Zharta

We express our gratitude to the Zharta team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Zharta revolutionizes the NFT landscape by offering instant NFT loans and staking backed by NFTs, ensuring seamless liquidity without the hassle of traditional lending processes, while providing unparalleled security and benefits such as fixed APR.

The system users should acknowledge all the risks summed up in the risks section of the report

Zharta is an NFT renting and staking platform with the following contracts:

RentingERC721V3  — a simple non-fungible token contract that enables the conversion of deposited NFTs into new ERC721 tokens. It facilitates the minting and burning of tokens corresponding to deposited NFTs by the renting contract. Mint and burn functions can only be called by the renting contract address.

RentingV3 — a contract that facilitates the delegation and management of NFT rentals, offering functions to delegate NFTs to wallets, start, extend, and close rentals, and claim rewards. Users can deposit NFTs into vaults, revoke listings, and stake for their NFTs, while also being able to withdraw NFTs only if it is not in an active rental and claim rewards accrued from rentals.

• Once rental context data, such as price and maximum duration, is signed by both the owner and protocol admin, users can rent the NFT. They can do so by providing the required signatures and specifying the rental duration.

• Renters are also permitted to cancel the rental at any time, albeit with the requirement to pay for at least the minimum duration of the rented NFT. This ensures that there is a fair compensation for the time the NFT was intended to be rented, even if the rental is terminated prematurely.

• The rental price, or APR (Annual Percentage Rate), for an NFT is established at the beginning of the rental period and remains fixed throughout the rental duration. This means that renters are aware of the price they will pay upfront and can plan accordingly, without the risk of unexpected price fluctuations during the rental period.

VaultV3 — In the system, for each deposited NFT, a VaultV3 contract is created where the NFT is stored, and staking management for the specific NFT is handled within the Vault contract. This setup ensures that each NFT has its own dedicated storage and staking functionalities, maintaining a clear separation of concerns and facilitating efficient management of assets and associated staking activities.

Privileged roles

• The authorities of the RentingV3 contract"s protocol admin:

• • Claiming the accrued protocol fees

  • Setting the protocol fee

  • Changing the protocol wallet address

  • Pausing/unpausing the contract

  • Changing the admin role

The total Documentation Quality score is 10 out of 10.

• Functional requirements are provided

• Technical description is provided.

The total Code Quality score is 10 out of 10.

• The development environment is configured.

• The code follows best practices.

Code coverage of the project is 99% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Tests are well written and the interactions by several users are tested thoroughly.

Upon auditing, the code was found to contain 0 critical, 0 high, 0 medium, and 1 low severity issues, leading to a security score of 10 out of 10.  Following remediation, all identified issues have been resolved.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 10. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository: