SolChicks Token Vesting Program - Copy 1
Summary
In this audit we identified nine issues (one high-severity, three medium-severity, two low-severity, two informational, and one undetermined-severity). A major problem is that the admin is given the privilege to transfer or purge vested funds at will. There is a discrepancy between the code comments and the actual implementation of the change destination logic. The way that token accounts are passed into the program is also problematic. The program requires associated token accounts to be input to the program instead of the user system accounts, which can potentially lead to security issues. It is worthwhile to mention that this audit was conducted by one person in a time-boxed manner (with a total of 10 hours of audit). Therefore, it is possible that some issues went unnoticed in the course of this audit. We recommend having a complete audit with three auditors for a more robust review.
Issues (9)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 5 | 3 | 1 | - | 9 |
Fixed | - | - | - | - | 0 |
| Total | 5 | 3 | 1 | 0 | 9 |