SCOTT Info
Launched in 2024, Scott was created to show that finance can be fun and engaging, not just serious numbers and charts. Inspired by the playful side of the internet, Scott mixes memes with Solana blockchain technology.
TrustNet Score
The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.
Real-Time Threat Detection
Real-time threat detection, powered by Cyvers.io,
is currently not
activated
for this project.
This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks.
For more information, click here.
Summary and Final Words
No crucial issues found
The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.
Contract owner cannot mint
It is not possible to mint new tokens.
Contract cannot be locked
Owner cannot lock any user funds.
Ownership is renounced
The contract does not include owner functions that allow post-deployment modifications.
Scope of Work
Our focus is on evaluating key security elements of the Solana Program associated with your SPL token. Specifically, we examine whether critical authorities have been appropriately revoked and assess the token’s metadata for mutability.
Authority Review:
- We ensure that the Minting and Freeze Authority has been revoked. If these authorities remain active, there is a high security risk, as they allow further minting or freezing of tokens.
- We also check whether the Update Authority has been revoked. If not, this represents a low security risk, but it could still allow modifications to the token metadata.
Metadata Mutability:
- We verify if the token metadata is still set to isMutable = true. If so, this could permit future changes to the metadata, which poses a potential security concern.
This audit is conducted based on real-time program data on the Solana blockchain, without the need for files or external submissions. The findings focus solely on the claims related to authority revocation and metadata mutability, ensuring the token complies with industry best practices for security and immutability.
Final Words
The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.
What is a Token-2022 Token?
A Token-2022 token is an extended token standard on the Solana blockchain that enhances the original SPL Token program with advanced features. These include transfer fees, interest accrual, metadata pointers, permanent delegation, and fine-grained control over token permissions. Token-2022 tokens can represent various digital assets and are compatible with existing Solana infrastructure. Their extended capabilities make them well-suited for use in decentralized finance (DeFi), programmable assets, and regulated financial instruments.
Ownership & Permissions
The Mint Authority and Freeze Authority have been revoked, meaning no additional tokens can be minted and no accounts can be frozen. However, the Update Authority remains active, and the token's metadata is currently set to isMutable = true, allowing future modifications to its name, symbol, or URI. Additionally, a transfer fee mechanism is active, charging 0.6% per transfer with a defined maximum fee.
Important Notice
This audit report focuses solely on the security configuration of a single Token-2022 contract. It does not include functional or unit testing of the token's logic. Furthermore, no additional contracts related to the broader project were included in this review. Investors are advised to conduct independent due diligence before interacting with this token or associated assets.
Files and details
Findings and Audit result
informational Issues | 1 findings
Pending
#1 informational Issue
Mutable Metadata
Metadata of a token includes details such as its name, symbol, image, and other relevant information. The authority to modify this metadata resides with the owner of the token contract. The updateAuthority holds the power to alter the token metadata, including aspects like the name, symbol, and logo. While changes of this nature are uncommon, it is important to acknowledge that they can occur.