Discovery Trending Launches KYC Verified Watchlist Risk Alerts
Token Minter AI Threat Detection Token Burner
Blog & News Docs Visit SolidProof.io

GeoLeaf Info

www.geoleaf.io

GeoLeaf is a mission-driven platform dedicated to tackling global water scarcity by leveraging blockchain technology. Through staking, project owners can create custom pools that attract investors, while both parties contribute to sustainable water solutions for communities in need. GeoLeaf combines financial growth with social impact, ensuring every token staked supports accessible, clean water initiatives worldwide.

GeoLeaf Logo
Onboarded date 04/07/2025

TrustNet Score

The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.

8.52
Poor Excellent

Real-Time Threat Detection

Real-time threat detection, powered by Cyvers.io, is currently not activated for this project.

This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks. For more information, click here.

Security Assessments

"Static Analysis Dynamic Analysis Symbolic Execution SWC Check Manual Review"
Contract address
0xdc9b...0187
Network
BNB Smart Chain - Testnet
License N/A
Compiler N/A
Type N/A
Language Solidity
Onboard date 2025/07/04
Revision date 2025/07/04

Summary and Final Words

No crucial issues found

The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.

Contract owner cannot mint

It is not possible to mint new tokens.

Contract owner cannot blacklist addresses.

It is not possible to lock user funds by blacklisting addresses.

Contract owner cannot set high fees

The fees, if applicable, can be a maximum of 25% or lower. The contract can therefore not be locked. Please take a look in the comment section for more details.

Token transfer can be locked

Owner can lock user funds with owner functions.

Token cannot be burned

There is no burning within the contract without any allowances

Ownership is not renounced

The owner retains significant control, which could potentially be used to modify key contract parameters.

Contract is not upgradeable

The contract does not use proxy patterns or other mechanisms to allow future upgrades. Its behavior is locked in its current state.

Scope of Work

This audit encompasses the evaluation of the files listed below, each verified with a SHA-1 Hash. The team referenced above has provided the necessary files for assessment.

The auditing process consists of the following systematic steps:

  1. Specification Review: Analyze the provided specifications, source code, and instructions to fully understand the smart contract's size, scope, and functionality.
  2. Manual Code Examination: Conduct a thorough line-by-line review of the source code to identify potential vulnerabilities and areas for improvement.
  3. Specification Alignment: Ensure that the code accurately implements the provided specifications and intended functionalities.
  4. Test Coverage Assessment: Evaluate the extent and effectiveness of test cases in covering the codebase, identifying any gaps in testing.
  5. Symbolic Execution: Analyze the smart contract to determine how various inputs affect execution paths, identifying potential edge cases and vulnerabilities.
  6. Best Practices Evaluation: Assess the smart contracts against established industry and academic best practices to enhance efficiency, maintainability, and security.
  7. Actionable Recommendations: Provide detailed, specific, and actionable steps to secure and optimize the smart contracts.

A file with a different Hash has been intentionally or otherwise modified after the security review. A different Hash may indicate a changed condition or potential vulnerability that was not within the scope of this review.

Final Words

The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.

Ownership Privileges
  • The owner can set the marketing, donation, LP wallet address to any arbitrary address, including zero.
  • The owner can pause/unpause all token transfers (transfertransferFrom) and all functions that execute swaps and distributions.
  • The owner can update the GL to BNB, BNBtoXRP, and XRP distribution threshold value to any arbitrary value.

Note - This Audit report consists of a security analysis of the GeoLeaf smart contract. This analysis did not include functional testing (or unit testing) of the contract’s logic. Moreover, we only audited one token contract for the GeoLeaf team. Other contracts associated with the project were not audited by our team. We recommend investors do their own research before investing.

Files and details

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Findings and Audit result

Critical
High
6
Medium
3
Low
Optimization
2
Informational
medium Issues | 6 findings

Pending

#1 medium Issue
The owner can lock tokens.
GeoTest.sol
L967-970
L1071-1073
Description

The GeoTest.sol contract grants the owner the unilateral and immediate authority to call the pause() function. This action engages the whenNotPaused modifier on the core transfer and transferFrom functions, effectively halting all token transfers and freezing the assets of every holder. This creates a significant centralization risk, as a compromised or malicious owner could trap all user funds within the contract indefinitely, without any warning or recourse for the community. Such power undermines trust and exposes investors to the risk of a single point of failure.

Comments

To mitigate this vulnerability, the contract's ownership should be decentralized. The most effective approach is to transfer ownership to a Timelock contract combined with a multi-signature wallet. This would enforce a mandatory delay between the announcement of a pause and its execution, giving users time to exit their positions if they disagree with the action. Requiring multiple keyholders to approve the pause via a multi-sig wallet would further prevent any single individual from unilaterally freezing the contract, thereby distributing control and aligning the contract's administration with decentralized best practices.

Pending

#2 medium Issue
Missing 'require' check. (Potential honeypot)
GeoTest.sol
L1065-1069
Description

The owner can set any arbitrary address to the marketing wallet, donation wallet, and lp wallet address, including zero address as this can lead to a potential honeypot if the owner has set the address to a contract address that cannot receive ETH. It is recommended that the address cannot be set to a contract address that cannot receive ETH to avoid these circumstances.

Pending

#3 medium Issue
Lack of Input Validation on Threshold Setters
GeoTest.sol
L1079-1089
Description

The functions setGLToBNBThreshold, setBNBToXRPThreshold, and setXRPDistributionThreshold allow the owner to change critical thresholds that control the timing and execution of swaps and reward distributions. However, these functions lack any input validation. A malicious or careless owner could set these thresholds to zero or an extremely high value. Setting a threshold to zero could cause swaps to execute with negligible amounts, wasting gas and creating dust outputs. Conversely, setting a threshold to an impossibly high number would effectively disable the automatic swap and distribution mechanism, causing tax tokens to accumulate indefinitely without being processed.

Comments

To mitigate this, each of these setter functions should be updated to include require statements that enforce sensible boundaries on the input values. For example, the new threshold should be checked to ensure it is above a reasonable minimum to prevent wasteful transactions and below a maximum to ensure the functionality does not get disabled.

Pending

#4 medium Issue
The owner can lock transfer via setMaxTxPercent
GeoTest.sol
L1135-1137
Description

The setMaxTxPercent function allows the owner to adjust the maximum transaction amount (_maxTxAmount). A critical vulnerability exists because this function lacks input validation. If the owner calls setMaxTxPercent(0), _maxTxAmount will be set to zero. Since every user transfer is checked with require(amount <= _maxTxAmount), all subsequent transfer attempts by regular users will fail, effectively freezing all trading and locking user assets in a honeypot-like situation.

Comments

To mitigate this vulnerability, the setMaxTxPercent function must be updated to include input validation. A require statement should enforce a sensible minimum value for maxTxPercent (e.g., require(maxTxPercent > 0, "Max transaction percent must be greater than zero")).

Pending

#5 medium Issue
Liquidity is added to externally owned address.
GeoTest.sol
L1232-1247
Description

The contract's liquidity is automatically added to the 'lpWallet' address, which is not recommended because, in an extreme scenario, this can be used to drain liquidity from the contract.

Pending

#6 medium Issue
Unbounded Loop Creates Inevitable Denial of Service (DoS)
GeoTest.sol
L1147-1196
Description

The contract's design for managing token holders and distributing rewards relies on iterating through a dynamically-sized array. The gas cost of these operations scales linearly with the number of holders. As the user base grows, the gas required to execute these loops will inevitably exceed the network's block gas limit. This will render critical functions, such as distributeXRPRewards, permanently inoperable, halting all reward distributions. It will also cause transactions to fail for users whose actions trigger removeHolder, effectively freezing certain contract interactions and creating a Denial of Service condition based on normal contract growth.

Comments

To mitigate this, the reward mechanism should be refactored from a "push" to a "pull" model, where each user initiates a transaction to claim their own rewards, thereby distributing the gas load. Furthermore, the array-based holder tracking should be replaced with a more gas-efficient data structure, such as an iterable mapping, which permits constant-time complexity for additions and removals.

low Issues | 3 findings

Pending

#1 low Issue
Remove safemath library
GeoTest.sol
L22-221
Description

The compiler version above 0.8.0 has the ability to control arithmetic overflow/underflow. It is recommended to remove the unwanted code in order to avoid high gas fees.

Pending

#2 low Issue
Local variables shadowing (shadowing-local)
GeoTest.sol
L1121
L1139-1145
Description

Rename the local variables that shadow another component.

Pending

#3 low Issue
Missing events arithmetic
GeoTest.sol
L1065-1069
L1079-1089
L1135-1137
Description

Emit all the critical parameter changes.

informational Issues | 2 findings

Pending

#1 informational Issue
Floating pragma solidity version
GeoTest.sol
L10
Description

Adding the constant version of solidity is recommended, as this prevents the unintentional deployment of a contract with an outdated compiler that contains unresolved bugs.

Pending

#2 informational Issue
Function that are not used (Dead code).
GeoTest.sol
L28
L41
L53
L70
L82
L193
L215
L287
L312
L322
L341
L368
L393
L490
L494
Description

Remove unused code.