Token Contract Findings

https://vscode.blockscan.com/bsc/0x4AcbCB6cEAdF4d80Aa14461D3E7C1F9d8B6586F4

Questions to answer:

1. Can ACCESS_MANAGER_ROLE and PERMITTED_ROLE members be removed, without damaging vesting?

2. Can all the warnings in CMC be removed once the roles are renounced?

a. Mint function found

b. The contract owner can modify balance

c. Hidden owner address found

d. Code for suspending trading found

3. Can the contract be fully decontrolled without breaking any functionality?

Base assumptions:

1. The coin contract is here:

https://bscscan.com/token/0x340724464cf51a551106cc6657606ee7d87b28b9

2. The contract code for the STC token is here:

https://vscode.blockscan.com/bsc/0x4AcbCB6cEAdF4d80Aa14461D3E7C1F9d8B6586F4 and the bytecode matches the token contract

Methods

1. A call to VestingController.sol->claimTokens() was traced at the opcode level, and at no point was the Token.sol contract interacted with except to transfer tokens from the Vault to the vestee. The traced transaction is:

https://bscscan.com/tx/0x57f2149b7b7c4c500bdfcf4c1a427f919c60bca6037777b0f2734f2f02239d3d

2. A search was performed for any calls to the other two overloaded VestingController.sol->claimT okens() methods, which showed up empty

3. All contracts that make up Token.sol were read completely, and all role usage in the contracts was manually tracked down to guarantee usage. Usage of isPermissioned was manually traced too.

4. Verified contract byte data was verified manually as being identical to the deployed contract code

5. Role counts were determined from this block:

https://bscscan.com/block/29490527

Findings

1. Roles and member counts:

a. ACCESS_MANAGER_ROLE 8

b. BOT_ROLE 0

c. DEFAULT_ADMIN_ROLE 1

d. MINTER_ROLE 0

e. PERMITTED_ROLE 12099

2. If bridging is required in the way Token.sol was designed to bridge, then there will always be a MINTER_ROLE requirement and the mint function and burn functionality cannot be removed. MINTER_ROLE must be assigned before DEFAULT_ADMIN_ROLE is renounced

3. No roles have any impact on vesting since the VestingController.sol makes no calls at all to Token.sol, and only instructs Vault.sol to transfer tokens from Token.sol to the requester of the transaction, during a no arguments call to claim Tokens() in VestingController.sol

4. The isPermissioned flag in Token.sol can only be changed by the DEFAULT_ADMIN_ROLE, and so once that is renounced, ACCESS_MANAGER_ROLE and PERMITTED_ROLE will be useless. Revoking either of these lower-level roles is pointless to security. ACCESS_MANAGER_ROLE holders could continue to add members to the PERMITTED_ROLE but this would have no effect on anything. For completeness and for ease of explaining the state of the contract, the role members should be removed, but this has no impact on the safety of the token.

5. isPermissioned flag will likely be what the “code for suspending trading” warning refers to
- if this flag can be set high, then only those with the PERMITTED_ROLE can transfer tokens. Only DEFAULT_ADMIN_ROLE can change this flag, so renouncing that role removes the risk of a trading halt.

6. All calls so far executed to VestingController.sol have used the no arguments version of claimTokens(). Without looking at the Vesting scheme directly, It cannot be said for sure that no other types of claimToken() call need to be made. What can be said is that there is heavy use of the no arguments claimToken() function already, and so likely this is the only method in play.

7. Provided that the claimTokens() with no arguments is the only function used to claim vested tokens, then the removal of any roles will have no affect on this ability. Furthermore the changing of isPermissioned on Token.sol will also have no affect on vesting, as long as the Vault.sol contract address has the PERMITTED_ROLE.

8. All other warnings can only be related to the holding of the DEFAULT_ADMIN_ROLE as this role can do anything at all, even beyond what the warnings raise. Renouncing this role is required so the process of removing warnings on CMC and others can begin.

Renounce Process

Very simply, assuming no more roles have been added, and assuming bridging is not required or will be achieved by other means, then Address

https://bscscan.com/address/0xdD2d48155190C0C95308d03Cbe730b5D42051fB9

would call renounceRole() on Token.sol and remove themselves from having the all-powerful DEFAULT_ADMIN_ROLE.