.

  • Can call notifyPurchase to record token purchases and update tokensSold.

  • Can call notifyScanned to record scanned tokens and update scannedCount.

  • Can call notifyNFTMinted to record minted NFTs and update nftsMinted.

  • Can call setSeedRequestId to set the VRF request ID for round reveal.

  • Can call setSeed to set the random seed for NFT class determination.

  • Can call depositFunds to add USDC to the reward pool.

  • Can call releaseReward to transfer USDC rewards to recipients from the reward pool.

TEAPermuter.sol

• No privileged roles. This is a stateless library providing format-preserving permutation functions.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope