Navigation

Connect your wallet

Audit Report

BULLZ TOWER
  • Security Score :  10/10
  • Tags :  Yield farm, ROI
  • Address :  0xa005A24fF0110Fc4c337666EAF0Bb5Bf8D1aC39f
  • Blockchain :  Arbitrum One
  • Website :  https://bullztower.com/

EXECUTIVE SUMMARY

Bullz Tower is a play-to-earn decentralized application with a visually interactive web interface. Players can upgrade up to 3 traders across 8 floors by burning BLZT tokens. For each additional trader or floor, the daily interest rate (paid in newly minted BLZT tokens) increases, up to 1%.

It is recommended that users thoroughly review the whitepaper and this report in their entirety to fully understand the application's fundamentals and risks.

We found one critical-severity issue with the smart contract, as detailed in the Findings section. The deployment team has resolved this issue.

SCOPE

  1. The audit focuses on the smart contract deployed on Arbitrum One, with the BLZT token smart contract, and the liquidity pool. They are the only smart contracts associated with the project.
  2. The audit does not cover any off-chain components or systems associated with the contract.
  3. The audit does not cover any user interfaces or user experience associated with the contract.
  4. The audit does not cover any legal or regulatory compliance of the contract.

FUNDAMENTALS

Bullz Tower play-to-earn decentralized application can also be considered a ROI dApp, where users can earn up to 1% daily interest depending on the number of BLZT tokens invested. Earnings are generated as newly minted BLZT tokens. Tokens are invested by burning them, instead of transferring the tokens to the smart contract.

The contract also features a leaderboard that rewards the top referrers each week.

Upgrading a floor:

  • Each floor must be upgraded three times to be able to upgrade to the next floor (up to 8 floors).
  • To upgrade all traders / all floors, 2,337,000 $BLZT must be burned in total by an account.

Interest Rate:

  • Upgrading a floor is required to start earnings, but also to increase it.
  • Upgrading requires burning BLZT tokens.
  • Rewards are as minted BLZT.
  • Daily percentage per completed floor (each floor upgraded 3 times, iteratively):
    • floor 0: 0.030%
    • floor 1: 0.079%
    • floor 2: 0.159%
    • floor 3: 0.269%
    • floor 4: 0.399%
    • floor 5: 0.569%
    • floor 6: 0.769%
    • floor 7 (equates to all floors + traders upgraded): 0.999% (or 1%)

Referral:

  • The referrer address is set only once upon upgrading a floor.
  • Upgrading a tower:
    • 1% of the burned amount is minted as BLZT to the referrer, if the referrer has already burned tokens or if the referral is the owner.
    • 1% of the burned amount is minted as BLZT to the referrer, and is taken into account on the leaderboard.

Leaderboard:

  • Winners are picked each new week.
  • The first set of winners starts at the end of the first week since launch.
  • The 3 spots are updated on each tower upgrade.
  • Winners get respectively from the 1st place to the 3rd, 30%, 20%, or 10% based on their individual referral earnings on the week.

Upgrade cost for trader 1 (per floor):

  • 1,000 BLZT
  • 4,000 BLZT
  • 10,000 BLZT
  • 16,000 BLZT
  • 35,000 BLZT
  • 100,000 BLZT
  • 150,000 BLZT
  • 300,000 BLZT

Upgrade cost for trader 2 (per floor):

  • 2,000 BLZT
  • 5,000 BLZT
  • 12,000 BLZT
  • 20,000 BLZT
  • 45,000 BLZT
  • 120,000 BLZT
  • 175,000 BLZT
  • 400,000 BLZT

Upgrade cost for trader 3 (per floor):

  • 3000 BLZT
  • 6000 BLZT
  • 14,000 BLZT
  • 24,000 BLZT
  • 55,000 BLZT
  • 140,000 BLZT
  • 200,000 BLZT
  • 500,000 BLZT

Other information:

  • When the maximum supply of $BLZT is reached, the contract will stop generating earnings, but also referral rewards for invested referrers.

FINDINGS

INTERACTION SEVERITY
[CPFC-1] interest rate is incorrect RESOLVED

CPFC-1: The interest rate does not match the expected values based on the whitepaper. The actual value is approximately 100x too low. This was identified by both static analysis and unit testing. This was resolved by the deployer team.

UNIT TESTS

INTERACTION RESULT
[CPUT-1] upgrade OK
[CPUT-2] withdraw OK
[CPUT-3] accumulation cutoff OK
[CPUT-4] interest rate OK
[CPUT-5] leaderboard OK

Unit testing was conducted to verify possible exploits, validate the logic, and ensure it aligns with the project's fundamentals. It was done so successfully.

PRIVILEGES

  1. Owner
    • Can start the contract, only once.
    • Can remove stuck ether from the contract balance.
    • Can remove stuck tokens from the contract balance.
    • Can enable or disable the leaderboard rewarding the top 3 referrers of a week.
    • Can change the max accumulation duration, starting from 48 hours.

RECOMMENDATIONS

The UPGRADE, REALIZE, WITHDRAW, and LEADERBOARD events should use an index on the user parameter to allow for easier data fetching from nodes. Adding an index on the user parameter for these events will optimize queries where filtering on a specific user is required. This will improve overall performance and reduce load times when retrieving event data for a particular user. Implementing indexes appropriately based on query patterns is an important database optimization that can greatly improve the speed and efficiency of data access.