The Sweat Foundation Ltd.

We thank The Sweat Foundation Ltd. for allowing us to conduct a Smart Contract Security Assessment. This document outlines our methodology, limitations, and results of the security assessment.

Sweat Economy is a system that allows users to earn $SWEAT tokens by walking. The Sweatco Claim feature is an extension of the Sweat Wallet application, designed to provide users with a secure and controlled environment for their earned $SWEAT tokens.

The system users should acknowledge all the risks summed up in the risks section of the report

The claim feature is an extension of the Sweat Wallet → application and aims to safely store the $SWEAT minted for a given users based on their steps provided by the Sweatcoin Oracle → and converted to $SWEAT as per the token's minting curve →.

Prior to this "claim" feature, $SWEAT accrued from steps was calculated several times per day as determined by the Sweatcoin Oracle and $SWEAT was minted accordingly by the token.sweat → contract and transferred to the given user's wallet address. The goal of the "claim" feature is to given the user more control over their $SWEAT earned from walking. This is accomplished by diverting minted $SWEAT to a new contract where it will accrue until a user claims it.

The contract furthermore caters for edge cases in user behaviour which current places the Sweat economy at risk. E.g. If a user churns and disbands the project then there should be a mechanism to recover $SWEAT that was minted to a user's address but abandoned by the user. Currently this is impossible as Sweat Wallet is a self-custody thereby rendering complete control of funds to the user. Having a contract where minted $SWEAT accrues provides a degree of separation in terms of ownerships rights /control of minted $SWEAT. Sweat Wallet may therefore impose a condition that $SWEAT which is not claimed after a set amount of time may be burned from the claim contract. This will not only create a healthier economy (supply vs demand) but furthermore provide a method for maintaining an efficient contract size.

Privileged roles

• It Oracle role can perform token burns, a full reset of the system, set the burn and claim period, as well as record batches for holding.

The total Documentation Quality score is 9 out of 10.

• Functional requirements are provided.

• Technical description is mostly provided.

• • Lower primitives are documented, but there is lacking documentation of top-level api functions.

The total Code Quality score is 9 out of 10.

• The code is well written and architected.

• The development environment is configured.

Code coverage of the project is 88.79% (line coverage).

• Coverage can be measured for the integration tests using wasmcov →.

Upon auditing, the code was found to contain 0 critical, 0 high, 2 medium, and 0 low severity issues, leading to a security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 9.2. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope