Security Assessment

Smart Contract
Security Report

Independent analysis using 3 security tools. All findings reviewed, real issues fixed, false positives documented.

0 Critical
vulnerabilities
38 Tests
passing
3 Audit tools
used
547 Lines of
Solidity

Security Tools Used

S

Slither

by Trail of Bits

Industry-standard static analysis framework used by major DeFi protocols. Detects reentrancy, access control, and logic flaws.

0 exploitable vulnerabilities
9 findings — 0 high, 2 medium (false positives), 3 low (2 fixed), 4 informational
H

Hashlock AI

by Hashlock (Australia)

AI-powered audit from a leading Web3 security firm. Deep analysis of access control, economic logic, and oracle interactions.

0 confirmed vulnerabilities
11 findings — all false positives or by design (ReentrancyGuard, Chainlink patterns)
View Hashlock report →
SS

SolidityScan

by SolidityScan.com

Cloud-based scanner with 700+ detection modules. Covers OWASP-style vulnerabilities, gas optimizations, and coding standards.

Score: 60.24 / 100
234 findings — all critical/high are false positives (.call pattern, constructor)

Issues Found & Fixed

Real issues identified across all tools, fixed before deployment.

CRITICAL

Surplus divided by MAX_SUPPLY instead of totalMinted

Bonus payout calculation used 264 (max supply) instead of actual minted count, breaking payouts if supply wasn't fully minted.

Fixed — Changed to totalMinted
HIGH

Stale price threshold never enforced

STALE_PRICE_THRESHOLD was defined but never checked against updatedAt from Chainlink oracle.

Fixed — Added staleness check on every oracle call
HIGH

cancelTrigger could block deadline-based triggers

After a deadline trigger, cancelTrigger could reset the state, allowing indefinite extension.

Fixed — Added deadline protection in cancelTrigger
HIGH

Unchecked array access in constructor

Tier assignments array values weren't validated, allowing out-of-bounds memory read.

Fixed — Added require(tier < 4) validation
MEDIUM

Double minting not prevented at PoolManager level

While ERC721 prevents double minting, PoolManager updated state before the NFT-level check.

Fixed — Added costBasis == 0 guard
LOW

Missing events on critical state changes

destroyArt(), setBaseURI(), and cancelTrigger() didn't emit events for off-chain monitoring.

Fixed — Added ArtDestroyed, BaseURIUpdated, TriggerCancelled events
LOW

Missing zero address check on creator

Constructor didn't validate that the creator address wasn't address(0).

Fixed — Added require(_creator != address(0))
INFO

Custom _toString replaced with OpenZeppelin Strings

Replaced hand-written integer-to-string conversion with battle-tested OpenZeppelin library.

Fixed — Using Strings.toString()

Security Architecture

🔒

Reentrancy Protection

OpenZeppelin ReentrancyGuard on all payable functions (mint, buy, claim, claimCreator, sweepDust).

Checks-Effects-Interactions

All state changes happen before external calls. ETH transfers use .call{value}() with success check.

🔗

Chainlink Oracle

ETH/USD price from Chainlink with staleness check (1h), sequencer uptime verification, and grace period.

🛡

Access Control

Two-layer system: Owner (creator) for admin, PoolManager for transfers. NFT locked to marketplace only.

Two-Phase Trigger

Initiate + 1h cooldown + finalize. Price re-verified at finalization. Cancellable if price drops during cooldown.

💰

Pool Invariant

guaranteePool always equals sum of all cost bases. Every holder can always recover their investment.

Test Suite

38 / 38 tests passing — Hardhat + Ethers.js

Core Functions

  • Minting with tiered pricing
  • Marketplace listing & delisting
  • Buy with surcharge distribution
  • Multiple resales & pool growth

Trigger & Claims

  • Trigger at $10k ETH price
  • Deadline-based trigger (3 years)
  • Cooldown enforcement
  • Cancel if price drops
  • Holder claims (base + bonus)
  • Creator claim (10% surplus)

Security Checks

  • Transfer restriction enforcement
  • Duplicate claim prevention
  • Stale price data rejection
  • Constructor validation
  • Pool invariant verification

Verified Contracts

Deployed on Base L2 mainnet. Source code verified on BaseScan and public on GitHub.

View on GitHub →
InnerModelsNFT.sol
ERC-721 token — 96 lines — Transfers locked to PoolManager only
0xB032...9195 on BaseScan →
PoolManager.sol
Core logic — 451 lines — Marketplace, pools, trigger, claims
0x3FC0...054e on BaseScan →

Dependencies: OpenZeppelin Contracts v5.4 (ERC721, Ownable, ReentrancyGuard, Strings) — Chainlink Contracts v1.5 (AggregatorV3Interface)

Methodology

1

Internal Review

Manual code review identifying critical logic flaws (surplus calculation, stale price, cancel exploit).

2

Slither Analysis

Trail of Bits' static analyzer. All medium/low findings reviewed, 2 fixed, 2 confirmed false positives.

3

Hashlock AI Audit

Third-party AI audit by Hashlock. 11 findings, all analyzed as false positives or design decisions.

4

SolidityScan

Cloud scanner with 700+ modules. 234 findings reviewed, critical/high all false positives (standard patterns).

5

Test Suite

38 automated tests covering all functions, edge cases, access control, and pool invariant verification.

This report was generated on February 24, 2026 for the Inner Models smart contracts (Solidity 0.8.24, Hardhat, Base L2). It combines automated scanning with manual review. No audit can guarantee the absence of all vulnerabilities. The contracts have not been deployed yet — BaseScan verification will follow deployment.

Back to Inner Models