OVERVIEW
Project Summary
Payant is a platform that facilitates seamless invoicing, payment, and fund withdrawal processes for clients and contractor. It employs smart contracts to automate these processes while ensuring security, transparency, and trust through blockchain technology.
Audit Summary
A time-boxed independent security assessment of the Payant Protocol contract was done by Samrat Gupta ( @Sm4rty_ ), Rohan Jha (@rohan16___) and Team DetectBox with a focus on the security aspects of the application's implementation. We performed the security assessment based on the agreed scope, following our approach and methodology. Based on our scope and our performed activities, our security assessment revealed 2 High and 3 Low severity issues. Additionally, 4 Informational suggestion was also made which, if resolved appropriately, may improve the quality of the Project’s Smart contract.
Audit Timeline: 16th August’23 - 24th August’23
Website: https://www.payant.io/ (opens in a new tab)
Vulnerability Summary
Findings Summary
| Severity | Number of Issue |
|---|---|
| High | 2 issue |
| Low | 3 issue |
| Informational | 4 issue |
Audit Scope
The code under review is composed of 922 nLOC in the Solidity language. It also includes 354 nLOC of scripts written in the Rain language.
| File | Total Lines | nSLOC | Complex. Score |
|---|---|---|---|
| contracts/flow/basic/Flow.sol | 76 | 54 | 32 |
| contracts/factory/CloneFactory.sol | 34 | 23 | 16 |
| contracts/flow/erc721/FlowERC721.sol | 294 | 226 | 130 |
| contracts/interpreter/shared/RainterpreterExpressionDeployer.s | 348 | 191 | 100 |
| contracts/interpreter/shared/RainterpreterStore.soI | 58 | 27 | 20 |
| contracts/interpreter/shared/Rainterpreter.sol | 109 | 69 | 36 |
| contracts/interpreter/ops/context/OpContext.sol | 47 | 21 | 5 |
| contracts/interpreter/ops/context/OpContextColumnHash.sol | 53 | 22 | 7 |
| contracts/interpreter/ops/error/OpEnsure.sol | 43 | 27 | 5 |
| contracts/interpreter/ops/evm/OpTimestamp.sol | 29 | 14 | 3 |
| contracts/interpreter/ops/math/logic/OpEqualTo.sol | 38 | 21 | 11 |
| contracts/interpreter/ops/math/Iogic/OpAny.soI | 52 | 35 | 17 |
| contracts/interpreter/ops/math/logic/OpEvery.sol | 51 | 34 | 17 |
| contracts/interpreter/ops/math/logic/OpGreaterThan.sol | 36 | 21 | 11 |
| contracts/interpreter/ops/math/logic/OpLessThan.sol | 36 | 21 | 11 |
| contracts/interpreter/ops/math/logic/OplsZero.sol | 36 | 21 | 9 |
| contracts/interpreter/ops/store/OpSet.sol | 45 | 30 | 7 |
| contracts/interpreter/ops/store/OpGet.sol | 66 | 38 | 13 |
| Total | 1451 | 895 | 450 |
RainScripts :
| File | Total Lines | nSLOC |
|---|---|---|
| addDeliverables.template.rain | 38 | 30 |
| approveDeliverables.template.rain | 40 | 31 |
| cancel.template.rain | 40 | 28 |
| cancelMediation.template.rain | 37 | 27 |
| clientWithdraw.template.rain | 49 | 37 |
| contractorWithdraw.template.rain | 45 | 36 |
| feedbackDeliverables.template.rain | 40 | 32 |
| mediationClientWithdraw.template.rain | 44 | 34 |
| mediationContractorWithdraw.template.rain | 44 | 34 |
| mediationResult.template.rain | 45 | 34 |
| startMediation.template.rain | 40 | 31 |
| Total | 462 | 354 |
Auditors Involved:
Lead Auditor -
Samrat Gupta - https://app.detectbox.io/profile/sm4rty (opens in a new tab) Rohan Jha - https://app.detectbox.io/profile/Rohan16 (opens in a new tab)
Detect Warden
33Audits - https://app.detectbox.io/profile/33audits (opens in a new tab)