Subscription Token - Fabric
Summary
Quantstamp audited Subscription Token smart contract from Fabric. Subscription tokens give creators the ability to offer subscriptions to their fans on-chain. The protocol handles payments to the creator in exchange for an NFT with an expiration. Over time, subscribers add time to their subscription for continued access. All issues and recommendations are discussed in the *Findings* section of this document. After that, recommendations about documentation and best practices are discussed. We strongly recommend addressing all the issues before deployment. A high-security issue was found. SUB-1 explains how the reward redemption formula may inaccurately distribute rewards when total reward points decrease, leading to locking funds in the contract. The documentation quality is high. Public documentation was provided by the Fabric team. It is recommended to add detailed and updated public documentation focusing on critical parts of the protocol, such as protocol fees, rewards, privileged accounts, and a list of addresses of the smart contracts deployed. Refer to the "Adherence to Specification" section for more details. Regarding testing, all tests passed, and the project implements code coverage metrics (reaching `100%` in the audited contract). We recommend adding new tests to cover the proposed fixes (especially the fixes for SUB-1). #### Fix review The Fabric team provided a set of commits containing fixes for the issues found. All the issues were fixed or acknowledged.
Issues (9)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 2 | 2 | - | - | 4 |
Fixed | 2 | 2 | 1 | - | 5 |
| Total | 4 | 4 | 1 | 0 | 9 |