The Hideaways

08. September, 2022

SolidProof_io @solidproof_io
 Disclaimer 3
Description 5
Project Engagement 5
Logo 5
Contract Link 5
Methodology 7
Used Code from other Frameworks/Smart Contracts (direct imports) 8
Tested Contract Files 9
Source Lines 10
Risk Level 10
Capabilities 11
Inheritance Graph 12
CallGraph 13
Scope of Work/Verify Claims 14
Modi ers and public functions 24
Source Units in Scope 25
Critical issues 26
High issues 26
Medium issues 26
Low issues 26
Informational issues 26
Audit Comments 27
SWC Attacks 28

2
fi
Disclaimer
SolidProof.io reports are not, nor should be considered, an “endorsement”
or “disapproval” of any particular project or team. These reports are not,
nor should be considered, an indication of the economics or value of any
“product” or “asset” created by any team. SolidProof.io do not cover
testing or auditing the integration with external contract or services (such
as Unicrypt, Uniswap, PancakeSwap etc’...)

SolidProof.io Audits do not provide any warranty or guarantee

regarding the absolute bug- free nature of the technology analyzed,
nor do they provide any indication of the technology proprietors.
SolidProof Audits should not be used in any way to make decisions
around investment or involvement with any particular project. These
reports in no way provide investment advice, nor should be leveraged
as investment advice of any sort.

SolidProof.io Reports represent an extensive auditing process intending to

help our customers increase the quality of their code while reducing the
high level of risk presented by cryptographic tokens and blockchain
technology. Blockchain technology and cryptographic assets present a
high level of ongoing risk. SolidProof’s position is that each company and
individual are responsible for their own due diligence and continuous
security. SolidProof in no way claims any guarantee of security or
functionality of the technology we agree to analyze.

Version Date Description

1.0 08. September 2022 • Layout project

• Automated- /Manual-Security Testing
• Summary

3
Network
Ethereum Smart Chain (ERC20)

Website
www.thehideaways.io

Telegram
https://t.me/thehideawayscrypto

Twitter
https://twitter.com/hdwycrypto

Instagram
https://www.instagram.com/thehideawayscrypto/

4
Description
At The Hideaways, we’re changing how you invest in luxury property. Find
your Hideaway.

Project Engagement
During the 8th of September 2022, The Hideaways Team engaged
Solidproof.io to audit smart contracts that they created. The engagement
was technical in nature and focused on identifying security aws in the
design and implementation of the contracts. They provided Solidproof.io
with access to their code repository and whitepaper.

Logo

Contract Link
v1.0
• Github
• https://github.com/shankarpm/erc20_uniswap
• Commit: 53117868977806be307797c13ddc677e0c7ccf30

5
fl
 Vulnerability & Risk Level
Risk represents the probability that a certain source-threat will exploit
vulnerability, and the impact of that event on the organization or system.
Risk Level is computed based on CVSS version 3.0.

Level Value Vulnerability Risk (Required Action)

A vulnerability that
can disrupt the
contract functioning
Immediate action to
Critical 9 - 10 in a number of
reduce risk level.
scenarios, or creates a
risk that the contract
may be broken.

A vulnerability that
affects the desired
outcome when using Implementation of
High 7 – 8.9 a contract, or provides corrective actions as
the opportunity to soon aspossible.
use a contract in an
unintended way.

A vulnerability that
could affect the
Implementation of
desired outcome of
Medium 4 – 6.9
executing the
corrective actions in a
certain period.
contract in a speci c
scenario.

A vulnerability that
does not have a
Implementation of
signi cant impact on
certain corrective
Low 2 – 3.9 possible scenarios for
actions or accepting
the use of the
the risk.
contract and is
probably subjective.

A vulnerability that
have informational An observation that
Informational 0 – 1.9 character but is not does not determine a
effecting any of the level of risk
code.

6
fi
fi
 Auditing Strategy and Techniques
Applied
Throughout the review process, care was taken to evaluate the repository
for security-related issues, code quality, and adherence to speci cation
and best practices. To do so, reviewed line-by-line by our team of expert
pentesters and smart contract developers, documenting any issues as
there were discovered.

Methodology
The auditing process follows a routine series of steps:
1. Code review that includes the following:
i) Review of the speci cations, sources, and instructions provided to SolidProof
to make sure we understand the size, scope, and functionality of the smart
contract.
ii) Manual review of code, which is the process of reading source code line-by-
line in an attempt to identify potential vulnerabilities.
iii) Comparison to speci cation, which is the process of checking whether the
code does what the speci cations, sources, and instructions provided to
SolidProof describe.

2. Testing and automated analysis that includes the following:

i) Test coverage analysis, which is the process of determining whether the test
cases are actually covering the code and how much code is exercised when
we run those test cases.
ii) Symbolic execution, which is analysing a program to determine what inputs
causes each part of a program to execute.

3. Best practices review, which is a review of the smart contracts to improve ef ciency,
effectiveness, clarify, maintainability, security, and control based on the established
industry and academic practices, recommendations, and research.

4. Speci c, itemized, actionable recommendations to help you take steps to secure

your smart contracts.

7
fi
fi
fi
fi
fi
fi
Used Code from other Frameworks/Smart
Contracts (direct imports)
Imported packages:

Note: For the reason that uniswap has already been audited and it is a
fork, we will not continue to note this in the report. Please read the
previous audit reports from other auditors that already exist.

8
 Tested Contract Files
This audit covered the following les listed below with a SHA-1 Hash.

A le with a different Hash has been modi ed, intentionally or otherwise,

after the security review. A different Hash could be (but not necessarily)
an indication of a changed condition or potential vulnerability that was
not within the scope of this review.

v1.0

9
fi
fi
fi
Metrics
Source Lines
v1.0

Risk Level
v1.0

10
Capabilities
Components
Version Contracts Libraries Interfaces Abstract

1.0 2 0 0 0

Exposed Functions
This section lists functions that are explicitly declared public or payable.
Please note that getter methods for public stateVars are not included.

Version Public Payable

1.0 2 0

Version External Internal Private Pure View

1.0 0 2 0 0 0

State Variables
Version Total Public

1.0 0 0

Capabilities
Has
Solidity Experim Can Uses Destroya
Version Versions ental Receive Assembl ble
observed Features Funds y Contract
s

1.0 ^0.6.6

11
Inheritance Graph
v1.0

12
CallGraph
v1.0

13
Scope of Work/Verify Claims
The above token Team provided us with the les that needs to be tested
(Github, Bscscan, Etherscan, les, etc.). The scope of the audit is the main
contract (usual the same name as team appended with .sol).

We will verify the following claims:

1. Is contract an upgradeable
2. Correct implementation of Token standard
3. Deployer cannot mint any new tokens
4. Deployer cannot burn or lock user funds
5. Deployer cannot pause the contract
6. Deployer cannot set fees
7. Deployer cannot blacklist/antisnipe addresses
8. Overall checkup (Smart Contract Security)

14
fi
fi
Is contract an upgradeable
Name

Is contract an upgradeable? No

15
 Correct implementation of Token standard
ERC20

Function Description Exist Tested Veri ed

TotalSupply
Provides information about the total
token supply ✓ ✓ ✓
BalanceOf
Provides account balance of the
owner's account ✓ ✓ ✓
Executes transfers of a speci ed
Transfer number of tokens to a speci ed
address
✓ ✓ ✓
Executes transfers of a speci ed
TransferFrom number of tokens from a speci ed
address
✓ ✓ ✓
Allow a spender to withdraw a set
Approve number of tokens from a speci ed
account
✓ ✓ ✓
Allowance
Returns a set number of tokens
from a spender to the owner ✓ ✓ ✓

16
fi
fi
fi
fi
fi
fi
Write functions of contract
v1.0
-

17
Deployer cannot mint any new tokens
Name Exist Tested Status

Deployer cannot mint ✓ ✓ ✓

Max / Total Supply -

Comments:
v1.0
• There is no token minting while deploying the contracts. Owner is not
able to mint some new tokens for this contracts

18
Deployer cannot burn or lock user funds
Name Exist Tested Status

Deployer cannot lock ✓ ✓ ✓

Deployer cannot burn - - -

19
Deployer cannot pause the contract
Name Exist Tested Status

Deployer cannot pause - - -

20
Deployer cannot set fees
Name Exist Tested Status

Deployer cannot set fees over 25% - - -

Deployer cannot set fees to nearly 100% or to 100% - - -

21
Deployer can blacklist/antisnipe addresses
Name Exist Tested Status

Deployer cannot blacklist/antisnipe addresses - - -

22
 Overall checkup (Smart Contract Security)
Tested Veri ed

✓ ✓
Legend
Attribute Symbol

Veri ed / Checked ✓
Partly Veri ed ⚑
Unveri ed / Not checked ✘
Not available -

23
fi
fi
fi
fi
 Modi ers and public functions
v1.0
-

Comments
• Contracts are simple ERC20 Tokens without any customised functions

Please check if an OnlyOwner or similar restrictive modi er has been

forgotten.

24
fi
fi
Source Units in Scope
v1.0

Legend
Attribute Description

Lines total lines of the source unit

normalised lines of the source unit (e.g. normalises functions

nLines
spanning multiple lines)

normalised source lines of code (only source-code lines; no

nSLOC
comments, no blank lines)

Comment Lines lines containing single or block comments

a custom complexity score derived from code statements that

Complexity Score are known to introduce code complexity (branches, loops, calls,
external interfaces, ...)

25
 Audit Results
Critical issues
No critical issues

High issues
No high issues

Medium issues
No medium issues

Low issues
Issue File Type Line Description

#1 Main A oating pragma is set 2 The current pragma Solidity

directive is „“^0.6.6””.

Informational issues
No informational issues

26
fl
Audit Comments
We recommend you to use the special form of comments (NatSpec
Format, Follow link for more information https://docs.soliditylang.org/en/
v0.5.10/natspec-format.html) for your contracts to provide rich
documentation for functions, return variables and more. This helps
investors to make clear what that variables, functions etc. do.

08. September 2022:

• When Token1/Token2 will be deployed, the contracts don’t have any
tokens. The owner is not able to mint tokens after deployment.
• Read whole report and modi ers section for more information

27
fi
SWC Attacks
ID Title Relationships Status

SW Unencrypted CWE-767: Access to Critical

C-1 Private Data Private Variable via Public PASSED
36 On-Chain Method

SW
Code With No
C-1 CWE-1164: Irrelevant Code PASSED
Effects
35

Message call
SW
with CWE-655: Improper
C-1 PASSED
hardcoded Initialization
34
gas amount

Hash
Collisions With
SW
Multiple CWE-294: Authentication
C-1 PASSED
Variable Bypass by Capture-replay
33
Length
Arguments

SW
Unexpected
C-1 CWE-667: Improper Locking PASSED
Ether balance
32

SW Presence of
C-1 unused CWE-1164: Irrelevant Code PASSED
31 variables

Right-To-Left-
SW Override CWE-451: User Interface (UI)
C-1 control Misrepresentation of Critical PASSED
30 character Information
(U+202E)

SW
Typographical CWE-480: Use of Incorrect
C-1 PASSED
Error Operator
29

SW DoS With
CWE-400: Uncontrolled
C-1 Block Gas PASSED
Resource Consumption
28 Limit

28
 Arbitrary
SW
Jump with CWE-695: Use of Low-Level
C-1 PASSED
Function Type Functionality
27
Variable

SW Incorrect
CWE-696: Incorrect Behavior
C-1 Inheritance PASSED
Order
25 Order

Write to
SW
Arbitrary CWE-123: Write-what-where
C-1 PASSED
Storage Condition
24
Location

SW
Requirement CWE-573: Improper Following
C-1 PASSED
Violation of Speci cation by Caller
23

SW Lack of Proper CWE-345: Insuf cient

C-1 Signature Veri cation of Data PASSED
22 Veri cation Authenticity

Missing
SW Protection CWE-347: Improper
C-1 against Veri cation of Cryptographic PASSED
21 Signature Signature
Replay Attacks

Weak Sources
SW of
CWE-330: Use of Insuf ciently
C-1 Randomness PASSED
Random Values
20 from Chain
Attributes

SW
Shadowing CWE-710: Improper Adherence
C-11 PASSED
State Variables to Coding Standards
9

SW Incorrect
CWE-665: Improper
C-11 Constructor PASSED
Initialization
8 Name

SW CWE-347: Improper
Signature
C-11 Veri cation of Cryptographic PASSED
Malleability
7 Signature

29
fi
fi
fi
fi
fi
fi
fi
 SW CWE-829: Inclusion of
Timestamp
C-11 Functionality from Untrusted PASSED
Dependence
6 Control Sphere

SW Authorization
CWE-477: Use of Obsolete
C-11 through PASSED
Function
5 tx.origin

CWE-362: Concurrent
SW Transaction Execution using Shared
C-11 Order Resource with Improper PASSED
4 Dependence Synchronization ('Race
Condition')

SW CWE-703: Improper Check or

DoS with
C-11 Handling of Exceptional PASSED
Failed Call
3 Conditions

SW Delegatecall CWE-829: Inclusion of

C-11 to Untrusted Functionality from Untrusted PASSED
2 Callee Control Sphere

Use of
SW
Deprecated CWE-477: Use of Obsolete
C-11 PASSED
Solidity Function
1
Functions

SW
Assert CWE-670: Always-Incorrect
C-11 PASSED
Violation Control Flow Implementation
0

SW Uninitialized
CWE-824: Access of
C-1 Storage PASSED
Uninitialized Pointer
09 Pointer

SW State Variable
CWE-710: Improper Adherence
C-1 Default PASSED
to Coding Standards
08 Visibility

SW CWE-841: Improper
C-1 Reentrancy Enforcement of Behavioral PASSED
07 Work ow

SW Unprotected
CWE-284: Improper Access
C-1 SELFDESTRUC PASSED
Control
06 T Instruction
30
fl
 SW Unprotected
CWE-284: Improper Access
C-1 Ether PASSED
Control
05 Withdrawal

SW Unchecked
CWE-252: Unchecked Return
C-1 Call Return PASSED
Value
04 Value

SW CWE-664: Improper Control of

Floating NOT
C-1 a Resource Through its
Pragma PASSED
03 Lifetime

SW Outdated
CWE-937: Using Components
C-1 Compiler PASSED
with Known Vulnerabilities
02 Version

SW Integer
CWE-682: Incorrect
C-1 Over ow and PASSED
Calculation
01 Under ow

SW Function
CWE-710: Improper Adherence
C-1 Default PASSED
to Coding Standards
00 Visibility

31
fl
fl
SolidProof_io @solidproof_io

32