Tokenize.it

We express our gratitude to the Tokenize.it team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

tokenize.it is a tokenized cap-table protocol where a compliance-gated ERC20 token (via AllowList) can be minted with configurable platform fees (via FeeSettings) and traded peer‑to‑peer on a secondary market through a reusable TokenSwap contract.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are well explained.

• The technical description is well provided.

• System invariants are described.

Code quality

• The contracts heavily rely on OZ upgradeable modules, and follow a consistent “clone/initializer + _disableInitializers() logic contract” template across files.

• Most critical state changes emit events, but several changes aren’t fully “audit-friendly” (no old-value fields; manager add/remove has no events).

Test coverage

Code coverage of the project is 96.56%.

• Deployment and basic user interactions are covered with tests.

• Randomized fuzzing tests are covered with tests.

• System invariants were tested.

tokenize.it is a tokenized cap-table trading module with the following contracts:

• AllowList — owner-managed registry mapping addresses to a 256-bit attribute bitmask (incl. a reserved TRUSTED_CURRENCY bit). Other contracts read this to decide whether an address/currency is permitted.

• FeeSettings — owner-managed fee configuration contract implementing IFeeSettingsV2 (and IFeeSettingsV1 for compatibility). Stores default fees + optional per-token discounts and per-token fee-collector overrides. Enforces max fee caps and a 12-week delay for fee increases.

• Token — upgradeable ERC20 (ERC20Permit, ERC20Snapshot) with pause + role-based controls and allowlist-gated transfers. Minting is restricted via mintingAllowance or MINTALLOWER_ROLE; a token fee is minted to the token fee collector per FeeSettings.

• TokenSwap — reusable standing order contract for peer-to-peer secondary swaps of already-issued Token against a fixed ERC20 currency at a fixed price, charging the crowdinvesting fee from FeeSettings. Supports both “sell order” (holder provides tokens) and “buy order” (holder provides currency).

Privileged roles

• AllowList owner

• • Can arbitrarily add/remove/modify any address’s attributes, including marking currencies as trusted.

  • Effectively controls who can transact (subject to how Token consumes allowList).

• FeeSettings owner

• • Can change default fee rates and default fee collectors.

  • Can appoint/remove managers.

  • Can propose fee increases only with ≥12-week delay; decreases can be immediate.

• FeeSettings managers

• • Can set/remove per-token fee discounts and per-token fee collectors (high leverage over fee routing).

• Token DEFAULT_ADMIN_ROLE

• • Can grant/revoke all roles and authorize upgrades (UUPS).

  • Can change AllowList reference.

  • Can accept a suggested FeeSettings contract.

• Token REQUIREMENT_ROLE / PAUSER_ROLE / BURNER_ROLE / TRANSFERERADMIN_ROLE

• • REQUIREMENT_ROLE: can set the requirements bitmask for gating transfers.

  • PAUSER_ROLE: can pause/unpause transfers/mints/burns.

  • BURNER_ROLE: can burn tokens from any address.

  • TRANSFERERADMIN_ROLE: can grant TRANSFERER_ROLE (bypasses allowlist requirements).

• TokenSwap owner

• • Can pause/unpause trading.

  • Can change holder, receiver, and tokenPrice (per current implementation), which is a high trust/centralization risk for live orders.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope