ZYPHRON Info
Zyphron Network (ZYN) is a next-generation digital finance platform focused on simplicity, security, and long-term stability. Built on advanced blockchain infrastructure, it empowers users to trade, earn, and grow with confidence in a rapidly evolving crypto ecosystem.
TrustNet Score
The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.
Real-Time Threat Detection
Real-time threat detection, powered by Cyvers.io,
is currently not
activated
for this project.
This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks.
For more information, click here.
Summary and Final Words
No crucial issues found
The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.
Contract owner cannot mint
It is not possible to mint new tokens.
Contract owner cannot blacklist addresses.
It is not possible to lock user funds by blacklisting addresses.
Contract owner cannot set high fees
The fees, if applicable, can be a maximum of 25% or lower. The contract can therefore not be locked. Please take a look in the comment section for more details.
Contract cannot be locked
Owner cannot lock any user funds.
Token cannot be burned
There is no burning within the contract without any allowances
Ownership is not renounced
The owner retains significant control, which could potentially be used to modify key contract parameters.
Contract is not upgradeable
The contract does not use proxy patterns or other mechanisms to allow future upgrades. Its behavior is locked in its current state.
Scope of Work
This audit encompasses the evaluation of the files listed below, each verified with a SHA-1 Hash. The team referenced above has provided the necessary files for assessment.
The auditing process consists of the following systematic steps:
- Specification Review: Analyze the provided specifications, source code, and instructions to fully understand the smart contract's size, scope, and functionality.
- Manual Code Examination: Conduct a thorough line-by-line review of the source code to identify potential vulnerabilities and areas for improvement.
- Specification Alignment: Ensure that the code accurately implements the provided specifications and intended functionalities.
- Test Coverage Assessment: Evaluate the extent and effectiveness of test cases in covering the codebase, identifying any gaps in testing.
- Symbolic Execution: Analyze the smart contract to determine how various inputs affect execution paths, identifying potential edge cases and vulnerabilities.
- Best Practices Evaluation: Assess the smart contracts against established industry and academic best practices to enhance efficiency, maintainability, and security.
- Actionable Recommendations: Provide detailed, specific, and actionable steps to secure and optimize the smart contracts.
A file with a different Hash has been intentionally or otherwise modified after the security review. A different Hash may indicate a changed condition or potential vulnerability that was not within the scope of this review.
Final Words
The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.
Smart Contract Analysis Statement
Contract Analysis
The Zyphron (ZYN) V3 contract is the second revision of the previously audited ERC20 token. External behaviour is unchanged from V2 - a hard-coded initial mint of 50,000,000 tokens, an automatic burn fee on every transfer, an additional sell tax when transferring to a registered DEX pair, a per-transfer cap, an emergency BNB withdrawal, and a stuck-token recovery helper. V3 closes every open finding from the V2 re-audit, including the high-severity sum-of-balances accounting regression introduced by the V2 burn-floor fix:
- The supply-floor remediation has been reworked using the audit's preferred option. The silent cap inside the core ledger update has been removed and replaced by a pre-flight floor check at the entry of the burn primitive. If a voluntary burn would push totalSupply below the declared floor the function reverts atomically with a dedicated custom error, leaving no state changes behind. The balance debit and the supply debit therefore always operate on the same value, preserving the ERC20 invariant that the sum of all balances equals the total supply. The fee-burn path inside the transfer hook is unaffected because the combined burn-fee plus sell-tax math continues to pre-cap to the available headroom.
- The two-step renounceOwnership ceremony introduced in V2 has been hardened with a mandatory 48-hour delay between the two calls. The first call records a future timestamp and emits the ownership-transfer-started event, the second call reverts until the delay has elapsed, and any intervening transferOwnership call cancels a pending renounce. The renounce timelock reuses the same constant as the per-transfer cap timelock, so the irreversible admin surface is now symmetric.
- The Burn event has been moved into the burn primitive itself, so voluntary burn, burnFrom, and the in-transfer fee-burn all emit it exactly once per burn. The previous duplicate-emit risk on the fee-burn path is gone, and indexers that subscribe to Burn no longer miss user-callable burns.
- The constructor now emits the burn-fee-exclusion event for every initial grant - the initial owner, the supply recipient, the contract itself, and the registered DEX pair - so off-chain indexers can reconstruct the full exclusion set from the deployment transaction without reading storage.
- The DEX pair interface is now honest about its surface area: the unused getReserves declaration has been removed alongside the unused factory declaration removed in V2.
- The increaseAllowance and decreaseAllowance helpers are retained for backward compatibility, but they now carry explicit NatSpec warning that they do not eliminate the underlying ERC20 approve race condition. Integrators are pointed at the OpenZeppelin v5 removal rationale.
- Every other V2 fix carries over without regression: zero-value transfers succeed per EIP20, the token-recovery helper rejects non-contract addresses and uses SafeERC20-style return decoding, the setDexPair function mirrors its active argument across the canonical pointer, sell-flag, and exclusion writes, the per-transfer-cap timelock binds the executed amount to the requested amount over a 48-hour delay, and the token-holder counter only changes on real balance transitions.
Ownership Privileges
The ownership of the contract is held by the deployer-supplied initialOwner address using OpenZeppelin's two-step Ownable2Step pattern. The owner retains the same privileges as in V2:
- Setting the burn fee percentage up to a 5% cap.
- Setting an additional sell-tax percentage up to a 5% cap.
- Excluding or re-including arbitrary addresses from the burn fee, which in practice also bypasses the per-transfer cap for that address.
- Scheduling and executing a per-transfer cap through a 48-hour timelock; the execute path requires the executed amount to match the requested amount stored on chain.
- Withdrawing the contract's entire native (BNB) balance in a single call without delay. The team has explicitly accepted this as a governance choice and documented the intent in the source.
- Recovering any non-ZYN ERC20 token sent to the contract in a single call without delay. The function rejects non-contract addresses and uses a SafeERC20-style return-data check.
- Registering or de-registering DEX pairs; the burn-fee exclusion flag mirrors the active argument and the previous canonical pair is cleared on registration of a new one.
- Renouncing ownership through a two-call ceremony with a mandatory 48-hour separation between the two calls. A pending renounce is cancelled by any transferOwnership call. This brings the renounce path in line with the rest of the irreversible admin surface and replaces the V2 same-block-completion weakness.
Security Features
The contract preserves and slightly strengthens the security mechanisms introduced in V2:
- Two-step ownership transfer (Ownable2Step) which protects against accidental ownership handover to an address that cannot accept it, with renouncement now subject to the same 48-hour timelock as the per-transfer cap.
- A ReentrancyGuard modifier on the admin paths that move value (emergencyWithdraw, recoverBEP20) and on both halves of the per-transfer cap timelock.
- Hard caps on both the burn fee (5%) and the sell tax (5%), well below typical fee-on-transfer protocol limits.
- A 48-hour timelock on the per-transfer cap with the executed amount bound to the requested amount stored on chain.
- A 48-hour timelock on the renounceOwnership ceremony, using the same constant as the per-transfer cap timelock.
- A pre-flight floor check inside the burn primitive that atomically reverts any burn that would push totalSupply below the declared 21,000,000 floor, preserving the sum-of-balances == totalSupply invariant on every path.
- The Burn event is now emitted from a single canonical location inside the burn primitive, so every burn path - voluntary, allowance-driven, and fee-burn - is observable by indexers with exactly one event per burn.
- Custom errors throughout the contract in place of string-based require messages, with consistent ZYN__ naming and two new errors (ZYN__BurnFloorBreached, ZYN__RenounceTimelockNotExpired) for the new revert paths.
- NatSpec on the constructor, on every ZYN-specific external function, on the internal _update, _burn, and _transfer hooks, and on the receive fallback, documenting both intent and the team-accepted governance choices.
- Compliance with the ERC20 selectors and events as required by the standard. The accounting-regression risk that slither-check-erc could not surface in V2 is closed; every Foundry-PoC scenario that previously demonstrated a sum-of-balances breach now demonstrates a clean revert, with the invariant intact across all branches.
Note - This re-audit report consists of a security analysis of the Zyphron (ZYN) V3 smart contract. The analysis did not include economic analysis of the contract's tokenomics. Only the main contract was audited; other contracts associated with the project were not in scope. We recommend investors do their own research before investing.
Files and details
Findings and Audit result
high Issues | 3 findings
Resolved
#1 high Issue
remainingSupply Floor Not Enforced On Voluntary Burn (Resolved In V3)
The contract declares `uint256 constant remainingSupply = 21000000 ether;` and uses it as a floor in calculateBurnAmount and inside the in-transfer tax math. The name and the use-site behaviour strongly imply a hard supply floor below which the token cannot fall. However, ERC20Burnable.burn and ERC20Burnable.burnFrom route through _burn into _update, which does not consult remainingSupply at all. Any holder can burn their own tokens (or approved tokens) until totalSupply is zero. A property fuzzer reproduces the breach with a two-call burn sequence. Severity depends on protocol intent. If the project team confirms that a hard floor was the design, this is a HIGH severity protocol-invariant breach. If the team confirms the constant is only a cap on the automatic burn fee, the finding collapses to a naming and documentation clarification (Informational).
Resolved
#2 high Issue
Timelock Amount Decoupled From Request And Delay Is Trivial
Two compounding problems with the per-transfer cap timelock. First, TIMELOCK_DURATION is 48 seconds, far below industry-standard delays (24-72 hours), which makes the timelock a cosmetic placeholder rather than a security control. Second, requestSetMaxTransferAmount hashes the requested amount into the action id, but executeSetMaxTransferAmount never re-derives the id from the executed amount; it accepts any amount greater than 1 ether. The owner can therefore announce one number publicly and execute any other number 48 seconds later, including a near-dust value that effectively freezes all non-excluded transfers. A symbolic check confirms the decoupling and a unit test reproduces it concretely.
Resolved
#3 high Issue
Silent Burn Cap In _update Breaks The sum(balances) == totalSupply Invariant (Resolved In V3)
The remediation for the previous burn-floor finding placed the floor cap inside _update. In the from-branch of _update the sender's balance is debited by the full requested value. The burn branch then overrides `value` to the available headroom (totalSupply minus the floor) and decrements totalSupply by the capped value. For any voluntary burn or burnFrom where the requested value exceeds the headroom, the caller's balance is reduced by the requested amount but the supply only drops by the capped amount; the difference is destroyed without any matching supply decrease, which violates the ERC-20 `sum(balances) == totalSupply` invariant. The fee-burn path inside _transfer is unaffected because it pre-caps totalTax before invoking _burn, but the direct user-callable burn paths regress. Worked example: with totalSupply at floor + 500e18 and alice holding 1000e18, alice.burn(1000e18) reduces alice's balance to zero while totalSupply only falls by 500e18, leaving sum(balances) strictly less than totalSupply by 500e18.
medium Issues | 4 findings
Resolved
#1 medium Issue
setDexPair Has Inverted Exclusion Side-Effect, Stale Pointer And Stale isDexPair Flag
setDexPair unconditionally writes `dexPair = pair`, `isDexPair[pair] = status` and `_excludedFromBurnFee[pair] = true`. Three independent logic bugs follow. First, setting the exclusion flag is a silent side effect when the owner passes status == false to de-register a pair. The exclusion is reversible by a follow-up includeInBurnFee call, but the function grants an exemption the caller never asked for and an operator may not notice. Two transactions are now needed to fully de-register a pair. Second, the canonical dexPair pointer is overwritten even on de-registration, so the public getter returns the address the owner just disabled. Third, when the owner moves to a new pair, the previous pair's isDexPair entry is never cleared, so the extra sell tax continues to fire on transfers to the old pair.
Resolved
#2 medium Issue
Zero-Value Transfers Revert (ERC-20 Compliance)
The overridden _transfer starts with `require(transferAmount > 0, "Zero amount");`. EIP-20 states explicitly that transfers of zero MUST be treated as normal transfers and fire the Transfer event. Many integrators (allowance refresh patterns, certain bridges, DEX init flows) probe with `transfer(_, 0)` and expect it to succeed. The current behaviour breaks them.
Resolved
#3 medium Issue
tokenHolder Counter Can Be Corrupted Or Reverted By burn(0)
_update decrements tokenHolder whenever the sender's balance reaches zero post-subtract, without verifying that the sender previously had a positive balance. ERC20Burnable.burn(0) routes through _burn -> _update with `value == 0` from a non-zero account; the balance check passes vacuously, `0 - 0 == 0` does not revert under unchecked, and the decrement fires. A second such call from another non-holder underflows tokenHolder and reverts. The counter is therefore wrong on the first griefing call and a footgun on the second.
Resolved
#4 medium Issue
Tax Burn Double-Cap Allows Floor Breach Per Sell (Reclassified From High To Medium)
Inside _transfer the burn fee (burnAmount) and the extra sell tax (extraTax) are each independently capped to totalSupply - remainingSupply. When the supply is close to the floor and both caps trigger, the combined burn (burnAmount + extraTax) exceeds the available headroom, and the subsequent _burn drops totalSupply below the documented floor. Magnitude per occurrence is bounded by maxBurnable, which is small when supply is at the engineered edge. The finding was reclassified from High to Medium on review because the practical breach amount is bounded and requires a specific near-floor state to materialise.
low Issues | 14 findings
Resolved
#1 low Issue
Local Variable Shadows ReentrancyGuard State
In setDexPair the second parameter is declared as `bool status`, which shadows the `uint256 status` state variable declared in ReentrancyGuard. There is no exploit path here because the inner scope cannot reach the outer storage slot, but the shadowing pattern is a frequent source of bugs and is flagged by every static analyser.
Resolved
#2 low Issue
Declared Events Are Never Emitted
The events Burn, Airdrop and SellTaxUpdated are declared but no code path emits them. Off-chain consumers subscribed to those topics will never receive notifications, which can mislead dashboards and monitoring.
Resolved
#3 low Issue
Unused Constant MAX_BATCH_SIZE
`uint256 constant MAX_BATCH_SIZE = 50;` is declared but never read by any function in the contract. The constant looks like a leftover from a batch-airdrop or batch-exclude feature that was not implemented.
Resolved
#4 low Issue
Missing Zero-Address Checks On Constructor Args
The constructor receives `factory` and `baseToken` without a zero-address check. If `factory` is zero the external `getPair` call reverts in an opaque way. If `baseToken` is zero, some DEX factories cheerfully return or create a pair whose other side is the zero address, which leaves the canonical `dexPair` pointer in an unusable state.
Resolved
#5 low Issue
Single-Step Renounce Inherited Despite Ownable2Step
Ownable2Step adds a two-step pattern for `transferOwnership` but leaves the inherited `renounceOwnership` as a single-step call. A single accidental click or a phishing-prompted signature destroys all admin capability irreversibly. Several admin paths (burn floor enforcement, max-transfer, fee changes) require an owner, so renouncing freezes future safety responses too.
Resolved
#6 low Issue
Naming Convention On gettokenHolder
The external getter is named `gettokenHolder` (lower-case t in the middle), which violates the mixed-case-with-leading-lowercase convention used everywhere else in the contract. Because this is part of the public ABI, fixing it after deployment requires either keeping the old getter as an alias or breaking integrations.
Resolved
#7 low Issue
Constant Naming Convention
`uint256 constant remainingSupply = 21000000 ether;` should be `REMAINING_SUPPLY`. Constants are conventionally UPPER_CASE_WITH_UNDERSCORES; mixing camelCase here makes it look like a mutable variable and obscures the intent.
Resolved
#8 low Issue
Misleading Comment And Revert Strings
The comment on `_burnFeePercentage` says "Percentage in basis points (e.g., 1000 = 10%)", but the setter caps the value at 500 (5%), not 1000. Independently, setExtraTaxPercentage reverts with the string "Burn fee cannot exceed 5%" even though the value being set is the extra sell tax. Both are misleading.
Resolved
#9 low Issue
Double Space In Revert Message
The revert string `"Cannot recover tokens"` contains a double space between `recover` and `tokens`. This is the message users will see in their wallet if they trigger the revert.
Resolved
#10 low Issue
Missing NatSpec On Public Functions
Most of ZYN-specific public and external functions have no NatSpec at all or have only a single line of documentation. The inherited ERC-20 functions are documented but the additions are not, which makes the audit and any future review harder.
Resolved
#11 low Issue
Two-Step renounceOwnership Has No Time Or Actor Separation (Resolved In V3)
The V2 renounceOwnership requires two calls (one to set `_renounceInitiated`, a second to complete) but both calls can be sent in the same block by the same key. There is no time delay between them, no required second-party signature, and no cool-down. A compromised owner key can complete the renounce in two transactions without any window for the community to react. A scripted operator or batched multisig transaction can complete it accidentally just as easily as a single call. The protection is effectively a UI confirmation hoisted into Solidity rather than a real two-party ceremony.
Resolved
#12 low Issue
Wrong Event Emitted By setExtraTaxPercentage (Reclassified From Medium To Low)
setExtraTaxPercentage emits BurnFeeUpdated, which is the same event emitted by setBurnFeePercentage. The contract declares a dedicated SellTaxUpdated(uint256 bp) event for this purpose but never emits it. Operations and monitoring services that subscribe to BurnFeeUpdated will see misleading data and any service subscribed to SellTaxUpdated will be silent. Reclassified from Medium to Low because it is an observability defect with no security-model impact - downstream consumers can fall back to decoding calldata.
Resolved
#13 low Issue
Low-Level Call Accepts Non-Contract Address As Success (Reclassified From Medium To Low)
recoverBEP20 performs a low-level call and accepts `success == true` plus empty return data as a successful transfer. When tokenAddress has no deployed code, EVM call returns success with empty data, and the check passes vacuously. The function then emits a TokensRecovered event for a transfer that never happened. This is the classic missing-code-check pattern that SafeERC20 addresses. Reclassified from Medium to Low because the function is onlyOwner: an honest owner sees no actual transfer, and a malicious owner has richer drain primitives elsewhere. The remaining downside is event-spoofing for off-chain monitors and a deviation from the standard safety pattern.
Acknowledged
#14 low Issue
Drainable Admin Paths Are Not Timelocked (Reclassified From Medium To Low; Centralization Concern)
emergencyWithdraw and recoverBEP20 are onlyOwner one-shot calls. There is no on-chain delay, no announcement, and no community-visible window. The contract has receive() so it can accumulate BNB, which combined with emergencyWithdraw forms a value-accumulation pattern that is unusual for a plain ERC-20. Reclassified from Medium to Low because the contract is openly an Ownable2Step token and the absence of a timelock on these paths is a governance choice, not a code defect. The finding is retained because the contract already implements a timelock for setMaxTransferAmount, which makes the inconsistency notable, and because the value-accumulation pattern warrants documentation.
optimization Issues | 7 findings
Resolved
#1 optimization Issue
Remove Unused Constant
MAX_BATCH_SIZE is declared but never referenced anywhere in the contract. Removing it shrinks the deployed bytecode.
Resolved
#2 optimization Issue
Use Custom Errors Instead Of Require Strings
Throughout the contract, require statements use string-literal revert messages. Custom errors (the `error Foo();` syntax) are cheaper at every call site and at deployment, and they also allow developers to attach NatSpec to each error.
Resolved
#3 optimization Issue
Use abi.encodeCall Instead Of abi.encodeWithSelector
recoverBEP20 builds its calldata with abi.encodeWithSelector. abi.encodeCall produces the same calldata but checks argument types at compile time, preventing a silent breakage if the IBEP20.transfer signature ever changes.
Resolved
#4 optimization Issue
Split Compound Require Conditions
Several requires combine conditions with `&&`. Splitting them lowers gas slightly, makes coverage reports more precise, and produces clearer revert reasons for users.
Resolved
#5 optimization Issue
Avoid Redundant State Write In setDexPair
setDexPair unconditionally writes _excludedFromBurnFee[pair] = true on every call. After the related logic-bug fix mirrors the value to the active argument, also guard the write to avoid paying an SSTORE when the value is unchanged.
Acknowledged
#6 optimization Issue
Consider Removing tokenHolder On-Chain Counter
The tokenHolder counter is read by gettokenHolder() but is not used anywhere inside the contract logic. Maintaining it on-chain costs one or two SSTOREs per transfer and is the source of the corruption issue in the holder-counter finding. Off-chain indexing of Transfer events serves the same purpose at no on-chain cost.
Acknowledged
#7 optimization Issue
Drop receive() If Contract Should Not Hold Native Value
The receive() function allows the contract to accumulate BNB. The only path out is the owner-only emergencyWithdraw, which is itself an unprotected drain. If holding BNB was not intended, the simplest fix is to remove both.
informational Issues | 9 findings
Resolved
#1 informational Issue
Unused Interface IDexV2Router02
IDexV2Router02 is declared at the bottom of the file but no function in ZYN references it. Either remove it or integrate the router for swap-driven taxes - the current state is mid-implementation.
Resolved
#2 informational Issue
Unused Function In IDexV2Pair
The pair interface declares factory(), token0(), token1() and getReserves(); only token0 and token1 are actually called. The unused declarations are inert.
Acknowledged
#3 informational Issue
Solidity 0.8.34 Pin Versus Tooling Reach
The contract is pinned to Solidity 0.8.34, a recent release. Static analysers and symbolic tools tested in this audit handled it without issue, but downstream tooling may not.
Resolved
#4 informational Issue
Initial Fee Values Not Announced By Events
The constructor sets `_burnFeePercentage = 100` and `extraTaxPercent = 100` directly without emitting the corresponding events. Off-chain indexers that subscribe to the events will see uninitialised state until the first setter call.
Resolved
#5 informational Issue
Cumulative Burn Counter Documentation
totalBurnToken accumulates every burned amount and is exposed by getTotalBurnToken. The behaviour is correct but undocumented; users may misread it as a `recent burn` metric.
Resolved
#6 informational Issue
Burn Event Only Emitted On The Fee-Burn Path (Resolved In V3)
Burn(address indexed burner, uint256 amount) is declared and is emitted exclusively inside _transfer right after the fee-burn. The user-callable burn(value) and burnFrom(account, value) paths only emit the standard Transfer(_, address(0), value). Off-chain indexers subscribed to the Burn event see fee-burns only and miss voluntary burns. The dual-emit on the fee-burn path (Burn plus Transfer-to-zero) also means that any cumulative burn count derived from Burn events is strictly less than the count derived from Transfer-to-zero events.
Resolved
#7 informational Issue
Initial Fee-Exclusion Grants In Constructor Do Not Emit ExcludedFromBurnFee (Resolved In V3)
The constructor writes _excludedFromBurnFee[initialOwner], _excludedFromBurnFee[recipient], _excludedFromBurnFee[address(this)] and _excludedFromBurnFee[dexPair] to true directly without emitting the corresponding ExcludedFromBurnFee event for the first three. The dexPair entry is announced via PairRegistered, but consumers subscribed specifically to ExcludedFromBurnFee see post-deployment grants only and must read storage to reconstruct the initial set.
Resolved
#8 informational Issue
IDexV2Pair.getReserves() Declared But Never Used (Resolved In V3)
The previous audit's informational item on unused interface members was addressed for IDexV2Router02 and IDexV2Pair.factory(), but IDexV2Pair still declares getReserves() even though no callsite uses it. This is the same pattern as the prior unused-interface finding; mirror the fix.
Resolved
#9 informational Issue
increaseAllowance / decreaseAllowance Retain The OZ v4 Race-Condition Pattern (Resolved In V3)
The V2 contract exposes increaseAllowance and decreaseAllowance. OpenZeppelin v5 removed these helpers because they do not fix the underlying race condition in approve; they only paper over the most obvious shape of it. Retaining the v4 pattern is a documentation and expectation issue rather than a security defect, but it sets the wrong expectation for integrators.