Professional Documents
Culture Documents
MOKToken
Security Assessment
Audited By:
Angelos Apostolidis @ CertiK
angelos.apostolidis@certik.org
Reviewed By:
Alex Papageorgiou @ CertiK
alex.papageorgiou@certik.org
Disclaimer
CertiK reports are not, nor should be considered, an "endorsement" or "disapproval" of any
particular project or team. These reports are not, nor should be considered, an indication of
the economics or value of any "product" or "asset" created by any team or project that
contracts CertiK to perform a security review.
CertiK Reports do not provide any warranty or guarantee regarding the absolute bug-free
nature of the technology analyzed, nor do they provide any indication of the technologies
proprietors, business, business model or legal compliance.
CertiK Reports should not be used in any way to make decisions around investment or
involvement with any particular project. These reports in no way provide investment advice,
nor should be leveraged as investment advice of any sort.
CertiK Reports represent an extensive auditing process intending to help our customers
increase the quality of their code while reducing the high level of risk presented by
cryptographic tokens and blockchain technology.
Blockchain technology and cryptographic assets present a high level of ongoing risk.
CertiK's position is that each company and individual are responsible for their own due
diligence and continuous security. CertiK's goal is to help reduce the attack vectors and the
high level of variance associated with utilizing new and consistently changing technologies,
and in no way claims any guarantee of security or functionality of the technology we agree
to analyze.
Project Summary
Commits 1. 2ddd824c238849f02dd7867e24d4dad5db1bd1e0
Audit Summary
Consultants Engaged 2
Vulnerability Summary
Total Issues 4
Total Critical 0
Total Major 0
Total Medium 0
Total Minor 1
Total Informational 3
Executive Summary
Certik was tasked with auditing the codebase of the Mocktail Finance MOKToken smart
contract located live at 0x23A1c4025Aa5Dc7f876530bEb76346b99d50C3AA.
After our engagement, the Mocktail Finance team opted to re-deploy the MOKToken smart
contract at 0xca69c118fa550387794d48900a866891217e5c9f.
The MOKToken contract is based on a known smart contract, hence inheriting all the
vulnerabilities of the original.
Our findings mainly refer to optimizations and Solidity coding standards. Hence, the issues
identified pose no threat to the safety of the contract's safety.
System Analysis
The contract owner can arbitrarily burn tokens from any address while also having the
ability to mint any amount to a specific address, increasing the system centralization.
Files In Scope
ID Contract Location
Finding Summary
25%
Minor
Informational
75%
Manual Review Findings
Description:
Recommendation:
We advise to extend the burning mechanism by moving the delegates to the zero address.
Alleviation:
The development team opted to consider our references and extended the burn()
functionality as proposed.
MTN-02M: Contract Layout
Description:
The MOKToken contract layout does not conform with the Solidity order of layout
conventions.
Recommendation:
We advise to follow the Solidity conventions and change the contract layout
Alleviation:
The development team opted to consider our references and changed the contract layout,
closely following the Solidity conventions.
MTN-03M: Ambiguous State Variable
Description:
The _alloc state variable remains after being initialized upon construction.
Recommendation:
We advise to add descriptive documentation in the form of in-line comments about the
purpose of the linked variable.
Alleviation:
The development team opted to consider our references and removed the redundant state
variable.
MTN-01S: State Variable Naming
Description:
The _alloc state variable does not conform with the Solidity naming conventions.
Recommendation:
We advise to follow the Solidity conventions and remove the underscore ( _ ) prefix from a
public variable.
Alleviation:
The development team acknowledged this exhibit, but opted to remove the redundant
state variable.
Appendix
Finding Categories
Volatile Code
Volatile Code findings refer to segments of code that behave unexpectedly on certain edge
cases that may result in a vulnerability.
Coding Style
Coding Style findings usually do not affect the generated byte-code and comment on how
to make the codebase more legible and as a result easily maintainable.