You are viewing this report in private mode, accessible only using an authenticated account.

This is not a public report.

Security Assessment

Contract v5
9 Jan 2024

This security assessment report was prepared by SolidityScan.com, a cloud-

based Smart Contract Scanner.
Table of Contents.
Project Summary
Audit Summary
Findings Summary
Vulnerability Details
CHEAPER INEQUALITIES IN IF()

CHEAPER INEQUALITIES IN REQUIRE()

CUSTOM ERRORS TO SAVE GAS

OPTIMIZING ADDRESS ID MAPPING

PUBLIC CONSTANTS CAN BE PRIVATE

SPLITTING REQUIRE STATEMENTS

SPLITTING REVERT STATEMENTS

STORAGE VARIABLE CACHING IN MEMORY

Scan History
Disclaimer

Project Summary
This report has been prepared for Contract v5 using SolidityScan to scan and
discover vulnerabilities and safe coding practices in their smart contract
including the libraries used by the contract that are not officially recognized. The
SolidityScan tool runs a comprehensive static analysis on the Solidity code and
finds vulnerabilities ranging from minor gas optimizations to major vulnerabilities
leading to the loss of funds. The coverage scope pays attention to all the
informational and critical vulnerabilities with over (150+) modules. The scanning
and auditing process covers the following areas:

Various common and uncommon attack vectors will be investigated to ensure

that the smart contracts are secure from malicious actors. The scanner modules
find and flag issues related to Gas optimizations that help in reducing the overall
Gas cost It scans and evaluates the codebase against industry best practices
and standards to ensure compliance It makes sure that the officially recognized
libraries used in the code are secure and up to date
The SolidityScan Team recommends running regular audit scans to identify any
vulnerabilities that are introduced after Contract v5 introduces new features or
refactors the code.

Audit Summary
Project Name
Contract v5

Contract Type
Smart Contract

Language
Solidity

Codebase
File Scan

Audit Methodology
Static Scanning
Findings Summary
Contract v5
File Scan

78.52
Security Score

Lines of Code

461

10

25
9

16

Critical 0

High 10
Medium 0

Low 9

Informational 16

Gas 25

ACTION TAKEN

Fixed False Positive

0 0
Won't Fix Pending Fix
0 55
Severity Bug Type
Gas CHEAPER INEQUALITIES IN IF()

Gas CHEAPER INEQUALITIES IN REQUIRE()

Gas CHEAPER INEQUALITIES IN REQUIRE()

Gas CUSTOM ERRORS TO SAVE GAS

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas OPTIMIZING ADDRESS ID MAPPING

Gas PUBLIC CONSTANTS CAN BE PRIVATE

Gas PUBLIC CONSTANTS CAN BE PRIVATE

Gas SPLITTING REQUIRE STATEMENTS

Gas SPLITTING REVERT STATEMENTS

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Gas STORAGE VARIABLE CACHING IN MEMORY

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Lorem Ipsum Dolor Sit Amet Pending Fix

Critical
Upgrade to use this feature
Upgrade to ourProplan or a Custom plan to use this feature and much
Critical Lorem Ipsum Dolor Sit Amet
more Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Upgrade

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Critical Lorem Ipsum Dolor Sit Amet Pending Fix

Vulnerability Details
Bug ID
SSP_3784_20
Severity Confidence

Gas Firm
Line nos Action Taken

385-385 Pending Fix

Bug Type
CHEAPER INEQUALITIES IN IF()

File Location
/Contract v5.sol

Issue Description
The contract was found to be doing comparisons using inequalities inside the if stateme
nt.
When inside the if statements, non-strict inequalities (>=, <=) are usually cheaper t
han the strict equalities (>, <).

Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the strict inequ
alities with the non-strict ones to save ~3 gas as long as the logic of the code is not aff
ected.

Bug ID
SSP_3784_22
Severity Confidence

Gas Firm
Line nos Action Taken

124-124 Pending Fix

Bug Type
CHEAPER INEQUALITIES IN REQUIRE()

File Location
/Contract v5.sol

Issue Description
The contract was found to be performing comparisons using inequalities inside the req
uire statement. When inside the require statements, non-strict inequalities (>=, <
=) are usually costlier than strict equalities (>, <) .

Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the non-strict i
nequalities with the strict ones to save ~3 gas as long as the logic of the code is not aff
ected.

Bug ID
SSP_3784_23
Severity Confidence

Gas Firm
Line nos Action Taken

333-333 Pending Fix

Bug Type
CHEAPER INEQUALITIES IN REQUIRE()

File Location
/Contract v5.sol

Issue Description
The contract was found to be performing comparisons using inequalities inside the req
uire statement. When inside the require statements, non-strict inequalities (>=, <
=) are usually costlier than strict equalities (>, <) .

Issue Remediation
It is recommended to go through the code logic, and, if possible, modify the non-strict i
nequalities with the strict ones to save ~3 gas as long as the logic of the code is not aff
ected.

Bug ID
SSP_3784_21
Severity Confidence

Gas Certain
Line nos Action Taken
428-428 Pending Fix

Bug Type
CUSTOM ERRORS TO SAVE GAS

File Location
/Contract v5.sol

Issue Description
The contract was found to be using revert() statements. Since Solidity v0.8.4 , cust
om errors have been introduced which are a better alternative to the revert.
This allows the developers to pass custom errors with dynamic data while reverting the
transaction and also making the whole implementation a bit cheaper than using rever
t.

Issue Remediation
It is recommended to replace all the instances of revert() statements with error() t
o save gas.

Bug ID

SSP_3784_41
Severity Confidence

Gas Tentative
Line nos Action Taken

82-82 Pending Fix

Bug Type
OPTIMIZING ADDRESS ID MAPPING

File Location
/Contract v5.sol

Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.

Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.

Bug ID
SSP_3784_42
Severity Confidence

Gas Tentative
Line nos Action Taken

85-85 Pending Fix

Bug Type
OPTIMIZING ADDRESS ID MAPPING

File Location
/Contract v5.sol

Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.

Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.

Bug ID
SSP_3784_43
Severity Confidence

Gas Tentative
Line nos Action Taken

88-88 Pending Fix

Bug Type
OPTIMIZING ADDRESS ID MAPPING

File Location
/Contract v5.sol

Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.

Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.

Bug ID
SSP_3784_44
Severity Confidence

Gas Tentative
Line nos Action Taken

89-89 Pending Fix

Bug Type
OPTIMIZING ADDRESS ID MAPPING

File Location
/Contract v5.sol

Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.

Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.

Bug ID
SSP_3784_45
Severity Confidence

Gas Tentative
Line nos Action Taken

91-91 Pending Fix

Bug Type
OPTIMIZING ADDRESS ID MAPPING

File Location
/Contract v5.sol

Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.

Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.
Bug ID
SSP_3784_46
Severity Confidence

Gas Tentative
Line nos Action Taken

92-92 Pending Fix

Bug Type
OPTIMIZING ADDRESS ID MAPPING

File Location
/Contract v5.sol

Issue Description
Combining multiple address/ID mappings into a single mapping using a struct enhances
storage efficiency, simplifies code, and reduces gas costs, resulting in a more streamlin
ed and cost-effective smart contract design.
It saves storage slot for the mapping and depending on the circumstances and sizes of
types, it can avoid a Gsset (20000 gas) per mapping combined. Reads and subsequent
writes can also be cheaper when a function requires both values and they fit in the sam
e storage slot.

Issue Remediation
It is suggested to modify the code so that multiple mappings using the address->id para
meter are combined into a struct.

Bug ID
SSP_3784_32
Severity Confidence
 Gas Certain
Line nos Action Taken

76-76 Pending Fix

Bug Type
PUBLIC CONSTANTS CAN BE PRIVATE

File Location
/Contract v5.sol

Issue Description
Public constant variables cost more gas because the EVM automatically creates getter f
unctions for them and adds entries to the method ID table. The values can be read from
the source code instead.
The following variable is affected: panicData

Issue Remediation
If reading the values for the constants are not necessary, consider changing the publi
c visibility to private .

Bug ID
SSP_3784_33
Severity Confidence

Gas Certain
Line nos Action Taken

95-95 Pending Fix

Bug Type
PUBLIC CONSTANTS CAN BE PRIVATE

File Location
/Contract v5.sol

Issue Description
Public constant variables cost more gas because the EVM automatically creates getter f
unctions for them and adds entries to the method ID table. The values can be read from
the source code instead.
The following variable is affected: currentPosition

Issue Remediation
If reading the values for the constants are not necessary, consider changing the publi
c visibility to private .

Bug ID
SSP_3784_3
Severity Confidence

Gas Firm
Line nos Action Taken

122-126 Pending Fix

Bug Type
SPLITTING REQUIRE STATEMENTS

File Location
/Contract v5.sol

Issue Description
Require statements when combined using operators in a single statement usually lead t
o a larger deployment gas cost but with each runtime calls, the whole thing ends up bei
ng cheaper by some gas units.

Issue Remediation
It is recommended to separate the require statements with one statement/validation per
line.

Bug ID
SSP_3784_40
Severity Confidence

Gas Tentative
Line nos Action Taken

385-387 Pending Fix

Bug Type
SPLITTING REVERT STATEMENTS

File Location
/Contract v5.sol

Issue Description
The contract is using multiple conditions in a single if statement followed by a revert.
This costs some extra gas.

Issue Remediation
It is recommended to split the conditions into multiple if statements such that there’s
only one condition in each of them.
Bug ID
SSP_3784_50
Severity Confidence

Gas Tentative
Line nos Action Taken

82-82 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable isAllowedPool multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_51
Severity Confidence

Gas Tentative
Line nos Action Taken

85-85 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable isAllowedToken multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_52
Severity Confidence

Gas Tentative
Line nos Action Taken

86-86 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
es in the function .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID

SSP_3784_53
Severity Confidence

Gas Tentative
Line nos Action Taken

95-95 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable currentPosition multiple ti
mes in the function resetPosition .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_52
Severity Confidence

Gas Tentative
Line nos Action Taken

86-86 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol
 Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
es in the function getBalance .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_53
Severity Confidence

Gas Tentative
Line nos Action Taken

95-95 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable currentPosition multiple ti
mes in the function setPosition .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).
 Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_54
Severity Confidence

Gas Tentative
Line nos Action Taken

89-89 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable withdrawRequested multiple
times in the function requestWithdraw .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .
Bug ID
SSP_3784_54
Severity Confidence

Gas Tentative
Line nos Action Taken

89-89 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable withdrawRequested multiple
times in the function cancelWithdrawRequest .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_52
Severity Confidence

Gas
 Tentative
Line nos Action Taken

86-86 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable allowedTokens multiple tim
es in the function withdraw .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID
SSP_3784_55
Severity Confidence

Gas Tentative
Line nos Action Taken

76-76 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol

Issue Description
The contract MultiSigV3Proxy is using the state variable panicData multiple times in
the function uniswapV3SwapCallback .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Bug ID

SSP_3784_55
Severity Confidence

Gas Tentative
Line nos Action Taken

76-76 Pending Fix

Bug Type
STORAGE VARIABLE CACHING IN MEMORY

File Location
/Contract v5.sol
 Issue Description
The contract MultiSigV3Proxy is using the state variable panicData multiple times in
the function panic .
SLOADs are expensive (100 gas after the 1st one) compared to MLOAD / MSTORE (3 gas e
ach).

Issue Remediation
Storage variables read multiple times inside a function should instead be cached in the
memory the first time (costing 1 SLOAD ) and then read from this cache to avoid multiple
SLOADs .

Scan History
No Date Security Score
1. 2024-01-09 78.52
Disclaimer
The Reports neither endorse nor condemn any specific project or team, nor do
they guarantee the security of any specific project. The contents of this report do
not, and should not be interpreted as having any bearing on, the economics of
tokens, token sales, or any other goods, services, or assets.

The security audit is not meant to replace functional testing done before a
software release.

There is no warranty that all possible security issues of a particular smart

contract(s) will be found by the tool, i.e., It is not guaranteed that there will not be
any further findings based solely on the results of this evaluation.

Emerging technologies such as Smart Contracts and Solidity carry a high level of
technical risk and uncertainty. There is no warranty or representation made by this
report to any Third Party in regards to the quality of code, the business model or
the proprietors of any such business model, or the legal compliance of any
business.

In no way should a third party use these reports to make any decisions about
buying or selling a token, product, service, or any other asset. It should be noted
that this report is not investment advice, is not intended to be relied on as
investment advice, and has no endorsement of this project or team. It does not
serve as a guarantee as to the project's absolute security.

The assessment provided by SolidityScan is subject to dependencies and under

continuing development. You agree that your access and/or use, including but not
limited to any services, reports, and materials, will be at your sole risk on an as-is,
where-is, and as-available basis. SolidityScan owes no duty to any third party by
virtue of publishing these Reports.

As one audit-based assessment cannot be considered comprehensive, we always

recommend proceeding with several independent manual audits including manual
audit and a public bug bounty program to ensure the security of the smart
contracts.