Discovery Trending Launches KYC Verified Watchlist Risk Alerts
Token Minter AI Threat Detection Token Burner
Blog & News Docs Visit SolidProof.io

SCADA Info

nukethesupply.com

Supply Block is SCADA's core innovation — a function that, when triggered, removes a portion of the bonus liquidity SCADA farms from trading and splits the retrieved tokens: 90% of SCADA is permanently burned, reducing total supply forever. The remaining portion is distributed as rewards to stakers and the caller who executed the block. Meanwhile, the paired WPLS is used to market-buy SCADA, creating upward price pressure. This process strengthens the liquidity floor while continuously shrinking the circulating supply — a self-reinforcing cycle that rewards holders over time.

SCADA Logo
Onboarded date 04/05/2026

TrustNet Score

The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.

23.86
Poor Excellent

Real-Time Threat Detection

Real-time threat detection, powered by Cyvers.io, is currently not activated for this project.

This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks. For more information, click here.

Security Assessments

Select the audit
"Static Analysis Dynamic Analysis Symbolic Execution SWC Check Manual Review"
Contract address
N/A
Network N/A
License N/A
Compiler N/A
Type N/A
Language Solidity
Onboard date 2026/05/04
Revision date 2026/05/04

Summary and Final Words

No crucial issues found

The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.

Contract owner cannot mint

It is not possible to mint new tokens.

Contract owner cannot blacklist addresses.

It is not possible to lock user funds by blacklisting addresses.

Contract owner cannot set high fees

The fees, if applicable, can be a maximum of 25% or lower. The contract can therefore not be locked. Please take a look in the comment section for more details.

Contract cannot be locked

Owner cannot lock any user funds.

Token cannot be burned

There is no burning within the contract without any allowances

Ownership is renounced

The contract does not include owner functions that allow post-deployment modifications.

Contract is not upgradeable

The contract does not use proxy patterns or other mechanisms to allow future upgrades. Its behavior is locked in its current state.

Scope of Work

This audit encompasses the evaluation of the files listed below, each verified with a SHA-1 Hash. The team referenced above has provided the necessary files for assessment.

The auditing process consists of the following systematic steps:

  1. Specification Review: Analyze the provided specifications, source code, and instructions to fully understand the smart contract's size, scope, and functionality.
  2. Manual Code Examination: Conduct a thorough line-by-line review of the source code to identify potential vulnerabilities and areas for improvement.
  3. Specification Alignment: Ensure that the code accurately implements the provided specifications and intended functionalities.
  4. Test Coverage Assessment: Evaluate the extent and effectiveness of test cases in covering the codebase, identifying any gaps in testing.
  5. Symbolic Execution: Analyze the smart contract to determine how various inputs affect execution paths, identifying potential edge cases and vulnerabilities.
  6. Best Practices Evaluation: Assess the smart contracts against established industry and academic best practices to enhance efficiency, maintainability, and security.
  7. Actionable Recommendations: Provide detailed, specific, and actionable steps to secure and optimize the smart contracts.

A file with a different Hash has been intentionally or otherwise modified after the security review. A different Hash may indicate a changed condition or potential vulnerability that was not within the scope of this review.

Final Words

The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.

Smart Contract Analysis Statement

Contract Analysis

The SCADAManager contract implements the deflationary engine for SCADA, including the supplyBlock buyback-and-burn cycle, accumulation of LP tokens minted by the auto-tax mechanism, distribution of staker rewards via the SCADAMiner, and a small caller incentive that makes supplyBlock self-sustaining. The contract is deployed and immutable, and Ownable owner has been renounced on-chain (manager.owner() returns address(0), verified via transaction 0xe6308d...). The team has acknowledged each finding below and provided on-chain or operational mitigations. Residual concerns are summarized as follows:

  • supplyBlock spends the entire WETH balance for the buyback rather than only the WETH freed by removeLiquidity. The donation-grief vector is uneconomic in steady state: a donor consumes their own WETH into a buyback that benefits all SCADA holders (90 percent burn, capped sharePoolPercent to the miner reward pool, capped callerRewardPercent at 1 percent to the caller). A donor cannot extract more than the caller-reward fraction even if they call supplyBlock themselves. Severity downgraded to Low.
  • The router calls inside supplyBlock (removeLiquidity and the SCADA buyback) use zero slippage parameters. MEV exposure on the permissionless supplyBlock path is bounded by the round-trip tax cost (2.20 percent of swap notional against the protocol's own pair) and economically nudged toward private-mempool submission by the 1 percent caller reward, which a sandwiched caller would forfeit. The Flashbots / private-mempool submission is a caller-side recommendation rather than a contract-level guarantee. Severity retained at High to reflect residual risk on the public mempool, especially for shallow-liquidity periods or large extraLP withdrawals.
  • The contract has a payable receive() but no path to move ETH out. With ownership renounced, no extraction function can ever be added. Any ETH that lands here is permanently locked. Severity retained at Medium; operational mitigation is to monitor the manager address for any inbound ETH and treat it as an unrecoverable user error. The receive() removal is recommended for any future redeployment.
  • The staker-reward and caller-reward transfers do not check the boolean return value. The token transferred is SCADA itself, an OpenZeppelin-based ERC-20 stored as immutable inside the manager that reverts on failure and unconditionally returns true. The downstream miner concern is therefore not reachable on the deployed system; severity downgraded to Low.

Initial Liquidity Lock

The deployment sequence routes the entire 1,000,000 SCADA initial supply (minted to SCADAManager in the SCADAToken constructor) together with the WETH the deployer pre-funded via depositWETH() into a single Uniswap V2 SCADA/WETH LP through the one-shot initializeLiquidity() function. The LP tokens are minted to the SCADAManager contract itself, and the initialLP balance is snapshotted at the end of the call. After this:

  • initializeLiquidity() can never run a second time - the liquidityInitialized flag is set permanently to true, and Ownable.owner() has subsequently been renounced to address(0) via transaction 0xe6308d..., making every onlyOwner function permanently uncallable.
  • SCADAManager exposes no function - admin, creator, or permissionless - that transfers the LP token out of the contract, withdraws the underlying SCADA and WETH backing it, or grants a configurable spender any allowance on the pair token. The only allowance ever set on the LP token is a one-shot bounded approval inside supplyBlock that is consumed immediately by the subsequent removeLiquidity call.
  • supplyBlock can only act on a bounded fraction of LP that the auto-tax mechanism contributes after bootstrap (capped at 90 percent of the extraLP counter, which by construction excludes initialLP). The unwound SCADA and WETH are distributed entirely in SCADA via burn, staker reward, and the bounded caller incentive (at most 1 percent of the bought-back SCADA, paid in SCADA, not in LP or WETH). No actor - including the deployer - can withdraw LP tokens or the underlying WETH through this path.
  • There is no withdrawLP, rescueLP, transferLP, emergencyWithdraw, migrate, or setLPRecipient function in the contract. There is no delegatecall, no upgrade proxy, and no selfdestruct.

The initial LP baseline (the initialLP snapshot taken at the end of initializeLiquidity()) is therefore structurally retained by the SCADAManager contract for the life of the deployment. The post-bootstrap extra LP that the auto-tax mechanism subsequently accumulates is removed only in bounded portions by the permissionless supplyBlock cycle described above, and in every case the unwound SCADA and WETH are routed entirely through burn + staker reward + bounded caller incentive - never to the deployer or any admin. No role - admin, creator, or permissionless caller - can withdraw LP tokens or their underlying SCADA and WETH to themselves. A full enumeration of every LP-touching surface in SCADAManager.sol is available in section 1.3 of the audit report.

Ownership Privileges

The ownership of the contract has been renounced (manager.owner() returns address(0), verified on-chain via transaction 0xe6308d...). A separate immutable creator role retains permanent but bounded parameter-tuning powers, while a one-shot bridge setter locks the bridge address permanently after the first call. The owner retains full privileges including:

  • Adjust the supplyBlock LP threshold inside [0.0001%, 10%]
  • Adjust the staker share inside [1%, 50%] and the caller incentive inside [0.1%, 1%]
  • One-shot setter for the SCADABridge address (cannot be changed once set)
  • Cannot replace the SCADAMiner, set or change parameters that affect user balances, or recover the contract's ETH
  • Cannot mint or move SCADA outside the supplyBlock cycle
  • Cannot pause or freeze the deflationary cycle - supplyBlock is permissionless
  • Cannot withdraw the initial LP baseline or any unwound LP value to themselves or any other admin - initializeLiquidity() is one-shot and mints LP to the contract itself, and the only LP-affecting operation in the contract (the permissionless supplyBlock cycle) removes a bounded portion of post-bootstrap LP and routes the unwound value exclusively through burn / staker reward / bounded caller incentive (see Initial Liquidity Lock above)
  • Cannot replace the SCADAToken reference (it is set at construction and is immutable)

Security Features

The contract implements several positive security features:

  • The SCADAToken and creator references are stored as immutable, so they cannot be changed for the lifetime of the contract.
  • ReentrancyGuard on every state-mutating external function, plus a separate try/catch around the bridge collateral burn so a failing bridge cannot break the deflationary cycle.
  • supplyBlock is permissionless and gated by the readyForSupplyBlock predicate, so the deflationary cycle does not depend on any privileged account.
  • The Ownable owner has been renounced on-chain, freezing the configuration of the deployed instance.
  • The initial LP baseline (initialLP) is structurally retained by the SCADAManager contract - initializeLiquidity() is a one-shot function that mints LP to the contract itself and cannot be called a second time. The only LP-affecting operation in the contract is the permissionless supplyBlock cycle, which removes a bounded portion of post-bootstrap auto-LP and routes the unwound SCADA and WETH entirely through burn / staker reward / bounded caller incentive. No code path transfers LP tokens or unwound LP value to the deployer or any other admin.

Note - This Audit report consists of a security analysis of the SCADAManager smart contract. This analysis did not include economic analysis of the contract's tokenomics. Moreover, we only audited the main contract for the SCADAManager team. Other contracts associated with the project were audited separately by our team. We recommend investors do their own research before investing.

Files and details

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Findings and Audit result

Critical
High
2
Medium
9
Low
1
Optimization
4
Informational
medium Issues | 2 findings

Acknowledged

#1 medium Issue
Contract accepts ETH but provides no withdrawal path - permanently locked ether
SCADAManager.sol
L286-287
Description

The contract has a payable receive() function but no path to move ETH out. supplyBlock works on WETH, removeLiquidity returns WETH (not ETH), and _buySCADA uses token-to-token swaps. There is no rescueETH function, no admin path, no permissionless drain. Owner is address(0) (renounced), so the path cannot be added later. Any ETH that lands on this contract - via selfdestruct, accidental transfer, or anything else - is permanently unrecoverable.

Comments

Remove the 'receive() external payable {}' function entirely. The manager has no legitimate need to accept raw ETH - removeLiquidity returns WETH, and _buySCADA uses the token-to-token swap variant. Forcing accidental sends to revert is the safest behavior. For the deployed instance, set up Etherscan monitoring to detect any ETH ingress and accept that any incoming ETH is unrecoverable.

Alleviation

Acknowledged as a permanent residual risk. The manager has no legitimate path to receive raw ETH (removeLiquidity returns WETH; _buySCADA is token-to-token), and there is no withdrawal counterpart to receive(). With manager.owner() renounced via 0xe6308d..., no ETH-extraction function can be added later. Any ETH that lands at this address (selfdestruct from another contract, accidental transfer, fee refund from a future protocol integration) is permanently inaccessible. Operational mitigation: monitor the manager address on Etherscan for any inbound ETH transactions and treat them as user errors that cannot be reversed. The receive() removal is recommended for any future redeployment so accidental sends revert at the source. Severity retained at Medium.

Acknowledged

#2 medium Issue
No slippage protection in initializeLiquidity, supplyBlock removeLiquidity, and _buySCADA
SCADAManager.sol
L132-141
L187-195
L259-265
Description

Three router calls ship with all minimum-out parameters set to zero. supplyBlock is permissionless and economically incentivized via callerRewardPercent, so MEV searchers can call it themselves and sandwich the embedded removeLiquidity and _buySCADA in a single bundle, capturing the arbitrage that should have gone to burning and stakers. _buySCADA uses the fee-on-transfer router variant, which the Uniswap docs explicitly recommend protecting with a non-zero amountOutMin since that variant skips the K-invariant slippage check.

Comments

Compute on-chain minimum-out values from the pair's current reserves with a fixed tolerance such as 5%, and pass them to the router calls. For example, in supplyBlock: 'IUniswapV2Router02(UNISWAP_V2_ROUTER).removeLiquidity(address(scadaToken), WETH, lpToRemove, minSCADAOut, minWETHOut, address(this), block.timestamp + 600);' where minSCADAOut and minWETHOut are derived from getReserves with 95% tolerance. Optionally make the slippage tolerance creator-configurable within hardcoded bounds (e.g. 50-500 basis points).

Alleviation

Three sub-paths and three different mitigation postures. (1) initializeLiquidity is onlyOwner and ran exactly once during bootstrap; with manager.owner() now renounced, the function is permanently uncallable and the slippage exposure on that path is closed. (2) supplyBlock removeLiquidity and (3) _buySCADA both run inside the permissionless supplyBlock path. MEV exposure on these is bounded by the round-trip tax cost a sandwicher must pay against the protocol's own SCADA/WETH pair (1.00 percent buy + 1.20 percent sell = 2.20 percent of swap notional), and an additional caller-side incentive: callerRewardPercent (capped at 1 percent of the buyback) economically rewards the first responder for using a private mempool such as Flashbots, since a publicly-submitted supplyBlock that gets sandwiched costs the caller their reward share. The Flashbots argument is a caller-side recommendation and not a contract-level guarantee; a casual user who submits supplyBlock through the public mempool can still be sandwiched on shallow-liquidity periods or large extraLP withdrawals. The contract is deployed and immutable, so the on-chain slippage parameters cannot be retrofitted. Operational mitigation: document the recommendation that supplyBlock callers use a private-mempool RPC (Flashbots Protect or equivalent), and monitor pool depth so operators can pause off-chain integrations if reserves erode below the level where the tax-cost band closes the sandwich window. Severity retained at High to reflect the residual MEV risk on the permissionless path. The on-chain slippage hardening is recommended for any future redeployment.

low Issues | 9 findings

Pending

#1 low Issue
Strict greater-than comparison on actualLPBalance can revert valid supplyBlock calls
SCADAManager.sol
L180
Description

supplyBlock requires actualLPBalance to be strictly greater than lpToRemove. When the LP balance equals exactly lpToRemove (which can happen after a previous failed supplyBlock or specific accounting paths), the function reverts even though the call is mathematically valid.

Comments

Change 'require(actualLPBalance > lpToRemove, "Insufficient LP balance");' to 'require(actualLPBalance >= lpToRemove, "Insufficient LP balance");'. The mathematically valid case where the manager holds exactly lpToRemove should succeed.

Acknowledged

#2 low Issue
setRewardPercentages emits no event
SCADAManager.sol
L337-344
Description

setRewardPercentages mutates two protocol-critical splits (sharePoolPercent and callerRewardPercent) but emits no event. Off-chain reward dashboards or analytics cannot detect the change without polling state.

Comments

Add an event such as 'event RewardPercentagesUpdated(uint256 sharePoolPercent, uint256 callerRewardPercent);' and emit it at the end of setRewardPercentages. This allows off-chain dashboards and monitoring to detect changes to the buyback split parameters.

Alleviation

setRewardPercentages remains callable by the permanent creator role (not subject to ownership renouncement). Without an event, parameter changes are not directly indexable. Operational mitigation is to monitor sharePoolPercent and callerRewardPercent via direct storage reads on a periodic schedule and cross-reference against expected values. The contract is deployed and immutable. The event addition is recommended for any future redeployment.

Acknowledged

#3 low Issue
nonReentrant modifier is not the first modifier
SCADAManager.sol
L120
L327
Description

initializeLiquidity and depositWETH list onlyOwner before nonReentrant. The current onlyOwner modifier does not make external calls, so this is not exploitable today, but the recommended best practice is to put nonReentrant first.

Comments

Reorder the modifiers so nonReentrant comes first: 'function initializeLiquidity() external nonReentrant onlyOwner { ... }' and 'function depositWETH(uint256 amount) external nonReentrant onlyOwner { ... }'. Defense-in-depth so the reentrancy guard always runs before any other modifier code.

Alleviation

initializeLiquidity and depositWETH are both onlyOwner; with manager.owner() now address(0) (renounced via 0xe6308d...), both functions are permanently uncallable on the deployed instance. The modifier-order concern therefore has no remaining surface on the live contract. Recommendation retained for any future redeployment.

Pending

#4 low Issue
Empty require string in setLpBlockThreshold
SCADAManager.sol
L302
Description

setLpBlockThreshold uses a require with a comment but no revert string: 'require(threshold >= 1 && threshold <= 100_000); // 0.0001% - 10%'. This makes failure modes harder to debug from transaction traces.

Comments

Add a descriptive revert reason or replace with a custom error: 'error InvalidThreshold(uint256 provided); if (threshold < 1 || threshold > 100_000) revert InvalidThreshold(threshold);'. Custom errors are also cheaper to emit than revert strings.

Acknowledged

#5 low Issue
Solidity 0.8.20 has known issues - prefer a newer patch version
SCADAManager.sol
L1
Description

Solidity 0.8.20 contains three documented compiler issues (VerbatimInvalidDeduplication, FullInlinerNonExpressionSplitArgumentEvaluationOrder, MissingSideEffectsOnSelectorAccess). None apply to this codebase, but using the most recent patched compiler is preferred.

Comments

For any future redeployment, pin the pragma to 0.8.24 or later and recompile. The deployed contract cannot be patched in place; this applies to forks, migrations, and future versions.

Alleviation

Acknowledged for any future redeployment. The deployed bytecode cannot be patched in place. None of the three documented 0.8.20 issues apply to this codebase as written.

Acknowledged

#6 low Issue
burnCollateral wrapped in try/catch can silently desync the cross-chain peg invariant under persistent failure
SCADAManager.sol
L227-234
Description

supplyBlock wraps the burnCollateral call in a try/catch with a CollateralBurnSkipped event. This is a deliberate liveness choice - it prevents a failing bridge from blocking the deflationary cycle - but it means the documented peg invariant 'wscada in bridge equals SCADA totalSupply minus the 1M seed' becomes a soft target rather than a hard one. If burnCollateral fails repeatedly (paused wSCADA, future bridge upgrade, blacklisted recipient, etc.), the bridge accumulates excess wSCADA collateral that no longer corresponds to circulating SCADA on Ethereum. There is no on-chain reconciliation path.

Comments

Treat persistent failures of burnCollateral as a peg-monitoring concern. Either propagate the revert (so supplyBlock fails loudly and operators are forced to investigate), or persist the requested-but-not-burned amount in a state variable so a future call can attempt to burn the cumulative shortfall once the bridge becomes responsive again. Add explicit off-chain monitoring on the documented invariant 'wscada.balanceOf(bridge) is approximately scada.totalSupply() minus the 1M deployment seed' so any drift is visible quickly.

Alleviation

Acknowledged as a deliberate liveness choice: the try/catch prevents a failing bridge from blocking the deflationary cycle, at the cost of converting the cross-chain peg invariant from a hard target into a soft target. Every catch arm emits CollateralBurnSkipped(amount), so off-chain monitoring can detect missed burns deterministically. The contract is deployed and immutable; the cumulative-shortfall accumulator pattern is recommended for any future redeployment. Operational mitigation: monitor the documented invariant 'wscada.balanceOf(bridge) is approximately scada.totalSupply() minus the 1,000,000 deployment seed' continuously and alert on drift, plus alert on any CollateralBurnSkipped event for forensic correlation. Severity retained at Low.

Acknowledged

#7 low Issue
setMiner is not one-shot - mitigated for deployed instance by ownership renouncement
SCADAManager.sol
L309-313
Description

Unlike setScadaBridge, which has a one-shot guard, setMiner can be called repeatedly by the owner. Pre-renouncement, the owner could wait for extraLP to accumulate, replace scadaMiner with a malicious contract, then call permissionless supplyBlock to siphon the share-pool reward. Owner-only mutability of a contract reference that supplyBlock blindly calls is a centralization vector during the deployment window.

Comments

For any future redeployment, mirror setScadaBridge by adding a one-shot guard: 'require(address(scadaMiner) == address(0), "Miner already set");'. This ensures the miner address can only ever be set once and removes the pre-renouncement attack surface.

Alleviation

Mitigated on the deployed instance: ownership has been renounced via transaction 0xe6308dc9026f94c9b4b4d6af1e21c0199c75c27c27fe54ca1fe1ec2aa855f7ca and manager.owner() now returns 0x0. The function is therefore permanently uncallable on the live contract. The finding is retained for source-code audit purposes and any future redeployment.

Acknowledged

#8 low Issue
Unchecked ERC-20 transfer return values for staker rewards and caller incentive (downgraded from H-01)
SCADAManager.sol
L215
L220
Description

supplyBlock calls scadaToken.transfer(scadaMiner, sharePoolReward) and scadaToken.transfer(msg.sender, callerReward) without checking the boolean return value. SCADA itself returns true, so the calls are currently safe. However, combined with the miner crediting accRewardPerShare based on the input amount (and not on actual balance change), any silent transfer failure or future change to the SCADA token would cause the miner to over-promise rewards, eventually leading to claim reverts and locked-out stakers.

Comments

Use SafeERC20.safeTransfer for both transfers in supplyBlock: 'SafeERC20.safeTransfer(IERC20(address(scadaToken)), address(scadaMiner), sharePoolReward);' and 'SafeERC20.safeTransfer(IERC20(address(scadaToken)), msg.sender, callerReward);'. Even though SCADA always returns true today, using SafeERC20 future-proofs the manager and removes the entire detector class from future audits.

Alleviation

The token transferred at both call sites is SCADA itself, an OpenZeppelin-based ERC-20 deployed by this manager. SCADA's transfer reverts on failure and unconditionally returns true on success - the silent-false branch this finding describes is unreachable. The SCADA reference is stored as immutable inside SCADAManager (line 36 of SCADAManager.sol), so the token cannot be swapped for a less-well-behaved implementation. The downstream miner concern (over-credited rewards locking out claims) is therefore not reachable on the deployed system. The contract is deployed and immutable. Severity downgraded from High to Low to reflect the unreachability of the underlying failure mode under the deployed token. The SafeERC20 hardening is recommended for any future redeployment.

Acknowledged

#9 low Issue
supplyBlock consumes the entire WETH balance for buyback, not just the WETH freed by removeLiquidity (downgraded from M-02)
SCADAManager.sol
L199-202
Description

After removeLiquidity returns (amountSCADA, amountWETH), the function spends the entire WETH balance of the contract for the buyback rather than only amountWETH. This conflates WETH freed by removeLiquidity, leftover WETH from depositWETH that initializeLiquidity did not consume, and any WETH donated or accidentally sent. An external party can grief the protocol by donating WETH right before someone calls supplyBlock, forcing a larger-than-intended buyback at potentially unfavorable prices, and the caller-reward calculation will then include a fraction of the donation.

Comments

Track the WETH freed by removeLiquidity and only spend that, not the entire contract balance. Replace 'uint256 wethForBuying = IERC20(WETH).balanceOf(address(this));' with the value returned by removeLiquidity: 'if (amountWETH > 0) { _buySCADA(amountWETH); }'. If accumulating donor WETH is intended behavior, document it explicitly and add a dashboard for the discrepancy.

Alleviation

The donation-grief vector is uneconomic in steady state. A donor consumes their own WETH into a buyback that benefits all SCADA holders: 90 percent of the resulting SCADA is burned, sharePoolPercent (capped at 50 percent, currently 10 percent) is routed to the miner reward pool, and at most callerRewardPercent (capped at 1 percent) is paid to the caller. A donor cannot extract more than the caller-reward fraction of their own donation even if they call supplyBlock themselves; the remaining 99+ percent of the donation amplifies a deflationary cycle that benefits all holders proportionally. Net effect is a small economic loss to the donor and a slightly larger burn-and-reward cycle for everyone else, including the donor if they hold SCADA. The contract is deployed and immutable. Severity downgraded from Medium to Low to reflect the uneconomic nature of the documented griefing path. The amountWETH-only spend is recommended for any future redeployment.

optimization Issues | 1 findings

Pending

#1 optimization Issue
Multiple ERC-20 approve calls ignore the boolean return value
SCADAManager.sol
L101
L102
L108
L109
L184
Description

The constructor, resetApprovals, and supplyBlock all call IERC20.approve(...) without checking the return value. The current targets (SCADA, WETH, Uniswap pair) are well-behaved and return true, but using SafeERC20.forceApprove is the modern, standard pattern.

Comments

Use SafeERC20.forceApprove (OpenZeppelin v5+) for all infinite approvals to the Uniswap router. This handles tokens that require setting the allowance to zero before changing it, and removes the detector noise. The calls are safe with SCADA and WETH today, but force-approve is the standard pattern.

informational Issues | 4 findings

Pending

#1 informational Issue
Contract does not formally inherit from a matching interface
SCADAManager.sol
L32
Description

SCADAToken declares a local ISCADAManager interface in its own file with just notifyNewLP, but SCADAManager itself does not inherit from any interface. The compiler cannot verify that the manager's public surface matches what consumers expect.

Comments

Define an ISCADAManager interface that exposes the public surface used by SCADAToken (notifyNewLP) and any other consumers, and have SCADAManager inherit from it: 'contract SCADAManager is Ownable, ReentrancyGuard, ISCADAManager { ... }'. This makes the compiler enforce signature parity and removes the duplicated declarations currently scattered across files.

Pending

#2 informational Issue
Strict equality on initialLP == 0 is intentional but flagged by detectors
SCADAManager.sol
L271
Description

readyForSupplyBlock uses 'if (initialLP == 0) return false;' to gate the predicate before liquidity is initialized. The strict equality is correct, but Slither flags it as a dangerous strict equality. Documenting the intent inline prevents future false positives during reviews.

Comments

No code change required. Add a brief inline comment clarifying that the strict equality is intentional - it gates the readiness predicate to 'uninitialised state returns false' - so the project documentation and future maintainers do not treat this as a bug.

Pending

#3 informational Issue
Function parameters use leading-underscore naming instead of mixedCase
SCADAManager.sol
L302
L310
Description

Several function parameters use leading underscores, deviating from the Solidity style guide's mixedCase convention. Pure style.

Comments

Rename parameters such as '_scadaMiner', '_scadaBridge', '_sharePoolPercent', and '_callerRewardPercent' to plain mixedCase ('scadaMiner', 'newBridge', 'sharePoolPercent', etc.). This is a cosmetic change to align with the Solidity style guide and does not affect the ABI.

Pending

#4 informational Issue
Magic numbers in distribution math should be named constants
SCADAManager.sol
L176
L210
L211
L277
Description

supplyBlock and readyForSupplyBlock use literal numbers (9000, 10000, 1_000_000) for percentage and threshold math. Named constants improve readability and make accidental future changes less likely.

Comments

Replace '9000', '10000', and '1_000_000' with named constants such as 'uint256 constant LP_REMOVE_BPS = 9000;', 'uint256 constant BPS_DENOMINATOR = 10_000;', and 'uint256 constant THRESHOLD_DENOMINATOR = 1_000_000;'. This makes the distribution math self-documenting.