EXECUTIVE SUMMARY
True Trade is a decentralized finance application that acts as a hedge fund , on the BNB Smart Chain. Users deposit funds into the application with the expectation of receiving returns generated through AI trading activities conducted by the deployer team.
Notably, the deployer team dont have access to the contract balance and dont have the ability to withdraw funds from the contract.
During our thorough audit of the project, we have not identified issue. It relates to the fact that the owner dont have access to the contract balance, which introduces no risks. While it aligns with the project's design, we believe it is crucial to consider safer alternatives to mitigate associated risks. The informational finding relates only to monitoring and external interactions.
SCOPE
FUNDAMENTALS
True Trade uses BNB as the currency for Ai investment and withdrawals. Users can invest their BNB and receive a daily interest rate of 1.5% to 3% or 45% to 90% monthly interest rate. The claimed source of funding for the project is Ai trading activities conducted by the True Trade team.
FINDINGS
| INTERACTION | SEVERITY |
|---|---|
| [CPFM-1] Owner can withdraw contract balance | NO |
| [CPFI-1] invest & compound emits the same event | INFORMATIONAL |
CPFM-1: While it is mentioned in the project fundamentals that only users can withdraw their capital and profits from the contract balance, this is a deliberate part of the project's design. Consequently, we consider there to be no security concerns as the contract operates exactly as intended. There is no access to the contract balance, resulting in a 0% risk, as the deployer team does not have any access to contract funds. One alternative approach could involve implementing a significant trading fund specifically designated for trading purposes. By adopting this strategy, funds dedicated to trading would be separated and isolated, thereby preventing any malicious activities by the deployer team or potential compromises due to external attacks..
CPFI-1: The invest and compound rewards functions in the smart contract emit the same event when called. This event serves as an informational log for users and external systems, providing visibility into deposit and rewards compounding activities. While it does not impact the contract's functionality, it enhances transparency and facilitates external monitoring, ultimately improving the overall user experience and accountability within the ecosystem..
UNIT TESTS
| INTERACTION | RESULT |
|---|---|
| [CPUT-1] invest | PASS |
| [CPUT-2] reinvest | PASS |
| [CPUT-3] withdrawals | PASS |
| [CPUT-4] interest rate | PASS |
| [CPUT-5] owner-only functions | PASS |
| [CPUT-6] partners | PASS |
| [CPUT-7] common vulnerabilities | PASS |
All unit tests were successfully executed during our audit process.
PRIVILEGES
RECOMMENDATIONS
Owner doesn't have any access to the funds of the smart contract
You can invest in this platform, all smart contract code has been work as mentioned on website.
Note : I am not a financial advisor, invest at your own risk