EarnGuild $EARN Token Audit Report

4 min readFeb 22, 2022

Earn Guild values the safety and security of our partners and investors. We are very pleased to announce our completed smart contract audit by Rock’n’Block. The audit is complete and we are excited to share the results.

Scope

The audit reviewed contract source code from Bscscan. Contracts were reviewed in the context of the flattened file, which included a single solidity file. The review performed did not assess any scripts, tests, or other non-Solidity files.

Methodology

This audit was performed as a comprehensive review of the codebase and takes into consideration both the Solidity code, as well as the target platform: Binance Smart Chain network. The Solidity was reviewed not just for common vulnerabilities and antipatterns, but also for its parity with the intent of the deployer, for its efficiency, and for the practices used during development

Risk Assessment

Findings were categorized using a risk rating model based on the OWASP method. Each vulnerability takes into consideration the impact and likelihood of exploitation, as well as the relative ease with which the vulnerability is resolved; findings that permeate throughout the codebase will require much more review and work to solve and are rated higher as a result.

To standardize the evaluation, we define the following terminology based on OWASP Risk Rating Methodology:

Likelihood represents how likely a particular vulnerability is to be uncovered and exploited in the wild;
Impact measures the technical loss and business damage of a successful attack;
Severity demonstrates the overall criticality of the risk; Likelihood and impact are categorized into three ratings: H, M and L, i.e., high, medium and low respectively. Severity is determined by likelihood and impact and can be classified into four categories accordingly, i.e., Critical, High, Medium, Low

Findings

1. NO critical-severity vulnerabilities were found.

2. NO high-severity vulnerabilities were found.

3. NO medium-severity vulnerabilities were found

4. Low Severity

Disparity of expectation in release functions: Users use releaseOnce() and releaseAll() to release their frozen tokens once the freeze period has elapsed. In the event a user does not hold any frozen tokens eligible for release, the releaseOnce() function reverts state changes. This is not the case for releaseAll(), which will simply do nothing. While this does not pose a significant danger for users, we recommend the inconsistency be addressed.

Overuse of public function visibility: The reviewed token contract is assembled using a script that generates a file of constants with which the token contract will set its initial values. Because each constant is marked public, Solidity implicitly creates a publicly visible getter function with the same name. While using constants is generally efficient, excessive use of public fields:

Makes a contract more expensive to deploy (longer bytecode)

2. Makes a contract more expensive to use, as each additional function selector created by these implicit getters means more options to traverse at runtime. Consider removing the word public from each constant unless absolutely necessary. They will be set to the default, internal, meaning they will still be accessible internally to the contract

The team has made a note of the two low-level recommendations and will proceed accordingly with implementing these corrections.

Manual testing

All came back “Successful”

About Rock’n’Block

Rock’n’Block provides custom development and implementation of software-based blockchain technologies for businesses and startups.

The Rock’n’Block team includes specialists with more than 15 years of experience in implementing complex projects in the global IT market. The company is actively growing; back at the beginning of 2021 our staff strength was 15 but today we are already more than 50. By the end of the year, we plan to expand the staff strength, due to the increase in the number of orders and the growing popularity of the company’s field of activity.

Our team has participated in the most complex IT projects for customers all over the world. Each time we have solved tasks that no one has done before — such challenges which are now facing us all over the world from the simplest token contracts to complex DEX and blockchain deployments. One of our great projects is DUCATUS Wallet — Full functional consumer wallet development for iOS, Android, and web which has been downloaded more than 10,000 times. provide custom development and implementation of software-based blockchain technologies for businesses and startups.