Audit
Current Status
| Audit | Status |
|---|---|
| Slither (static analysis) | 0 Critical / 0 High / 0 Medium |
| Mythril (symbolic execution) | 0 issues |
| Aderyn (static analysis) | 0 actionable findings |
| CertiK (independent audit) | Pending |
Test Coverage
| Metric | Coverage |
|---|---|
| Statements | 100% |
| Functions | 100% |
| Lines | 100% |
| Branches | 100% |
182 tests across unit, integration, and security suites.
Scope
The audit scope covers three smart contracts (~1,750 lines of Solidity):
| Contract | Lines | Type |
|---|---|---|
| BCOToken | ~300 | Immutable TRC20 |
| DeedRegistry | ~690 | UUPS Proxy |
| BCOStaking | ~730 | UUPS Proxy |
Verified Invariants
The test suite verifies the following invariants:
totalSupply == totalActiveArea × 10¹⁸after every register/deactivatetotalStaked ≤ contract balance(staking solvency)- Rewards stop after period ends
- No unauthorized mint/burn/pause
- Holders cannot burn their own tokens
- State preserved after UUPS upgrade
- MINTER_ROLE stays on proxy address across upgrades
- Progressive timelock blocks unauthorized upgrades
- Admin renounce blocked on all contracts
recoverNative()works for force-deposited TRX/ETH- Timelock accepted as valid caller without DEFAULT_ADMIN_ROLE
Reporting Vulnerabilities
To report a security vulnerability, contact security@recologic.io.
Please do not disclose vulnerabilities publicly until they have been addressed by the team.