USDC Token Smart Contract Audit

Project Background

Website Details

  • USD Coin (USDC) is a digital dollar stablecoin issued by Circle, fully backed by US dollar reserves. It offers global, near-instant, low-cost transactions and is regulated with transparent monthly reserve attestations. USDC is widely used across numerous blockchain networks and is designed to maintain a 1:1 value with the US dollar, making it a stable and secure digital currency. Businesses and individuals can easily mint and redeem USDC, ensuring liquidity and reliability.

Website: circle.com/en/usdc

Code Details

  • This Solidity code defines a token contract called FiatTokenV2_2, which is an upgraded version of the original FiatToken contract. Let’s break down its key features:
    • Versioning: The contract has multiple versions (FiatTokenV1, FiatTokenV1_1, FiatTokenV2, FiatTokenV2_1, FiatTokenV2_2). Each version introduces new functionalities or upgrades existing ones. The versioning allows for smooth upgrades without disrupting existing functionality.
    • Initial Setup: The contract initializes various parameters such as name, symbol, currency, decimals, master minter, pauser, blacklister, and owner. It ensures that these parameters are set correctly during contract deployment.
    • Minting and Burning: The contract supports minting and burning of tokens. Minters are designated addresses that can mint new tokens, subject to an allowance specified by the master minter.
    • Token Transfers: It facilitates token transfers between addresses. The transfer, transferFrom, and approve functions handle standard ERC-20 token transfer functionality.
    • Authorization: The contract implements ERC-3009 and ERC-2612 standards for token authorization. Users can approve spending tokens on their behalf without interacting with the contract directly. This functionality enhances security and usability.
    • Blacklisting: The contract allows for blacklisting specific accounts, preventing them from sending or receiving tokens. This feature is useful for compliance and security purposes.
    • Pausing: The contract can be paused and unpaused by the pauser address. When paused, token transfers are disabled, adding an extra layer of security and control.
    • Rescue Functionality: The contract includes a rescuer address that can recover ERC-20 tokens mistakenly sent to the contract address. This feature prevents tokens from being lost irreversibly.
    • Domain Separation: The contract uses domain separation for enhanced security in signature verification. It generates a unique domain separator for each version of the contract.
    • Upgradeability: The contract design allows for future upgrades by introducing new versions (FiatTokenV2_1, FiatTokenV2_2). Upgrades can introduce new functionalities or fix bugs while maintaining compatibility with existing applications.
  • Overall, the FiatTokenV2_2 contract provides a comprehensive set of features for managing and transferring ERC-20 tokens, with a focus on security, flexibility, and upgradability.

Audit Summary

  • We observed 0 low and 2 Informational issues in the smart contracts. but those are not critical. 
  • The security state of the reviewed smart contract, based on standard audit procedure scope, is “Secured”.

Executive Audit Summary

  • According to the standard audit assessment, the Customer`s solidity smart contracts are “Secured”.  Also, these contracts contain owner control, which does not make them fully decentralized.
  • We used various tools like Slither, Solhint and Remix IDE. At the same time this finding is based on critical analysis of the manual audit.

Audit Report in PDF



pdf

Audit Report Flip book

Please wait while flipbook is loading. For more related info, FAQs and issues please refer to DearFlip WordPress Flipbook Plugin Help documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 5 =