This document is a security audit report performed by RideSolo, where P3C Project has been reviewed.
P3C.io is a game that models Universal Basic Income. The rules of the game are simple:
- You buy into the contract by purchasing tokens, every token purchased increases the token price by +0.00000001 ETC.
- 10% of what you spend to buy the token gets distributed proportionally to all other token holders.
- When you sell your token, you get back ETC at the specified price, and the global price per token goes down by -0.00000001 ETC.
- 10% of what you would get back for the sale is distributed to all other token holders proportionally.
- When a user uses your Masternode link to buy tokens, 33% of what would have been distributed to the community gets given directly to you in the form of dividends.
For more details check P3C wiki for more details.
While auditing, many aspects of the smart contracts were taken into account:
- Solidity code errors.
- Logical erros.
- Algorithms used for conversion (tokens to ethereum).
- Known exploits and potential weak paterns.
- p3c.sol github commit hash f981172a054680614ddecb270616922e00352a83.
1 issues were reported including:
- 1 low severity issues.
This issue is just a reminder about ERC20 Tokens lack of transaction handling, that can cause tokens loss. In the case of P3C contract, tokens can be accidentally sent to 0x0 address (no requirement is set to prevent it) or to a contract address not developed with the purpose of handling ERC20 tokens.
The audit, conducted on P3C contract, concluded that the contract is safe to be used. Graphical analysis and the definition domains of the functions used for conversion (tokens to ether and ether to tokens) showed positive results. However, for better analysis the contract developers should provide the community with a white paper describing every aspect of the contract especial the conversion algorithms.