We were tasked with auditing the codebase of Trustwork and in particular their novel multisignature wallet implementation as well as token contract and sale.
The multisignature contract operates in a single 2-out-of-2 scheme whereby one address is meant to propose BEP-20 / BNB transfers and the other to validate and execute them.
The token sale transfers tokens outward from the token contract to the buyers on a prefixed ratio and is done so either via direct BNB transfers to the contract or via the execution of the
buyTokens function. The token can be burned by anyone and supports automatic liquidity provision once the developers actuate the "moon mission" function of the contract.
Automatic refunds are also supported in the case that a predefined period has passed or the owner has enabled transfers manually. This feature is disabled once liquidity is provided to the PancakeSwap pair, which is also created via the contract.
Over the course of the audit we observed certain issues that we believe should be remediated and can be found in the manual review chapter of the audit.
|Files in Scope||Repository||Commit(s)|
|Multisig.sol (MUL)||Trustworks||bbcbaee1c4, bfc98f6dae, 1cc97db5f3|
|TokenAndPresale.sol (TAP)||Trustworks||bbcbaee1c4, bfc98f6dae, 1cc97db5f3|
During the audit, we filtered and validated a total of 6 findings utilizing static analysis tools as well as identified a total of 12 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: