Discovery Trending Launches KYC Verified Watchlist Risk Alerts
Token Minter AI Threat Detection Token Burner
Blog & News Docs Visit SolidProof.io

Vektro Info

vektro.app

Vektro is on a mission to make enterprise-grade blockchain intelligence accessible to everyone. We believe that powerful crypto forensics tools shouldn't be locked behind expensive contracts or require specialized training. Every crypto user deserves the ability to track, analyze, and protect their digital assets with the same tools used by institutions.

Vektro Logo
Onboarded date 11/12/2025

TrustNet Score

The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.

70.95
Poor Excellent

Real-Time Threat Detection

Real-time threat detection, powered by Cyvers.io, is currently not activated for this project.

This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks. For more information, click here.

Security Assessments

"Static Analysis Dynamic Analysis Symbolic Execution SWC Check Manual Review"
Contract address
N/A
Network N/A
License N/A
Compiler N/A
Type N/A
Language Solidity
Onboard date 2025/12/11
Revision date 2025/12/11

Summary and Final Words

No crucial issues found

The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.

Contract owner cannot mint

It is not possible to mint new tokens.

Contract owner cannot blacklist addresses.

It is not possible to lock user funds by blacklisting addresses.

Contract owner cannot set high fees

The fees, if applicable, can be a maximum of 25% or lower. The contract can therefore not be locked. Please take a look in the comment section for more details.

Contract cannot be locked

Owner cannot lock any user funds.

Token cannot be burned

There is no burning within the contract without any allowances

Ownership is not renounced

The owner retains significant control, which could potentially be used to modify key contract parameters.

Contract is not upgradeable

The contract does not use proxy patterns or other mechanisms to allow future upgrades. Its behavior is locked in its current state.

Scope of Work

This audit encompasses the evaluation of the files listed below, each verified with a SHA-1 Hash. The team referenced above has provided the necessary files for assessment.

The auditing process consists of the following systematic steps:

  1. Specification Review: Analyze the provided specifications, source code, and instructions to fully understand the smart contract's size, scope, and functionality.
  2. Manual Code Examination: Conduct a thorough line-by-line review of the source code to identify potential vulnerabilities and areas for improvement.
  3. Specification Alignment: Ensure that the code accurately implements the provided specifications and intended functionalities.
  4. Test Coverage Assessment: Evaluate the extent and effectiveness of test cases in covering the codebase, identifying any gaps in testing.
  5. Symbolic Execution: Analyze the smart contract to determine how various inputs affect execution paths, identifying potential edge cases and vulnerabilities.
  6. Best Practices Evaluation: Assess the smart contracts against established industry and academic best practices to enhance efficiency, maintainability, and security.
  7. Actionable Recommendations: Provide detailed, specific, and actionable steps to secure and optimize the smart contracts.

A file with a different Hash has been intentionally or otherwise modified after the security review. A different Hash may indicate a changed condition or potential vulnerability that was not within the scope of this review.

Final Words

The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.

Ownership Privileges
  • The owner can update the buy, sell, and transfer tax to not more than 10%, respectively.
  • The owner can add the tax wallet.
  • The owner can update the tax wallet.
  • The owner can remove the tax wallet.
  • The owner can replace the entire list of tax wallets.
  • The owner can update the minimum and maximum token amounts for automatic tax selling.
  • The owner can whitelist an address to exempt it from taxes.
  • The owner can enable or disable the automatic swapping of tax tokens.
  • The owner can pause or resume the automatic selling of tax tokens.
  • The owner can enable or disable all taxes.
  • The owner can permanently disable all taxes.
  • The owner can withdraw all collected VKT tokens from the contract to any address.
  • The owner can withdraw all collected USDC from the contract to any address.

Note - This Audit report consists of a security analysis of the Vektro smart contract. This analysis did not include functional testing (or unit testing) of the contract’s logic. Moreover, we only audited one token contract for the Vektro team. Other contracts associated with the project were not audited by our team. We recommend investors do their own research before investing.

Files and details

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Findings and Audit result

Critical
High
Medium
Low
Optimization
3
Informational
informational Issues | 3 findings

Acknowledged

#1 informational Issue
Floating pragma solidity version.
VKT.sol
L9
Description

Adding the constant version of solidity is recommended, as this prevents the unintentional deployment of a contract with an outdated compiler that contains unresolved bugs.

Acknowledged

#2 informational Issue
Missing events arithmetic
VKT.sol
L355-357
Description

It is recommended to emit all the critical parameter changes.

Acknowledged

#3 informational Issue
Unlimited Slippage Risk During Automated Tax Token Swaps
VKT.sol
L196-230
L400-419
Description

The smart contract contains a vulnerability in its _sellTaxTokens and manualSellTaxTokens functions where collected tax tokens (VKT) are swapped for USDC. The swap is executed via the Uniswap V2 router with the amountOutMin parameter set to 0. This configuration instructs the router to accept any resulting amount of USDC, regardless of how unfavorable the exchange rate is. This exposes the transaction to significant value loss from slippage, which can be caused by normal market volatility or exploited maliciously through front-running or sandwich attacks. Consequently, the funds designated for distribution to tax wallets could be substantially diminished during the swap process.

Comments

To mitigate this risk, the contract should be modified to calculate and enforce a dynamic minimum output amount for each swap. Instead of using a hardcoded 0, the function should first query a reliable on-chain price oracle (such as Chainlink or Uniswap's own TWAP) to determine the current market rate between VKT and USDC. Based on this rate, it should calculate the expected USDC output and then subtract a small, predefined slippage tolerance (e.g., 1-3%) to derive a reasonable amountOutMin. This would ensure that the swap only executes if the resulting USDC amount is within an acceptable range of the fair market value, protecting the tax funds from severe slippage and potential manipulation.