EXECUTIVE SUMMARY
Truefund V2 is an improved version of Truefund that is a ROI dApp where new investors pays out rewards to old investors. If new deposits stops, daily interest rewards may not be paid out anymore.
The base daily interest rate is 2.5% but can be higher by using the referral system & participating in the lottery. Referrals pay rewards up to 3 levels of upline referrers.
It's recommended that users review this report in its entirety and the whitepaper of the project to fully understand the application's fundamentals and risks.
This type of application is fundamentally a form of gambling, so users should research thoroughly before participating.
Whitepaper: whitepaper
One low-severity issue was identified during our security audit as outlined in the Findings section, related to random number generation.
SCOPE
FUNDAMENTALS
Users deposit USDT into the smart contract and accumulate daily interest of 2.5%, which can be increased by utilizing the referral system or playing the lottery.
Token: USDT (0x55d398326f99059fF775485246999027B3197955). Daily interest rate: 2.5%. Interest accumulation cutoff: 72 hours. Insurance: The insurance is automatically triggered when a deposit is made if the TVL is zero, or if the TVL compared to the balance has reached a certain threshold (1000 times withdrawn rewards divided by TVL is greater than 250, or the average weekly balance is lower than 750). Deposits and completed lotteries will contribute funds to the insurance contract. The owner may also trigger the transfer from the insurance contract to the main contract. Fees: 10% on deposits to the owner. Referral system: The system allows for up to 3 referrals upline, with referral fees set at 3% for the first referral, 2% for the second referral, and 1% for the final referral. Referrals are set if the provided referrer address has already made a deposit, and cannot be changed after being set. Referral fees are paid out based on new deposits made. Lottery rules:
The rules of the lottery can be changed by the owner for the next lottery drawing, and randomly picking the winner is a privilege reserved for the owner.
Additionally, bonuses will be paid out weekly to the top 3 referrers based on the referral fees they earned that week. The referrer who earned the most fees will receive a 50% bonus, the second place referrer will receive 25%, and the third place referrer will get 10%. This bonus payout function can be triggered without needing special permissions.
FINDINGS
| INTERACTION | SEVERITY |
|---|---|
| [CPFL-1] insufficient source of randomness | LOW |
CPFL-1: The pseudo random number generator needs additional sources of randomness in order to process the winner of the lottery in a less predictable way. Since the pick is owner privilege, it is a low-severity finding.
UNIT TESTS
| INTERACTION | RESULT |
|---|---|
| [CPUT-1] deployment | OK |
| [CPUT-2] basic interactions (deposits / compound / reinvest) | OK |
| [CPUT-3] min deposits | OK |
| [CPUT-4] referral system | OK |
| [CPUT-5] fees on deposits | OK |
| [CPUT-6] interest rate | OK |
| [CPUT-7] interest accumulation cutoff | OK |
| [CPUT-8] top referrers of the week | OK |
Unit testing was conducted to verify the proper execution of the smart contract and its functions. The tests simulated usage scenarios and interactions with the contract by comparing the expected theoretical output to the actual returns from executing the code, and was done successfully.
PRIVILEGES
RECOMMENDATIONS
We suggest that the developer follows the CEI (Check-Effect-Interaction) pattern in their future work to maximize the security of their source code.
Additionally, they may want to consider simplifying and shortening their source code. Using clear, concise code can improve security by making it easier to audit. It also enhances overall readability and maintainability.