Our team of industry-lead developers will perform a security audit, including automated tests, bug bounty contests, tool analysis and manual code review. We offer both one-time audits and continuous auditing as a service.
Our blockchain developers create secure Ethereum smart contracts on Solidity or develop with Rust on Solana. We can do it from scratch or take over an existing project.
Our experience and portfolio speaks for itself - trusted by the industry leaders such as Safe, 1inch or LayerZero.
We have discovered more than 784 issues so far. 67+ of them account for high findings.
Our auditors discover a critical or high issue every 5 work days.
After you make your payment, we will deliver your audit report within a maximum of 5 hours.
Blockchain security by industry-leading auditors.
Need a security audit? Let us know.
Always perform your own due diligence before interacting with any smart contract.
No mint function
This refers to the ability of the contract owner to produce additional tokens within the contract's framework.
No blacklist found
This indicates whether the owner has the authority to block certain addresses from interacting with the contract's ecosystem.
No honeypot option
This describes a situation where the contract might prevent token holders from selling their assets, potentially trapping their funds.
No high sell fees
This refers to the owner's ability to adjust the maximum sell fee applied to transactions within the contract.
Trading enabled
This indicates whether trading is already enabled or if the owner must perform an action to allow trading to begin.
Fixed supply, no minting
No maximum restriction
No maximum restriction
RISKY (DYOR)
Read whitepaper
Updated live from contract
| Vulnerability | Status | Details |
|---|---|---|
| Re-entrancy | RISKY | No external calls before state changes |
| Integer Overflow/Underflow | RISKY | Uses SafeMath or Solidity ≥0.8 |
| Ownership Renouncement | WARNING | Owner has not renounced control |
| Blacklist Capability | RISKY | No blacklist |
| Arbitrary Minting | RISKY | No mint |
| Trading Lock | RISKY | No trading lock function |
| Max Transaction Limit | RISKY | No limit |
| Upgradable Contract | RISKY | No proxy contract |
| Honeypot Behavior | RISKY | No logic found to block selling |
| Access Control | RISKY | OnlyOwner pattern properly implemented |
| External Call Risks | RISKY | External contract calls are protected by checks |
Owner has access to critical functions such as minting and fee setting.
SAFEContract logic can be changed through a proxy pattern controlled by the team.
SAFEOwner or privileged role can mint additional tokens post-deployment.
SAFEOwner has control over enabling or pausing trading.
SAFEFee rates can be adjusted by a privileged address.
SAFEOwner can blacklist user wallets arbitrarily.
SAFEOwnership has been renounced, reducing central control.
WARNINGCertain addresses have privileges others do not.
SAFEOnly specific roles can call important contract functions.
SAFEOwner can withdraw contract funds instantly.
SAFEThe code was tested with compatible compilers and simulated manually reviewed for all commonly known and specific vulnerabilities.
| Vulnerability Description | Status |
|---|---|
| Visibility of functions and variables | Passed |
| Compiler error | Passed |
| ROI Investment Plan | Passed |
| Transfer Block | Passed |
| Floating pragma | Passed |
| Timestamp dependence | Passed |
| Deprecated solidity functions | Passed |
| Gas limit and loops | Passed |
| Front running | Passed |
| User balance manipulation | Passed |
| Dos with revert | Passed |
| Dos with block gas limit | Passed |
| Reentrancy security | Passed |
| Malicious libraries | Passed |
| Integer overflow/underflow | Passed |
| Using inline assembly | Passed |
| Missing event emission | Passed |
| Missing zero address validation | Passed |
| Use of tx.origin | Passed |
| Oracle security | Passed |
| Outdated compiler version | Passed |
| Block values as a proxy for time | Passed |
| Presence of unused code | Passed |
| Data consistency | Passed |
| Money giving bug | Passed |
| Unnecessary use of SafeMath | Passed |
| Self-destruct interaction | Passed |
| Signature unique id | Passed |
| Weak sources of randomness | Passed |
| Optimize code and efficient gas fee | Passed |
The list of functions in the contract that only the owner can call:
| ID | Severity | Name | File Location |
|---|---|---|---|
| SWC-100 | WARNING | Function Default Visibility | L: 0 C: 0 |
| SWC-101 | WARNING | Integer Overflow and Underflow | L: 0 C: 0 |
| SWC-102 | WARNING | Outdated Compiler Version | L: 0 C: 0 |
| SWC-103 | WARNING | A floating pragma is set | L: 0 C: 0 |
| SWC-104 | WARNING | Unchecked Call Return Value | L: 0 C: 0 |
| SWC-105 | WARNING | Unprotected Ether Withdrawal | L: 0 C: 0 |
| SWC-106 | WARNING | Unprotected SELFDESTRUCT Instruction | L: 0 C: 0 |
| SWC-107 | WARNING | Read of persistent state following external call | L: 0 C: 0 |
| SWC-108 | WARNING | State variable visibility is not set | L: 0 C: 0 |
| SWC-109 | WARNING | Uninitialized Storage Pointer | L: 0 C: 0 |
| SWC-110 | WARNING | Assert Violation | L: 0 C: 0 |
| SWC-111 | WARNING | Use of Deprecated Solidity Functions | L: 0 C: 0 |
| SWC-112 | WARNING | Delegate Call to Untrusted Callee | L: 0 C: 0 |
| SWC-113 | WARNING | Multiple calls are executed in the same transaction | L: 0 C: 0 |
| SWC-114 | WARNING | Transaction Order Dependence | L: 0 C: 0 |
| SWC-115 | WARNING | Authorization through tx.origin | L: 0 C: 0 |
| SWC-116 | WARNING | A control flow decision is made based on The block.timestamp environment variable | L: 0 C: 0 |
| SWC-117 | WARNING | Signature Malleability | L: 0 C: 0 |
| SWC-118 | WARNING | Incorrect Constructor Name | L: 0 C: 0 |
| SWC-119 | WARNING | Shadowing State Variables | L: 0 C: 0 |
| SWC-120 | WARNING | Potential use of block.number as source of randomness | L: 0 C: 0 |
| SWC-121 | WARNING | Missing Protection against Signature Replay Attacks | L: 0 C: 0 |
| SWC-122 | WARNING | Lack of Proper Signature Verification | L: 0 C: 0 |
| SWC-123 | WARNING | Requirement Violation | L: 0 C: 0 |
| SWC-124 | WARNING | Write to Arbitrary Storage Location | L: 0 C: 0 |
| SWC-125 | WARNING | Incorrect Inheritance Order | L: 0 C: 0 |
| SWC-126 | WARNING | Insufficient Gas Griefing | L: 0 C: 0 |
| SWC-127 | WARNING | Arbitrary Jump with Function Type Variable | L: 0 C: 0 |
| SWC-128 | WARNING | DoS With Block Gas Limit | L: 0 C: 0 |
| SWC-129 | WARNING | Typographical Error | L: 0 C: 0 |
| SWC-130 | WARNING | Right-To-Left-Override control character (U+202E) | L: 0 C: 0 |
| SWC-131 | WARNING | Presence of unused variables | L: 0 C: 0 |
| SWC-132 | WARNING | Unexpected Ether balance | L: 0 C: 0 |
| SWC-133 | WARNING | Hash Collisions with Multiple Variable Length Arguments | L: 0 C: 0 |
| SWC-134 | WARNING | Message call with hardcoded gas amount | L: 0 C: 0 |
| SWC-135 | WARNING | Code With No Effects (Irrelevant/Dead Code) | L: 0 C: 0 |
| SWC-136 | WARNING | Unencrypted Private Data On-Chain | L: 0 C: 0 |
| ID | Severity | Name | Result | Status |
|---|---|---|---|---|
| $AXELAR-01 | Minor | Potential Sandwich Attacks | WARNING | Not-Found |
| $PORCEM-02 | Minor | Function Visibility Optimization | WARNING | Not-Found |
| $PORCEM-03 | Minor | Lack of Input Validation | WARNING | Not-Found |
| $PORCEM-04 | Major | Centralized Risk In addLiquidity | WARNING | Not-Found |
| $PORCEM-05 | Minor | Missing Event Emission | WARNING | Not-Found |
| $PORCEM-06 | Minor | Conformance with Solidity Naming Conventions | WARNING | Not-Found |
| $PORCEM-07 | Minor | State Variables could be Declared Constant | WARNING | Not-Found |
| $PORCEM-08 | Minor | Dead Code Elimination | WARNING | Not-Found |
| $PORCEM-09 | Major | Third Party Dependencies | WARNING | Not-Found |
| $PORCEM-10 | Major | Initial Token Distribution | WARNING | Not-Found |
| $PORCEM-11 | Major | Complexity on the tax calculations | WARNING | Not-Found |
| $AXELAR-12 | Major | Centralization Risks In The X Role | WARNING | Not-Found |
| $PORCEM-13 | Informational | Extra Gas Cost For User | WARNING | Not-Found |
| $PORCEM-14 | Medium | Unnecessary Use Of SafeMath | WARNING | Not-Found |
| $PORCEM-15 | Medium | Symbol Length Limitation due to Solidity Naming Standards | WARNING | Not-Found |
| $PORCEM-16 | Medium | Invalid collection of Taxes during Transfer | WARNING | Not-Found |
| $PORCEM-17 | Informational | Conformance to numeric notation best practice | WARNING | Not-Found |
| $PORCEM-18 | Informational | Enable Trade and Exclude Exist to create a whitelist | WARNING | Not-Found |
This report has been prepared for PORCEM Token. AuditHaze provides both client-centered and user-centered examination of the smart contracts and their current status when applicable. This report represents the security assessment made to find issues and vulnerabilities on the source code along with the current liquidity and token holder statistics of the protocol.
A comprehensive examination has been performed, utilizing Cross Referencing, Static Analysis, In-House Security Tools, and line-by-line Manual Review.
The auditing process pays special attention to the following considerations:
Contract submitted for security audit
Static analysis and automated vulnerability scanning completed
Line-by-line code review by security experts
Audit completed and final report published
Always perform your own due diligence before interacting with any smart contract.
No mint function
This refers to the ability of the contract owner to produce additional tokens within the contract's framework.
No blacklist found
This indicates whether the owner has the authority to block certain addresses from interacting with the contract's ecosystem.
No honeypot option
This describes a situation where the contract might prevent token holders from selling their assets, potentially trapping their funds.
No high sell fees
This refers to the owner's ability to adjust the maximum sell fee applied to transactions within the contract.
Trading enabled
This indicates whether trading is already enabled or if the owner must perform an action to allow trading to begin.
Fixed supply, no minting
No maximum restriction
No maximum restriction
After launch (DYOR)
Read whitepaper
Updated live from contract
| Vulnerability | Status | Details |
|---|---|---|
| Re-entrancy | SAFE | No external calls before state changes |
| Integer Overflow/Underflow | SAFE | Uses SafeMath or Solidity ≥0.8 |
| Ownership Renouncement | WARNING | Owner has not renounced control |
| Blacklist Capability | SAFE | No blacklist |
| Arbitrary Minting | SAFE | No mint |
| Trading Lock | SAFE | No trading lock function |
| Max Transaction Limit | SAFE | No limit |
| Upgradable Contract | SAFE | No proxy contract |
| Honeypot Behavior | SAFE | No logic found to block selling |
| Access Control | SAFE | OnlyOwner pattern properly implemented |
| External Call Risks | SAFE | External contract calls are protected by checks |
Owner has access to critical functions such as minting and fee setting.
SAFEContract logic can be changed through a proxy pattern controlled by the team.
SAFEOwner or privileged role can mint additional tokens post-deployment.
SAFEOwner has control over enabling or pausing trading.
SAFEFee rates can be adjusted by a privileged address.
SAFEOwner can blacklist user wallets arbitrarily.
SAFEOwnership has been renounced, reducing central control.
WARNINGCertain addresses have privileges others do not.
SAFEOnly specific roles can call important contract functions.
SAFEOwner can withdraw contract funds instantly.
SAFEThe code was tested with compatible compilers and simulated manually reviewed for all commonly known and specific vulnerabilities.
| Vulnerability Description | Status |
|---|---|
| Visibility of functions and variables | Passed |
| Compiler error | Passed |
| ROI Investment Plan | Passed |
| Transfer Block | Passed |
| Floating pragma | Passed |
| Timestamp dependence | Passed |
| Deprecated solidity functions | Passed |
| Gas limit and loops | Passed |
| Front running | Passed |
| User balance manipulation | Passed |
| Dos with revert | Passed |
| Dos with block gas limit | Passed |
| Reentrancy security | Passed |
| Malicious libraries | Passed |
| Integer overflow/underflow | Passed |
| Using inline assembly | Passed |
| Missing event emission | Passed |
| Missing zero address validation | Passed |
| Use of tx.origin | Passed |
| Oracle security | Passed |
| Outdated compiler version | Passed |
| Block values as a proxy for time | Passed |
| Presence of unused code | Passed |
| Data consistency | Passed |
| Money giving bug | Passed |
| Unnecessary use of SafeMath | Passed |
| Self-destruct interaction | Passed |
| Signature unique id | Passed |
| Weak sources of randomness | Passed |
| Optimize code and efficient gas fee | Passed |
The list of functions in the contract that only the owner can call:
| ID | Severity | Name | File Location |
|---|---|---|---|
| SWC-100 | Pass | Function Default Visibility | L: 0 C: 0 |
| SWC-101 | Pass | Integer Overflow and Underflow | L: 0 C: 0 |
| SWC-102 | Pass | Outdated Compiler Version | L: 0 C: 0 |
| SWC-103 | Pass | A floating pragma is set | L: 0 C: 0 |
| SWC-104 | Pass | Unchecked Call Return Value | L: 0 C: 0 |
| SWC-105 | Pass | Unprotected Ether Withdrawal | L: 0 C: 0 |
| SWC-106 | Pass | Unprotected SELFDESTRUCT Instruction | L: 0 C: 0 |
| SWC-107 | Pass | Read of persistent state following external call | L: 0 C: 0 |
| SWC-108 | Pass | State variable visibility is not set | L: 0 C: 0 |
| SWC-109 | Pass | Uninitialized Storage Pointer | L: 0 C: 0 |
| SWC-110 | Pass | Assert Violation | L: 0 C: 0 |
| SWC-111 | Pass | Use of Deprecated Solidity Functions | L: 0 C: 0 |
| SWC-112 | Pass | Delegate Call to Untrusted Callee | L: 0 C: 0 |
| SWC-113 | Pass | Multiple calls are executed in the same transaction | L: 0 C: 0 |
| SWC-114 | Pass | Transaction Order Dependence | L: 0 C: 0 |
| SWC-115 | Pass | Authorization through tx.origin | L: 0 C: 0 |
| SWC-116 | Pass | A control flow decision is made based on The block.timestamp environment variable | L: 0 C: 0 |
| SWC-117 | Pass | Signature Malleability | L: 0 C: 0 |
| SWC-118 | Pass | Incorrect Constructor Name | L: 0 C: 0 |
| SWC-119 | Pass | Shadowing State Variables | L: 0 C: 0 |
| SWC-120 | Pass | Potential use of block.number as source of randomness | L: 0 C: 0 |
| SWC-121 | Pass | Missing Protection against Signature Replay Attacks | L: 0 C: 0 |
| SWC-122 | Pass | Lack of Proper Signature Verification | L: 0 C: 0 |
| SWC-123 | Pass | Requirement Violation | L: 0 C: 0 |
| SWC-124 | Pass | Write to Arbitrary Storage Location | L: 0 C: 0 |
| SWC-125 | Pass | Incorrect Inheritance Order | L: 0 C: 0 |
| SWC-126 | Pass | Insufficient Gas Griefing | L: 0 C: 0 |
| SWC-127 | Pass | Arbitrary Jump with Function Type Variable | L: 0 C: 0 |
| SWC-128 | Pass | DoS With Block Gas Limit | L: 0 C: 0 |
| SWC-129 | Pass | Typographical Error | L: 0 C: 0 |
| SWC-130 | Pass | Right-To-Left-Override control character (U+202E) | L: 0 C: 0 |
| SWC-131 | Pass | Presence of unused variables | L: 0 C: 0 |
| SWC-132 | Pass | Unexpected Ether balance | L: 0 C: 0 |
| SWC-133 | Pass | Hash Collisions with Multiple Variable Length Arguments | L: 0 C: 0 |
| SWC-134 | Pass | Message call with hardcoded gas amount | L: 0 C: 0 |
| SWC-135 | Pass | Code With No Effects (Irrelevant/Dead Code) | L: 0 C: 0 |
| SWC-136 | Pass | Unencrypted Private Data On-Chain | L: 0 C: 0 |
| ID | Severity | Name | Result | Status |
|---|---|---|---|---|
| $PORCEM-01 | Minor | Potential Sandwich Attacks | Pass | Not-Found |
| $PORCEM-02 | Minor | Function Visibility Optimization | Pass | Not-Found |
| $PORCEM-03 | Minor | Lack of Input Validation | Pass | Not-Found |
| $PORCEM-04 | Major | Centralized Risk In addLiquidity | Pass | Not-Found |
| $PORCEM-05 | Minor | Missing Event Emission | Pass | Not-Found |
| $PORCEM-06 | Minor | Conformance with Solidity Naming Conventions | Pass | Not-Found |
| $PORCEM-07 | Minor | State Variables could be Declared Constant | Pass | Not-Found |
| $PORCEM-08 | Minor | Dead Code Elimination | Pass | Not-Found |
| $PORCEM-09 | Major | Third Party Dependencies | Pass | Not-Found |
| $PORCEM-10 | Major | Initial Token Distribution | Pass | Not-Found |
| $PORCEM-11 | Major | Complexity on the tax calculations | Pass | Not-Found |
| $PORCEM-12 | Major | Centralization Risks In The X Role | Pass | Not-Found |
| $PORCEM-13 | Informational | Extra Gas Cost For User | Pass | Not-Found |
| $PORCEM-14 | Medium | Unnecessary Use Of SafeMath | Pass | Not-Found |
| $PORCEM-15 | Medium | Symbol Length Limitation due to Solidity Naming Standards | Pass | Not-Found |
| $PORCEM-16 | Medium | Invalid collection of Taxes during Transfer | Pass | Not-Found |
| $PORCEM-17 | Informational | Conformance to numeric notation best practice | Pass | Not-Found |
| $PORCEM-18 | Informational | Enable Trade and Exclude Exist to create a whitelist | Pass | Not-Found |
This report has been prepared for PORCEM Token. AuditHaze provides both client-centered and user-centered examination of the smart contracts and their current status when applicable. This report represents the security assessment made to find issues and vulnerabilities on the source code along with the current liquidity and token holder statistics of the protocol.
A comprehensive examination has been performed, utilizing Cross Referencing, Static Analysis, In-House Security Tools, and line-by-line Manual Review.
The auditing process pays special attention to the following considerations:
Contract submitted for security audit
Static analysis and automated vulnerability scanning completed
Line-by-line code review by security experts
Audit completed and final report published
