Brickken

We express our gratitude to the Brickken team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Brickkenis a solution that provides tools for tokenization of real-world assets, equity, debt and securities.

Audit Summary

The system users should acknowledge all the risks summed up in the risks section of the report

The Brickken system comprises a factory responsible for generating new instances of an escrow contract and a token contract whenever new tokenization occurs.

Entities authorized to initiate new tokenizations, referred to as issuers, undergo KYC procedures conducted by Brickken. Upon successful verification, issuers are whitelisted in the factory, enabling them to conduct tokenizations. Following issuer whitelisting and the initiation of a new tokenization, both an escrow contract and a token are created. The escrow contract facilitates token offerings, while the token itself incorporates additional functionalities such as dividend distribution and confiscation, while adhering to the ERC20 standard.

Each escrow contract features a base "payment token" in which the issuer withdraws all escrowed funds from investors. Investors can utilize the same payment token for investment or any whitelisted ERC20 tokens. The issuer has the flexibility to modify the whitelist, and each ERC20 token eligible for investment must have a Uniswap v3 pool against the base payment token to facilitate the system's operation. The designated "payment token" is intended to be a stablecoin, although it can take any form as long as a valid Chainlink price feed is available.

Every STO contract is upgradeable. While upgrade capabilities are currently centralized, Brickken is planning to develop a DAO to empower the community with decisional powers on protocol upgrades.

Privileged roles

STOFactory

• DEFAULTADMINROLE = grant/revoke roles (brickken)

• FACTORYWHITELISTERROLE = allow whitelisting (brickken);

• FACTORYISSUERROLE = whitelisted issuers (brickken by default);

• FACTORYPAUSERROLE = pause / unpause factory (brickken);

STOToken

• DEFAULTADMINROLE = grant/revoke roles (brickken)

• TOKENURLROLE = change url (brickken,issuer);

• TOKENDIVIDENDDISTRIBUTOR_ROLE = distribute dividend (issuer)

• TOKENMINTERROLE = mint new tokens (issuer, escrow contract)

• TOKENMINTERADMIN_ROLE = add/remove minters (issuer)

• TOKENWHITELISTADMIN_ROLE = change investors whitelist (issuer)

• TOKENWHITELISTROLE = whether the user is whitelisted or not (issuer)

• TOKENCONFISCATEEXECUTOR_ROLE = execute confiscation (brickken)

• TOKENCONFISCATEADMIN_ROLE = pause / unpause or disable confiscation (brickken)

STOEscrow:

• DEFAULTADMINROLE = grant/revoke roles (brickken)

• ESCROWWITHDRAWROLE = who can withdraw / partially withdraw to issuer (issuer)

• ESCROWNEWOFFERING_ROLE = starts a new offering (issuer)

• ESCROWOFFERINGFINALIZER_ROLE = finalize an offering (brickken, issuer)

• ESCROWERC20WHITELISTROLE = add/remove ERC20 from whitelist (brickken, issuer);

• ESCROWOFFCHAINREPORTER_ROLE = report offchain USD tickets for current offering (issuer)

The total Documentation Quality score is 10 out of 10.

• Functional requirements are detailed.

• Technical description is robust.

The total Code Quality score is 10 out of 10.

• The development Environment is configured.

Code coverage of the project is 97.9% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Negative test cases are included.

Upon auditing, the code was found to contain 0 critical, 0 high, 6 medium, and 8 low severity issues. All issues were fixed in the remediation phase of an audit, leading to a security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 9.9. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.