Audits
xSuite
Security Audits
MultiversX
Smart Contracts
4 audits | 163 issues fixed | Last audited on Oct 8, 2024
Launchpad with guaranteed tickets v2
Contract allowing users to participate in token launchs, with both a random winner selecition and guaranteed tickets.
Audit
Report
PDF
Date
Oct 8, 2024
Code Hash
No code hash specified
Inherent risks
1 inherent risk:
  • Users must trust that admins will submit correct information about guaranteed tickets and allowances. If errors are made, users might earn less launchpad tokens or have less chances to win than they should.
All details are available in the report.
Issues
6 issues remaining (23 reported)
Severity
Reported
Remaining
Critical
2
0
Major
3
0
Medium
12
5
Minor
6
1
Disclaimer
The report makes no statements or warranties regarding the security of the code, the information herein or its usage. It does not constitute legal or investment advice. Authors shall not be liable for any acts or omissions based on the information contained herein.
Address of deployment
No address of deployment associated to this smart contract.
Multisig
Contract enabling multiple signers to jointly approve and execute transactions.
Audit
Report
Date
Feb 1, 2024
Code Hash
No code hash specified
Inherent risks
Not specified
Issues
1 issue remaining (20 reported)
Severity
Reported
Remaining
Critical
0
0
Major
1
0
Medium
14
0
Minor
5
1
Disclaimer
The report makes no statements or warranties regarding the security of the code, the information herein or its usage. It does not constitute legal or investment advice. Authors shall not be liable for any acts or omissions based on the information contained herein.
Address of deployment
No address of deployment associated to this smart contract.
DNS v2
Contract allowing users to purchase and manage usernames on chain.
Audit
Report
No public report available for this smart contract.
Date
Dec 4, 2023
Code Hash
No code hash specified
Inherent risks
1 inherent risk:
  • Two users might temporarily have the same username recorded in the DNS. Indeed, when a user Alice registers a new username and saves it, it triggers two async calls: one to delete the username from the previous account Bob, and one to save the username in Alice account. However, if Bob’s account is on another shard, then the deletion callback might be executed after the save username callback. In this case, before the save username callback is executed, both Alice and Bob have the same domain saved in storage.
All details are available in the report.
Issues
4 issues remaining (122 reported)
Severity
Reported
Remaining
Critical
31
0
Major
21
0
Medium
34
4
Minor
36
0
Disclaimer
The report makes no statements or warranties regarding the security of the code, the information herein or its usage. It does not constitute legal or investment advice. Authors shall not be liable for any acts or omissions based on the information contained herein.
Address of deployment
No address of deployment associated to this smart contract.
Paymaster
Contract for executing transactions and paying gas fees with an ESDT token instead of EGLD.
Audit
Report
Date
Oct 9, 2023
Code Hash
No code hash specified
Inherent risks
1 inherent risk:
  • A user pays the relayer fee even if their smart contract call fails.
All details are available in the report.
Issues
2 issues remaining (11 reported)
Severity
Reported
Remaining
Critical
1
0
Major
2
0
Medium
2
0
Minor
6
2
Disclaimer
The report makes no statements or warranties regarding the security of the code, the information herein or its usage. It does not constitute legal or investment advice. Authors shall not be liable for any acts or omissions based on the information contained herein.
Address of deployment
No address of deployment associated to this smart contract.
Disclaimer