LedgerScore Completes Successful Rock’n’Block Audit
The safety and security of our investors are of paramount importance at LedgerScore. We are pleased to announce our completed smart contract audit by Rock’n’Block. The audit is complete and we are happy to announce the results.
The audit reviewed contract source code from Etherscan. Contract were reviewed in the context of the flattened file, which included a single solidity file. The review performed did not assess any scripts, tests, or other non-Solidity files.
This audit was performed as a comprehensive review of the codebase and takes into consideration both the Solidity code, as well as the target platform: Ethereum main network. The Solidity was reviewed not just for common vulnerabilities and antipatterns, but also for its parity with the intent of the deployer, for its efficiency, and for the practices used during development
Findings were categorized using a risk rating model based on the OWASP method. Each vulnerability takes into consideration the impact and likelihood of exploitation, as well as the relative ease with which the vulnerability is resolved; findings that permeate throughout the codebase will require much more review and work to solve and are rated higher as a result
1. NO critical-severity vulnerabilities were found.
2. NO high-severity vulnerabilities were found.
3. NO medium-severity vulnerabilities were found.
4. Low Severity
Disparity of expectation in release functions: Users use releaseOnce() and releaseAll() to release their frozen tokens once the freeze period has elapsed. In the event a user does not hold any frozen tokens eligible for release, the releaseOnce() function reverts state changes. This is not the case for releaseAll(), which will simply do nothing. While this does not pose a significant danger for users, we recommend the inconsistency be addressed. Overuse of public function visibility: The reviewed token contract is assembled using a script which generates a file of constants with which the token contract will set its initial values. Because each constant is marked public, Solidity implicitly creates a publicly visible getter function with the same name. While using constants is generally efficient, excessive use of public fields: 1. Makes a contract more expensive to deploy (longer bytecode) 2. Makes a contract more expensive to use, as each additional function selector created by these implicit getters means more options to traverse at runtime. Consider removing the word public from each constant unless absolutely necessary. They will be set to the default, internal, meaning they will still be accessible internally to the contract
The result from the audit included a small list of recommendations for us to rectify, which the team is happy to complete.
To view the full audit by Rock’n’Block, please click here.
Rock’n’Block provides custom development and implementation of software-based blockchain technologies for businesses and startups.
The Rock’n’Block team includes specialists with more than 15 years of experience in implementing complex projects in the global IT market. The company is actively growing; back at the beginning of 2021 our staff strength was 15 but today we are already more than 50. By the end of the year, we plan to expand the staff strength, due to the increase in the number of orders and the growing popularity of the company’s field of activity.
Our team has participated in the most complex IT projects for customers all over the world. Each time we have solved tasks that no one has done before — such challenges which are now facing us all over the world from the simplest token contracts to complex DEX and blockchain deployments. One of our great projects is DUCATUS Wallet — Full functional consumer wallet development for iOS, Android, and web which has been downloaded more than 10,000 times. provide custom development and implementation of software-based blockchain technologies for businesses and startups.