OVERVIEW
Project Summary
DropZone by Komet is a smart contract protocol which helps in sending ETH, ERC20 , ERC712 and ERC1155 tokens in batch. In exchange for the service there is service the user needs to pay the fee.
Audit Summary
A time-boxed independent security assessment of the Komet DropZone contract was done by Zuhaib Mohammed(_@zuhaib44_), JMariadlcs(@devScrooge) and Team DetectBox with a focus on the security aspects of the application's implementation. We performed the security assessment based on the agreed scope, following our approach and methodology. Based on our scope and our performed activities, our security assessment revealed 1 Critical, 3 High severity, 2 Medium severity and 6 Low severity security issues. Additionally, 3 Informational and 1 Gas suggestion was also made which, if resolved appropriately, may improve the quality of the Project’s Smart contract.
Audit Timeline: 1st August’23 - 8th August’23
Code Repository: https://github.com/vedant77/dropzone (opens in a new tab)
Review commit hash:
c71608c1ba1537b2e6249b351e1f3b26caf6d6a6
Audit Methodology
During our security assessments, we uphold a rigorous approach to maintain high-quality standards. Our methodology encompasses thorough functional testing and meticulous manual code reviews. To ensure comprehensive issue coverage, we employ checklists derived from industry best practices and widely recognized concerns, specifically tailored to Solidity smart contract assessment.
Throughout the smart contract audit process, we prioritize the following aspects to uphold excellence:
- Code Quality: We diligently evaluate the overall quality of the code, aiming to identify any potential vulnerabilities or weaknesses.
- Best Practices: Our assessments emphasize adherence to established best practices, ensuring that the smart contract follows industry-accepted guidelines and standards.
- Documentation and Comments: We meticulously review code documentation and comments to ensure they accurately reflect the underlying logic and expected behaviour of the contract.
Auditing smart contracts involves a comprehensive analysis of the code to identify potential vulnerabilities and security risks. To achieve comprehensive coverage, we employ a series of security checklist tables, each addressing specific areas of concern. These include:
- System / Platform
- Access Control
- Storage
- Gas Issues and Efficiency
- Code Issues
- Error Handling and Exception Handling:
- Transaction Handling
- Entrypoint Validation
- Administration and Operator Functions
- Additional Topics and Test Cases
Vulnerability Summary
Severity classification
| Severity | Impact: High | Impact: Medium | Impact: Low |
|---|---|---|---|
| Likehood: High | Critical | High | Medium |
| Likehood: Medium | High | Medium | Low |
| Likehood: Low | Medium | Low | Low |
Findings Summary
| Severity | No of Issue Found |
|---|---|
| Critical | 1 Issue |
| High | 3 Issue |
| Medium | 2 Issue |
| Low | 6 Issue |
| Informational | 3 Issue |
| Gas Optimization | 1 Issue |
Audit Scope
The code under review is composed of multiple smart contracts written in the Solidity language and includes 3580 nLOC- normalized source lines of code (only source-code lines).
| Type File | Lines |
|---|---|
| contracts/KometBundlingUpgradable.sol | 409 |
| contracts/StructHelper.sol | 54 |
Auditors Involved :
Main Auditor -
Zuhaib Mohammed- https://app.detectbox.io/profile/0xzoobi (opens in a new tab)
Detect Warden -
JMariadlcs - https://app.detectbox.io/profile/devScrooge (opens in a new tab)