Wormhole Token Smart Contract Audit

 Project Background

Website Details

  • W is the native token that powers the Wormhole platform.
  • The W token powers the Wormhole platform and is designed for multichain use. 
  • It initially launched as a Solana SPL token, with ERC20 functionality to be added later through Wormhole’s Native Token Transfers. 
  • The W token has a max supply of 10 billion and an initial circulating supply of 1.8 billion. 82% of the tokens are initially locked and will unlock over four years according to a vesting schedule.
  • W will initially launch as a native Solana SPL token. ERC20 functionality will be enabled post-launch through Wormhole’s Native Token Transfers (NTT), allowing seamless transfers across any Wormhole-connected network.

Website: w-token

Code Details

  • This Solidity contract, `WToken`, is an upgradeable governance token with controlled minting and burning capabilities, utilizing the OpenZeppelin library for various functionalities. Below, break down the main components and their functionalities:
  • Key Features and Components:
    • Token Minting and Burning:
      • mint: Allows minting of new tokens, with auto-delegation if the recipient doesn’t have a delegate.
      • burn: Allows burning of the caller’s tokens, restricted by `BURNER_ROLE`.
      • burnFrom: Not implemented to prevent unintended use.
    • Governance and Voting:
      • Uses a timestamp-based clock for governance functions (`clock`, `CLOCK_MODE`).
      • maxSupply: Sets the maximum token supply.
      • setDelegate: Allows setting delegate votes for an account, controlled by `SET_DELEGATE_ROLE`.
  • This contract combines the functionality of a traditional ERC20 token with enhanced features for minting, burning, and governance, all while ensuring secure, role-based access control and the capability to upgrade the contract as needed. The use of OpenZeppelin libraries provides robust, audited code, enhancing security and reliability.

Audit Summary

  • We observed  1 Informational issue in the smart contracts. but those are not critical. 
  • The security state of the reviewed smart contract, based on standard audit procedure scope, is “Secured”.

Executive Audit Summary

  • According to the standard audit assessment, the Customer`s solidity smart contracts are “Secured”. Also, these contracts contain owner control, which does not make them fully decentralized.
  • We used various tools like Slither, Solhint and Remix IDE. At the same time this finding is based on critical analysis of the manual audit.

Audit Report in PDF


Audit Report Flip book

Please wait while flipbook is loading. For more related info, FAQs and issues please refer to DearFlip WordPress Flipbook Plugin Help documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × two =