Bretton Woods Digital Gold

Summary

Quantstamp audited BWGToken smart contracts. BWGToken is a gold-backed `ERC-777` token that will use the operator functionality to charge periodic storage fees to token owners. These fees are derived from the physical storage of real gold. <br><br> High-severity issues were found. QSP-1 recommends blocking the `ERC-777` hooks functionality if it is not needed, as it increases the risk for denial-of-service attacks and reentrancy issues. All issues and design recommendations are discussed in the *Findings* section of this document. After that, recommendations about documentation and best practices are discussed. We strongly recommend addressing all the issues before deployment. <br><br> The documentation quality is medium. However, it is recommended to add more details on the design rationale of the contract, especially the owner-controlled functions such as the storage cost collection mechanism and the wallet list management. <br><br> Regarding testing, all tests passed, but the project lacks code coverage metrics. We recommend implementing it and reaching a code coverage of at least 95%. <br><br> **Fix-review update:** After initial recommendations, the BWGToken team provided a new commit to address the issues found. Documentation and best practice recommendations were addressed by the BWGToken team. However, the auditors found some issues that were not fixed or not correctly addressed in the commit provided. We highly recommend reading all the updates under each issue, focusing on the issues marked as "Mitigated" and "Unresolved", and properly addressing and testing them before deployment. The test suite was noticeably improved, and code coverage was implemented. The project reaches `95%` of branch coverage. <br><br> **Update:** The BWGToken team provided a new commit addressing the issues not completely fixed in the previous fix-review round. The related documentation was updated regarding these fixes.