Overview

AlgoFund
Rank #N/A
Contract:
463554836

Profile Summary

Official Site:
https://algofund.co/
Social Profiles:

Skynet Trust Score

70%
  • Project is Relatively Decentralized
  • Large Market Cap (top 25%)
  • Long-running Project
  • Trust Score is #1 amongst all projects
Security Score
70 / 100
Market & Community
42 / 100

See how AlgoFund ranks in different categories

AlgoFund Info

AlgoFund is creating fair decentralized launches where investors get to choose between a lottery tier or a guaranteed allocation tier. It also provides a fair presale offering on behalf of the startups and attracts investors that will support their vision

Audits

1 Available

Onboarded Date

14/Dec/2022

Contracts

46355...54836

Website

https://algo...
How do you feel about this project's security?
Secure
Insecure
Documents
File Name Type Size Upload Date Action
Artboard-documents.zip
Zip File 4.57 MB 12 Dec 2021
Bank Management System
PDF File 8.89 MB 24 Nov 2021
Tour-video.mp4
MP4 File 14.62 MB 19 Nov 2021
Account-statement.xsl
XSL File 2.38 KB 14 Nov 2021
Project Screenshots Collection
Floder File 87.24 MB 08 Nov 2021
Velzon-logo.png
PNG File 879 KB 02 Nov 2021
Load more
Activities
Oliver Phillips New

We talked about a project on linkedin.

Today
N
Nancy Martino In Progress

Create new project Buildng product

R
2+
Yesterday
Natasha Carey Completed

Adding a new event with attachments

25 Nov
Bethany Johnson

added a new member to velzon dashboard

19 Nov
Your order is placed Out of Delivery

These customers can rest assured their order has been placed.

16 Nov
Lewis Pratt

They all have something to say beyond the words on the page. They can come across as casual or neutral, exotic or graphic.

22 Oct
Monthly sales report

2 days left notification to submit the monthly sales report. Reports Builder

15 Oct
New ticket received Completed

User Erica245 submitted a ticket.

26 Aug
Nancy Martino

Team Leader & HR

225

Projects

197

Tasks

View Profile
HB
Henry Baird

Full Stack Developer

352

Projects

376

Tasks

View Profile
Frank Hook

Project Manager

164

Projects

182

Tasks

View Profile
Jennifer Carter

UI/UX Designer

225

Projects

197

Tasks

View Profile
ME
Megan Elmore

Team Leader & Web Developer

201

Projects

263

Tasks

View Profile
Alexis Clarke

Backend Developer

132

Projects

147

Tasks

View Profile
NC
Nathan Cole

Front-End Developer

352

Projects

376

Tasks

View Profile
Joseph Parker

Team Leader & HR

64

Projects

93

Tasks

View Profile
Erica Kernan

Web Designer

345

Projects

298

Tasks

View Profile
DP
Donald Palmer

Wed Developer

97

Projects

135

Tasks

View Profile

Showing 1 to 10 of 12 entries

Code Audit History

1 Audit available
Last Audit was delivered on 14 December 2022
Request Xamer Audit

AlgoFund -Audit

View Findings
5

All Findings

0

Acknowledge

0

Partially

5

Resolved

1
Critical privilege
1
Major privilege
1
Medium privilege
2
Minor privilege
0
Optimization none
0
Informational none
0
Discussion none

Method

Audited Files/SHA256

Contracts

463554836...54836

Manual Review Static Analysis
Audit Timeline
Requested on
14 December 2022
Revisioned on
14 December 2022

Formal Verification Result

9 / 38 Properties True
80%

Token Standard

ERC-20

Functions

6

Verified Contract

AlgoFund (algofund.sol) 1
View Formal Verification Details

AlgoFund Smart Contract Code

                        
                        
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract AlgoFund {
    address public owner;
    mapping(address => uint256) public contributions;
    uint256 public totalFunds;
    uint256 public minContribution;
    uint256 public deadline;
    bool public fundingClosed;

    event ContributionMade(address indexed contributor, uint256 amount);
    event FundingClosed(uint256 totalFunds);

    modifier onlyOwner() {
        require(msg.sender == owner, "Only the owner can call this function");
        _;
    }

    modifier onlyBeforeDeadline() {
        require(block.timestamp < deadline, "Funding deadline has passed");
        _;
    }

    modifier onlyAfterDeadline() {
        require(block.timestamp >= deadline, "Funding deadline has not passed");
        _;
    }

    modifier notClosed() {
        require(!fundingClosed, "Funding is closed");
        _;
    }

    constructor(uint256 _minContribution, uint256 _durationInDays) {
        owner = msg.sender;
        minContribution = _minContribution;
        deadline = block.timestamp + (_durationInDays * 1 days);
    }

    function contribute() external payable onlyBeforeDeadline notClosed {
        require(msg.value >= minContribution, "Contribution amount is below the minimum");

        contributions[msg.sender] += msg.value;
        totalFunds += msg.value;

        emit ContributionMade(msg.sender, msg.value);
    }

    function closeFunding() external onlyOwner onlyAfterDeadline notClosed {
        fundingClosed = true;
        emit FundingClosed(totalFunds);
    }

    function withdrawFunds() external onlyOwner onlyAfterDeadline notClosed {
        payable(owner).transfer(address(this).balance);
        fundingClosed = true;
        emit FundingClosed(totalFunds);
    }
}

Code Audit Findings

Summary (5) Timestamp Dependency
Minor ID: ALF-05
RESOLVED 2024-02-05 08:18:22
Lack of Events in Critical Sections
Minor ID: ALF-04
RESOLVED 2024-02-05 08:07:59
Lack of Input Validation
Medium ID: ALF-03
RESOLVED 2024-02-05 08:05:34
Lack of Access Control
Major ID: ALF-02
RESOLVED 2024-02-05 08:03:21
Reentrancy Vulnerability
Critical ID: ALF-01
RESOLVED 2024-02-05 07:53:21

Audits Overview

Context
Project Name
AlgoFund
Platform
Language
Codebase
Commit
About Xamer Audits
Delivery Date
Audit Methodology
Core Components
Vulnerability Summary
VULNERABILITY LEVEL PENDING DECLINED ACKNOWLEDGED PARTIALLY RESOLVED MITIGATED RESOLVED TOTAL
Critical 0 0 0 0 0 1 1
Major 0 0 0 0 0 1 1
Medium 0 0 0 0 0 1 1
Minor 0 0 0 0 0 2 2
Optimization 0 0 0 0 0 0 0
Informational 0 0 0 0 0 0 0
Discussion 0 0 0 0 0 0 0
Review Notes

Overview

The AlgoFund smart contract is a crowdfunding mechanism implemented in Solidity for blockchain platforms like Ethereum. It features an owner-managed fund pool where contributors can participate by sending funds before a specified deadline. The contract maintains a record of individual contributions, the total funds collected, and enforces a minimum contribution amount.

The owner has special privileges, such as the ability to close the funding period and withdraw the accumulated funds after the deadline. The contract employs modifiers to ensure that certain functions are only accessible to the owner, and the events 'ContributionMade' and 'FundingClosed' are emitted to track contributions and the closure of the funding period. This basic structure can be customized and expanded upon to meet specific project requirements.

Privileged Roles

In the provided Solidity code, the concept of privileged roles is implemented through the use of the `onlyOwner` modifier. The `onlyOwner` modifier restricts certain functions to be callable only by the address that deployed the smart contract, typically referred to as the "owner." Here's a breakdown of the privileged roles in the code:

Owner:

  • The `owner` is the address that deploys the smart contract. This address is set in the constructor during deployment.
  • The `onlyOwner` modifier is applied to the `closeFunding` and `withdrawFunds` functions, ensuring that only the owner can call these functions.
  • The owner has the authority to close the funding period (`closeFunding` function) and withdraw the collected funds (`withdrawFunds` function) after the funding deadline.

Modifiers:

  • `onlyOwner`: Restricts certain functions so that they can only be executed by the owner. This is a common pattern in smart contracts to provide specific privileges to certain addresses.

Functions:

  • `closeFunding`: This function can only be called by the owner, and it marks the funding as closed.
  • `withdrawFunds`: This function can only be called by the owner after the funding deadline, allowing the owner to withdraw the accumulated funds.

By implementing these roles and modifiers, the smart contract ensures that critical functions related to closing the funding and withdrawing funds are restricted to the owner, providing a level of control and security. It's a common practice to use privileged roles to manage access to sensitive functionalities in decentralized applications.

Audits Scope

ID FILE SHA256 CHECKSUM
ALF algofund.sol D99F9599E92F3565C9F4A2E4BB71B956B46A5E370107D2D345C0B0072B242F6A

ALF-01 | Reentrancy Vulnerability

CATEGORY SEVERITY LOCATIONS STATUS
privilege Critical

 function withdrawFunds() external onlyOwner onlyAfterDeadline notClosed {
        payable(owner).transfer(address(this).balance);
        fundingClosed = true;
        emit FundingClosed(totalFunds);
    }

 RESOLVED
Description

Location in code:  Inside the withdrawFunds function
Line number: 59-63
Description: The `transfer` function is used to send funds to the owner, which can be a vulnerability if the owner's address performs an external call. Consider using the `reentrancyGuard` pattern to prevent reentrancy attacks.

ALF-02 | Lack of Access Control

CATEGORY SEVERITY LOCATIONS STATUS
privilege Major

 modifier onlyOwner() {
        require(msg.sender == owner, "Only the owner can call this function");
        _;
    }

 RESOLVED
Description

Location in code: Inside the `modifier onlyOwner()`
Line number: 19-22
Description: The owner is assumed to be the deployer of the contract. In a more advanced use case, consider implementing a proper access control mechanism using roles.

ALF-03 | Lack of Input Validation

CATEGORY SEVERITY LOCATIONS STATUS
privilege Medium

  function contribute() external payable onlyBeforeDeadline notClosed {
        require(msg.value >= minContribution, "Contribution amount is below the minimum");

        contributions[msg.sender] += msg.value;
        totalFunds += msg.value;

        emit ContributionMade(msg.sender, msg.value);
    }

 RESOLVED
Description

Location in code: Inside the contribute function
Line number: 45-52
Description: While there is a check for the minimum contribution, additional input validation may be needed to ensure the correctness of contributed amounts.

ALF-04 | Lack of Events in Critical Sections

CATEGORY SEVERITY LOCATIONS STATUS
privilege Minor

 function closeFunding() external onlyOwner onlyAfterDeadline notClosed {
        fundingClosed = true;
        emit FundingClosed(totalFunds);
    }

 RESOLVED
Description

Code Reference: Inside the closeFunding function
Line number: 54-57
Description: It may be beneficial to emit an event when closing funding to provide transparency and traceability.

ALF-05 | Timestamp Dependency

CATEGORY SEVERITY LOCATIONS STATUS
privilege Minor

   modifier onlyAfterDeadline() {
        require(block.timestamp >= deadline, "Funding deadline has not passed");
        _;
    }

 RESOLVED
Description

Location in code: Inside the onlyAfterDeadline() Modifier
Line number: 29-32
Description: The modifier onlyAfterDeadline() relies on block timestamps, which may be manipulated by miners. Consider using alternative methods, such as a block number comparison, for more secure time-dependent conditions.