- Phryges
- SolanaSPL Token
- Address
- 7ACx28...UrwtGy
- Total Supply
- 10000099999999
- Methods
- Static Analysis, On-Chain Analysis
- Language
- Rust
- Token Deploy Time
- 2 months ago
- Last Check By (UTC)
- 2024-07-24 10:02:15
- 0
- Critical
- 4
- Major
- 3
- Medium
- 0
- Minor
- 0
- Informational
Several Critical Issues Found
Simply get in touch with us and get a detailed security report for your smart contract with in-depth bug descriptions and security recommendations. We're eager to hear from you!
Automated Analysis
Account Authority
Minting Authority
The minting authority is an address or entity granted permission to create new tokens within a token's ecosystem.
Based on the on-chain analysis, the mint authority is not set, meaning that no additional tokens can be minted beyond the current supply.
Freeze Authority
The freeze authority is a control mechanism within some token ecosystems that allows the designated authority to prevent specific accounts from transferring tokens.
Based on the on-chain analysis, since the freeze authority is not set, there is no central entity or mechanism in place to block or freeze token transfers between accounts.
MetaData and Update Authority
Metadata provides detailed information about the token, including its name, symbol, and other descriptive elements that help users and programs identify and interact with the token.
The Bonk Token's metadata can be viewed on the Solana Explorer Website.
The update authority, identified by the account 9AhKqLR67hwapvG8SA2JFXaCshXc9nALJjpKaHZrsbkw for Bonk Token, holds the privilege to modify this metadata. This role has the ability to maintain the token's relevance and accuracy of information over time.
Token Extensions
Token extensions refer to additional features or capabilities that can be integrated into a token's design, beyond the standard functionalities.
The Bonk token does not use the Token 2022 program, there are no extra features or extensions beyond the basic SPL token functionalities implemented.
External Dependencies
The project Bonk Token uses the pre-built SPL token program on the Solana chain to generate fungible tokens. Unlike on the EVM-based chain, the built-in SPL token program eliminates the need to create an individual token contract/program.
Note: The SPL token program is a component of the Solana blockchain and its security ought to be ensured by Solana. Additionally, the SPL token program is an integral part of the Solana blockchain and is secured by the Solana network.
Executive Summary
This inspection detailed the findings from a preliminary fast-track behavior and security analysis of a token that utilizes Solana's built-in program including Solana Token Program and Solana Token Program 2022. The scan aimed to verify various aspects of the token, including deployment configuration, real-time transactions, token holder distribution, and adherence to a memecoin security checklist, which may interest stakeholders looking to understand potential risks.
Assessment Objective
This document outlines the results of a preliminary fast-track behavior and security analysis and does not constitute an official security assessment. Stakeholders should proceed with a full-scale audit to understand and evaluate the token's security posture.
Methodology
The scan employed automated tools capable of quickly analyzing the token based on predefined metrics and checklists. The focus was on identifying overt issues that could be readily apparent without in-depth testing.
Limitations
This scanned result reflects the findings from a fast-track behavior and security analysis and should not be interpreted as a comprehensive security audit. The inspection result is limited to the following:
- Detailed manual review by security experts.
- Extensive static analysis.
- Dynamic analysis in varied operational scenarios.
- In-depth investigation of complex vulnerabilities or logic flaws.
Findings Summary
- 0 Critical
- Critical risks are those that impact the safe functioning of a platform and must be addressed before launch. Users should not invest in any project with outstanding critical risks.
- 4 Major
- Major risks can include centralization issues and logical errors. Under specific circumstances, these major risks can lead to loss of funds and/or control of the project.
- 3 Medium
- Medium risks may not pose a direct risk to users’ funds, but they can affect the overall functioning of a platform.
- 0 Minor
- Minor risks can be any of the above, but on a smaller scale. They generally do not compromise the overall integrity of the project, but they may be less efficient than other solutions.
- 0 Informational
- Informational errors are often recommendations to improve the style of the code or certain operations to fall within industry best practices. They usually do not affect the overall functioning of the code.
- 0 Discussion
- The impact of the issue is yet to be determined, hence requires further clarifications from the project team.
Findings
ID | Title | Severity |
---|---|---|
No Data |
XXX-0 xxxxxxxxxxxxxxxx
Severity: Medium
Category: Centralization
Based on onchain analysis, the update authority exists (9AhKqLR67hwapvG8SA2JFXaCshXc9nALJjpKaHZrsbkw) and the isMutable
option is set to True
.
Unauthorized changes to metadata could mislead users and platforms, disrupting ecosystem operations based on incorrect token information. https://developers.metaplex.com/token-metadata/update
XXX-1 xxxxxxxxxxxxxxxx
Severity: Medium
Category: Centralization
Based on onchain analysis, the update authority exists (9AhKqLR67hwapvG8SA2JFXaCshXc9nALJjpKaHZrsbkw) and the isMutable
option is set to True
.
Unauthorized changes to metadata could mislead users and platforms, disrupting ecosystem operations based on incorrect token information. https://developers.metaplex.com/token-metadata/update
XXX-2 xxxxxxxxxxxxxxxx
Severity: Medium
Category: Centralization
Based on onchain analysis, the update authority exists (9AhKqLR67hwapvG8SA2JFXaCshXc9nALJjpKaHZrsbkw) and the isMutable
option is set to True
.
Unauthorized changes to metadata could mislead users and platforms, disrupting ecosystem operations based on incorrect token information. https://developers.metaplex.com/token-metadata/update
Disclaimer
This document outlines the results of a preliminary fast-track behavior and security analysis and does not constitute an official security assessment. Stakeholders should proceed with a full-scale audit to understand and evaluate the token's security posture.