Overview
Project Summary
Kunji Finance aims to empower individual investors with access to active portfolio management backed by transparency, security, and community-led governance. Dedicated to creating a decentralized platform where every investor has control over their investments and access to expert-led risk-managed investment strategies.
Audit Summary
A time-boxed independent security assessment of the Kunji Token Contract was done by devScrooge (@devScrooge) and Team DetectBox, with a focus on the security aspects of the application's implementation.
We performed the security assessment based on the agreed scope, following our approach and methodology. Based on our scope and our performed activities, our security assessment revealed 1 Medium severity issue. Additionally, different informational and gas optimization suggestions were also made which, if resolved appropriately, may improve the quality of the Project’s Smart contract.
Audit Timeline: 3rd July’23 - 5th July’23 Contract Name: MyToken.sol
Audit Methodology
During our security assessments, we uphold a rigorous approach to maintain high-quality standards. Our methodology encompasses thorough functional testing and meticulous manual code reviews. To ensure comprehensive issue coverage, we employ checklists derived from industry best practices and widely recognized concerns, specifically tailored to Solidity smart contract assessment.
Throughout the smart contract audit process, we prioritize the following aspects to uphold excellence:
-
Code Quality: We diligently evaluate the overall quality of the code, aiming to identify any potential vulnerabilities or weaknesses.
-
Best Practices: Our assessments emphasize adherence to established best practices, ensuring that the smart contract follows industry-accepted guidelines and standards.
-
Documentation and Comments: We meticulously review code documentation and comments to ensure they accurately reflect the underlying logic and expected behavior of the contract.
Auditing smart contracts involves a comprehensive analysis of the code to identify potential vulnerabilities and security risks. To achieve comprehensive coverage, we employ a series of security checklist tables, each addressing specific areas of concern. These include:
- System / Platform
- Access Control
- Storage
- Gas Issues and Efficiency
- Code Issues
- Error Handling and Exception Handling
- Transaction Handling
- Entrypoint Validation
- Administration and Operator Functions
- Additional Topics and Test Cases
Vulnerability Summary
Severity classification
| Severity | Impact: High | Impact: Medium | Impact: Low |
|---|---|---|---|
| Likehood: High | Critical | High | Medium |
| Likehood: Medium | High | Medium | Low |
| Likehood: Low | Medium | Low | Low |
Findings Summary
| High | 0 issue |
|---|---|
| Medium | 1 issue |
| Low | 0 issues |
| Informational | 3 issues |
| Gas Optimisations | 0 issues |
Audit Scope
The code under review is composed of a single smart contract written in Solidity language and includes 60 SLOC (source-code lines).
| Sl. No. | Lines | SLOC |
|---|---|---|
| contracts/vmm.py | 66 | 60 |
Total SLOC : 60
Auditor Involved
Main Auditor:
- devScrooge
- Profile Link (opens in a new tab)