Discovery Trending Launches KYC Verified Watchlist Risk Alerts
Token Minter AI Threat Detection Token Burner
Blog & News Docs Visit SolidProof.io

GoldFinger Info

goldfinger.finance

GoldFinger is an innovative platform committed to bridging premium yield-generating real-world assets (RWA) with the Web3 ecosystem. The convergence of blockchain technology and traditional finance is reshaping how real-world assets (RWA) are accessed, managed, and traded. By leveraging decentralized networks, transparency, and programmable smart contracts, it is now possible to unlock the liquidity and efficiency of high-quality, yield-generating assets—such as commodities, real estate, and financial instruments—within the Web3 ecosystem.

GoldFinger Logo
Onboarded date 12/11/2025

TrustNet Score

The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.

18.69
Poor Excellent

Real-Time Threat Detection

Real-time threat detection, powered by Cyvers.io, is currently not activated for this project.

This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks. For more information, click here.

Security Assessments

Select the audit
"Static Analysis Dynamic Analysis Symbolic Execution SWC Check Manual Review"
Contract address
N/A
Network N/A
License N/A
Compiler N/A
Type N/A
Language Solidity
Onboard date 2025/11/13
Revision date 2025/11/13

Summary and Final Words

No crucial issues found

The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.

Contract owner can mint

It is possible to mint new tokens.

Contract owner can blacklist addresses

It is possible to lock user funds by blacklisting addresses.

Contract owner cannot set high fees

The fees, if applicable, can be a maximum of 25% or lower. The contract can therefore not be locked. Please take a look in the comment section for more details.

Token transfer can be locked

Owner can lock user funds with owner functions.

Token cannot be burned

There is no burning within the contract without any allowances

Ownership is not renounced

The owner retains significant control, which could potentially be used to modify key contract parameters.

Contract is not upgradeable

The contract does not use proxy patterns or other mechanisms to allow future upgrades. Its behavior is locked in its current state.

Scope of Work

This audit encompasses the evaluation of the files listed below, each verified with a SHA-1 Hash. The team referenced above has provided the necessary files for assessment.

The auditing process consists of the following systematic steps:

  1. Specification Review: Analyze the provided specifications, source code, and instructions to fully understand the smart contract's size, scope, and functionality.
  2. Manual Code Examination: Conduct a thorough line-by-line review of the source code to identify potential vulnerabilities and areas for improvement.
  3. Specification Alignment: Ensure that the code accurately implements the provided specifications and intended functionalities.
  4. Test Coverage Assessment: Evaluate the extent and effectiveness of test cases in covering the codebase, identifying any gaps in testing.
  5. Symbolic Execution: Analyze the smart contract to determine how various inputs affect execution paths, identifying potential edge cases and vulnerabilities.
  6. Best Practices Evaluation: Assess the smart contracts against established industry and academic best practices to enhance efficiency, maintainability, and security.
  7. Actionable Recommendations: Provide detailed, specific, and actionable steps to secure and optimize the smart contracts.

A file with a different Hash has been intentionally or otherwise modified after the security review. A different Hash may indicate a changed condition or potential vulnerability that was not within the scope of this review.

Final Words

The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.

Ownership Privileges
  • The owner can add the vault and bridge contract address.
  • The owner can add or remove an admin in the contract.
  • The owner or admin can mint an unlimited amount of tokens in the contract.
  • The owner or admin can blacklist users from transferring tokens for an indefinite period of time.
  • The owner or admin can blackist multiple wallets in batches.
  • The owner or admin can burn tokens from blacklisted wallets without any allowance.
  • The owner can pause or unpause the functionalities in the contract.
  • The owner can rescue tokens and ETH from the contract.

Note - This Audit report consists of a security analysis of the ARTToken smart contract. This analysis did not include functional testing (or unit testing) of the contract’s logic. Moreover, we only audited the mentioned contract for the GoldFinger team. Other contracts associated with the project were not audited by our team. We recommend investors do their own research before investing.

Files and details

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Findings and Audit result

Critical
1
High
3
Medium
Low
Optimization
Informational
high Issues | 2 findings

Acknowledged

#1 high Issue
Administrative Minting Function Serves as a Backdoor to Create Unbacked Tokens
ARTToken.sol
L236-238
Description

The ARTToken contract, intended to represent a fully collateralized gold-backed asset, contains a vulnerability in its public mint function. This function is restricted by an onlyAdminOrOwner modifier, granting privileged accounts the unilateral ability to create an unlimited number of ARTTokens for any address without requiring any corresponding collateral deposit. The existence of this function completely undermines the token's core value proposition of being backed by a real-world asset. A malicious or compromised admin could exploit this function to mint infinite unbacked tokens, which could then be sold on the open market or redeemed through the ARTVault to drain all of the protocol's legitimate liquidity and collateral, resulting in a total loss of user funds.

Comments

The mint(address to, uint256 amount) function must be removed from the ARTToken contract immediately. The only function capable of creating new tokens should be mintFromVault, which is correctly restricted to the collateral-handling ARTVault contract. This will enforce the critical invariant that the token supply can only increase when a corresponding value of assets has been verifiably deposited, preserving the integrity and trustworthiness of the RWA.

Resolved

#2 high Issue
Administrators Can Unilaterally Burn Tokens From Any Blacklisted Address
ARTToken.sol
L331-335
Description

The burnBlacklisted function introduces a severe custodial risk by granting owner and admin accounts the ability to unilaterally burn (destroy) ARTTokens directly from any address that has been blacklisted. This function does not require any prior approval or allowance from the token holder. This mechanism goes beyond simply freezing assets; it allows for the direct and permanent seizure of user funds by a privileged role. A malicious or compromised administrator could first blacklist a user and then immediately call this function to destroy their entire token balance, effectively stealing their assets without leaving a trace of a transfer to their own wallet. This functionality is an extreme form of centralization that completely violates the principle of user self-custody and exposes the protocol to significant abuse and legal risks.

Comments

The burnBlacklisted function should be removed entirely. While regulatory compliance may require the ability to freeze illicitly obtained funds, the power to unilaterally destroy them without user consent or a formal, transparent, and decentralized governance process (such as a DAO vote or a court order oracle) is an overreach of power that is unacceptable in a decentralized protocol. If the functionality is deemed absolutely necessary for legal reasons, it must be placed under the control of a multi-signature committee and a significant time lock to allow for public review and intervention before any user's funds can be destroyed.

medium Issues | 3 findings

Acknowledged

#1 medium Issue
Missing validation for contract.
ARTToken.sol
L175-180
L182-186
Description

The setVault and setBridge functions in the ARTToken contract allow the owner to assign the addresses for the minting/burning vault and cross-chain bridges. These roles are critical and are implicitly expected to be functional smart contracts. However, the functions lack any validation to ensure that the provided addresses are indeed contracts and not regular wallet addresses (EOAs). If the owner were to accidentally set the vault address to an EOA, the entire system's ability to mint or redeem the gold-backed ARTToken would be permanently and irreversibly broken, as an EOA cannot execute the code required to manage the token supply.

Comments

To prevent this catastrophic failure, it is essential to enforce that only valid smart contracts can be assigned to these roles. The primary mitigation is to add a contract existence check (e.g., require(address.code.length > 0)) to both the setVault and setBridge functions. This ensures that an EOA can never be assigned. To further enhance security and reduce the risk of a compromised owner key, a more robust solution would be to place these critical address changes under the control of a governance contract that includes a mandatory time lock. This would make any change to these vital addresses a transparent, multi-day process, giving the community ample time to audit the proposed new contract and withdraw funds if they deem the change to be malicious or incorrect, while still allowing for legitimate future upgrades.

Acknowledged

#2 medium Issue
Centralized, Indefinite Blacklisting Poses Custodial Risk to User Funds
ARTToken.sol
L310-314
L316-329
Description

The setBlacklisted and setBlacklistedBatch functions grant owner and admin accounts the unilateral and unchecked power to blacklist any user address. Once an address is blacklisted, all of its ARTToken funds are effectively frozen indefinitely, as the overridden _update function blocks all transfers to and from that address. The protocol lacks any mechanism for appeal, a time limit on the blacklist duration, or a governance process to challenge or review these decisions. This creates a significant centralization risk, effectively giving administrators custodial control over user assets. A malicious or compromised admin could abuse this power to permanently freeze the funds of legitimate users, while even a well-intentioned admin could make an irreversible mistake. This functionality fundamentally undermines the principles of self-custody and trustlessness expected in a decentralized protocol.

Comments

To mitigate this custodial risk, the blacklisting mechanism must be decentralized and bound by clear, transparent rules. The power to blacklist should be moved from a single owner/admin to a multi-signature wallet controlled by a distributed committee or a formal governance contract (like a DAO) that requires a vote. Furthermore, a time-lock mechanism should be implemented, where a proposed blacklisting is announced publicly on-chain and only takes effect after a delay period (e.g., 48 hours), giving the community time to react. An on-chain appeals process or a maximum duration for any blacklist before it requires a renewal vote should also be considered to protect users from permanent and arbitrary seizure of their assets.

Acknowledged

#3 medium Issue
Centralized and Indefinite Pausing Power Creates Full Custodial Risk Over All User Assets
ARTToken.sol
L343
Description

The pause function in the ARTToken contract provides owner and admin accounts with the unilateral ability to halt all token transfers and balance-update operations across the entire protocol. Because the check is implemented in the _update function, it effectively freezes every user's assets instantly. The protocol does not include any mechanism to limit the duration of this pause, meaning an administrator could freeze the system for an indefinite period. This functionality centralizes an extreme level of control, transforming a supposedly self-custodial token into a de facto custodial one where users can be denied access to their funds at any time, for any reason, without a transparent process or right of appeal. A compromised or malicious admin could exploit this to hold the entire system's assets hostage.

Comments

The power to pause the contract must be decentralized and time-bound to function as a legitimate emergency tool rather than a control mechanism. The ability to pause should be transferred from a single owner to a secure multi-signature wallet or, preferably, a formal governance contract that requires a community vote. Furthermore, any pause action must have a strictly enforced maximum duration (e.g., 7 days), after which the system automatically unpauses. Extending the pause would require another successful governance vote, ensuring that freezing user funds is a temporary, transparent, and community-approved emergency measure, not a permanent state controlled by a central authority.

informational Issues | 1 findings

Resolved

#1 informational Issue
Floating pragma solidity version.
ARTToken.sol
L2
Description

Adding the constant version of solidity is recommended, as this prevents the unintentional deployment of a contract with an outdated compiler that contains unresolved bugs.