Security Assessment

Smart Contract
Security Report

Independent analysis using 3 security tools. All findings reviewed, real issues fixed, false positives documented.

0 Critical
vulnerabilities
38 Tests
passing
3 Audit tools
used
547 Lines of
Solidity

Security Tools Used

S

Slither

by Trail of Bits

Industry-standard static analysis framework used by major DeFi protocols. Detects reentrancy, access control, and logic flaws.

0 exploitable vulnerabilities
9 findings — 0 high, 2 medium (false positives), 3 low (2 fixed), 4 informational
H

Hashlock AI

by Hashlock (Australia)

AI-powered audit from a leading Web3 security firm. Deep analysis of access control, economic logic, and oracle interactions.

0 confirmed vulnerabilities
11 findings — all false positives or by design (ReentrancyGuard, Chainlink patterns)
View Hashlock report →
SS

SolidityScan

by SolidityScan.com

Cloud-based scanner with 700+ detection modules. Covers OWASP-style vulnerabilities, gas optimizations, and coding standards.

Score: 60.24 / 100
234 findings — all critical/high are false positives (.call pattern, constructor)

Issues Found & Fixed

Real issues identified across all tools, fixed before deployment.

CRITICAL

Surplus divided by MAX_SUPPLY instead of totalMinted

Bonus payout calculation used 264 (max supply) instead of actual minted count, breaking payouts if supply wasn't fully minted.

Fixed — Changed to totalMinted
HIGH

Stale price threshold never enforced

STALE_PRICE_THRESHOLD was defined but never checked against updatedAt from Chainlink oracle.

Fixed — Added staleness check on every oracle call
HIGH

cancelTrigger could block deadline-based triggers

After a deadline trigger, cancelTrigger could reset the state, allowing indefinite extension.

Fixed — Added deadline protection in cancelTrigger
HIGH

Unchecked array access in constructor

Tier assignments array values weren't validated, allowing out-of-bounds memory read.

Fixed — Added require(tier < 4) validation
MEDIUM

Double minting not prevented at PoolManager level

While ERC721 prevents double minting, PoolManager updated state before the NFT-level check.

Fixed — Added costBasis == 0 guard
LOW

Missing events on critical state changes

destroyArt(), setBaseURI(), and cancelTrigger() didn't emit events for off-chain monitoring.

Fixed — Added ArtDestroyed, BaseURIUpdated, TriggerCancelled events
LOW

Missing zero address check on creator

Constructor didn't validate that the creator address wasn't address(0).

Fixed — Added require(_creator != address(0))
INFO

Custom _toString replaced with OpenZeppelin Strings

Replaced hand-written integer-to-string conversion with battle-tested OpenZeppelin library.

Fixed — Using Strings.toString()

Security Architecture

🔒

Reentrancy Protection

OpenZeppelin ReentrancyGuard on all payable functions (mint, buy, claim, claimCreator, sweepDust).

Checks-Effects-Interactions

All state changes happen before external calls. ETH transfers use .call{value}() with success check.

🔗

Chainlink Oracle

ETH/USD price from Chainlink with staleness check (1h), sequencer uptime verification, and grace period.

🛡

Access Control

Two-layer system: Owner (creator) for admin, PoolManager for transfers. NFT locked to marketplace only.

Two-Phase Trigger

Initiate + 1h cooldown + finalize. Price re-verified at finalization. Cancellable if price drops during cooldown.

💰

Pool Invariant

guaranteePool always equals sum of all cost bases. Every holder can always recover their investment.

Test Suite

38 / 38 tests passing — Hardhat + Ethers.js

Core Functions

  • Minting with tiered pricing
  • Marketplace listing & delisting
  • Buy with surcharge distribution
  • Multiple resales & pool growth

Trigger & Claims

  • Trigger at $10k ETH price
  • Deadline-based trigger (3 years)
  • Cooldown enforcement
  • Cancel if price drops
  • Holder claims (base + bonus)
  • Creator claim (10% surplus)

Security Checks

  • Transfer restriction enforcement
  • Duplicate claim prevention
  • Stale price data rejection
  • Constructor validation
  • Pool invariant verification

Verified Contracts

Deployed on Base L2 mainnet. Source code verified on BaseScan and public on GitHub.

View on GitHub →
InnerModelsNFT.sol
ERC-721 token — 96 lines — Transfers locked to PoolManager only
0xB032...9195 on BaseScan →
PoolManager.sol
Core logic — 451 lines — Marketplace, pools, trigger, claims
0x3FC0...054e on BaseScan →

Dependencies: OpenZeppelin Contracts v5.4 (ERC721, Ownable, ReentrancyGuard, Strings) — Chainlink Contracts v1.5 (AggregatorV3Interface)

Methodology

1

Internal Review

Manual code review identifying critical logic flaws (surplus calculation, stale price, cancel exploit).

2

Slither Analysis

Trail of Bits' static analyzer. All medium/low findings reviewed, 2 fixed, 2 confirmed false positives.

3

Hashlock AI Audit

Third-party AI audit by Hashlock. 11 findings, all analyzed as false positives or design decisions.

4

SolidityScan

Cloud scanner with 700+ modules. 234 findings reviewed, critical/high all false positives (standard patterns).

5

Test Suite

38 automated tests covering all functions, edge cases, access control, and pool invariant verification.

Back to Inner Models