'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Audit 
Triaged by HackenproofValuit DualDefense Audit: Program info
Valuit DualDefense Audit
Company: Valuit LiveContest is active now
Program infoReports
At Valuit, we are dedicated to building an equitable ecosystem by harnessing our deep expertise in compliance, capital markets, and blockchain technology. Our commitment to excellence is reflected in our growing team of professionals, who bring specialized knowledge from partner organizations and our offices around the world.
In scope
| Target | Type | Severity | Reward |
|---|---|---|---|
https://github.com/valuit-official/valuit-smart-contracts/tree/eb1bb6f95b1d5e10b2b012572a36961c0131e214  Copy  Copied | Smart Contract | Critical | Bounty |
Target Copied
https://github.com/valuit-official/valuit-smart-contracts/tree/eb1bb6f95b1d5e10b2b012572a36961c0131e214
Copy
Copied TypeSmart Contract
Severity Critical
RewardBounty
Focus Area
IN-SCOPE: SMART CONTRACT VULNERABILITIES
We are looking for evidence and reasons for incorrect behavior of the smart contract, which could cause unintended functionality:
- Stealing or loss of end-user funds
- Permanent lock of end-user funds
OUT OF SCOPE: SMART CONTRACT VULNERABILITIES
- Theoretical vulnerabilities without any proof or demonstration
- Old compiler version
- The compiler version is not locked
- Vulnerabilities in imported contracts
- Code style guide violations
- Redundant code
- Gas optimizations
- Best practice issues
- Known issues on GitHub issue tracker
- Known issues in README.md
- Front-run attacks
- All other issues not mentioned “IN SCOPE” area
Program Rules
Only critical vulnerabilities that could lead to the loss of user funds or the permanent lock of funds are eligible for rewards.
- The company is not obliged to pay for "Low"-"High" severity issues. Only "Critical" issues are under the scope. However, the team may, at its discretion, accept the report and pay the bonus, the reward will not be a part of the bounty pool.
- Perform testing only within the scope
- Any details of found vulnerabilities must not be communicated to anyone who is not a HackenProof Team or an authorized employee of this Company without appropriate permission
- Each submission requires a working PoC to be eligible for a bounty
Reward Distribution:
-
The reward will be distributed in HAI tokens. For that you will need to provide in your account your hAI wallet address so we can arrange the transaction.
-
2,600,000HAI tokens allocated for Critical issue in this contest.
-
400,000HAI will be taken as a triage fee
Clear wording:
- Bounty pool — total amount of reward in the DualDefence Audit.
- Allocated bounty — amount of reward for each unique vulnerability reported.
- The total bounty pool for the DualDefence Audit will be equally split among all unique issues reported.
- Example: If three researchers identify the same vulnerability and also there are two other vulnerabilities submitted only once (total 3 unique issues reported) each vulnerability will get 1/3 of the bounty pool. Allocated bounty reward will be split between all researchers who submitted the same issue (where uniq issues receive 1/3 of the pool and researchers will get 1/9 each of the initial reward pool).
Allocated bounty reward will be split between all researchers who submitted the same issue (where uniq issues receive 1/3 of the pool and researchers will get 1/9 each of the initial reward pool).
Single Valid Submission
Full Reward: If a critical vulnerability is found by only one participant, that reporter receives 100% of the bounty pool.
Duplicate Submissions
If multiple participants find the same vulnerability, the allocated bounty for that issue (bounty pool always equally split among all unique issues reported) is divided equally among all reporters. Example: If two researchers report the same vulnerability, each receives 50% of the allocated bounty. It can be 50% of the bounty pool if only one eligible issue was reported.
Multiple Unique Submissions
Split Based on Uniqueness of issues reported:
- Unique Issue 1: Found by one reporter.
- Unique Issue 2: Found by another reporter.
Each will receive 50% of the bounty pool.
[DISCLAIMER] The reward amount will be denominated in HAI tokens which are staked in FlashPool, due to market volatility, the final USD amount may differ from the one stated in the rules.
Disclosure Guidelines
Do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization
- No vulnerability disclosure, including partial is allowed till the end of FlashBounty Audit contest.
- Please do NOT publish/discuss bugs
Eligibility and Coordinated Disclosure
We are happy to thank everyone who submits valid reports which help us improve our security. However, only those that meet the following eligibility requirements may receive a monetary reward:
- The vulnerability must be a qualifying vulnerability
- Any vulnerability found must be reported exclusively through hackenproof.com
- You must send a clear textual description of the report along with steps to reproduce the issue, include attachments such as screenshots or proof of concept code as necessary.
- You must not be a former or current employee of us or one of its contractor.
- Provide detailed but to-the point reproduction steps
Last audit
Hacken - February 2025
Assets in Scope
compliance
modular
IModularCompliance.sol - compliance/modular/IModularCompliance.sol
MCStorage.sol - compliance/modular/MCStorage.sol
ModularCompliance.sol - compliance/modular/ModularCompliance.sol
modules
AbstractModuleUpgradeable.sol - compliance/modular/modules/AbstractModuleUpgradeable.sol
CountryAllowModule.sol - compliance/modular/modules/CountryAllowModule.sol
HoldTimeModule.sol - compliance/modular/modules/HoldTimeModule.sol
IModule.sol - compliance/modular/modules/IModule.sol
MaxBalanceModule.sol - compliance/modular/modules/MaxBalanceModule.sol
ModuleProxy.sol - compliance/modular/modules/ModuleProxy.sol
SupplyLimitModule.sol - compliance/modular/modules/SupplyLimitModule.sol
AbstractModule.sol - compliance/modular/modules/AbstractModule.sol
CountryRestrictModule.sol - compliance/modular/modules/CountryRestrictModule.sol
escrow
Escrow.sol - escrow/Escrow.sol
EscrowStorage.sol - escrow/EscrowStorage.sol
TransferHelper.sol - escrow/TransferHelper.sol
EscrowController.sol - escrow/EscrowController.sol
EscrowControllerProxy.sol - escrow/EscrowControllerProxy.sol
factory
FactoryProxy.sol - factory/FactoryProxy.sol
FundFactory.sol - factory/FundFactory.sol
FundFactoryStorage.sol - factory/FundFactoryStorage.sol
ITREXFactory.sol - factory/ITREXFactory.sol
TREXFactory.sol - factory/TREXFactory.sol
IFundFactory.sol - factory/IFundFactory.sol
fund
EquityConfig.sol - fund/EquityConfig.sol
EquityConfigStorage.sol - fund/EquityConfigStorage.sol
Fund.sol - fund/Fund.sol
FundStorage.sol - fund/FundStorage.sol
IFactory.sol - fund/IFactory.sol
IFund.sol - fund/IFund.sol
ITKN.sol - fund/ITKN.sol
Helpers
Bytes.sol - Helpers/Bytes.sol
String.sol - Helpers/String.sol
onchainID
factory
IdFactory.sol - onchainID/factory/IdFactory.sol
IIdFactory.sol - onchainID/factory/IIdFactory.sol
Identity.sol - onchainID/Identity.sol
interface
IClaimIssuer.sol - onchainID/interface/IClaimIssuer.sol
IERC734.sol - onchainID/interface/IERC734.sol
IERC735.sol - onchainID/interface/IERC735.sol
IIdentity.sol - onchainID/interface/IIdentity.sol
IImplementationAuthority.sol - onchainID/interface/IImplementationAuthority.sol
proxy
IdentityProxy.sol - onchainID/proxy/IdentityProxy.sol
ImplementationAuthority.sol - onchainID/proxy/ImplementationAuthority.sol
storage
Storage.sol - onchainID/storage/Storage.sol
Structs.sol - onchainID/storage/Structs.sol
version
Version.sol - onchainID/version/Version.sol
ClaimIssuer.sol - onchainID/ClaimIssuer.sol
verifiers
Verifier.sol - onchainID/verifiers/Verifier.sol
proxy
AbstractProxy.sol - proxy/AbstractProxy.sol
authority
IAFactory.sol - proxy/authority/IAFactory.sol
IIAFactory.sol - proxy/authority/IIAFactory.sol
ITREXImplementationAuthority.sol - proxy/authority/ITREXImplementationAuthority.sol
TREXImplementationAuthority.sol - proxy/authority/TREXImplementationAuthority.sol
ClaimTopicsRegistryProxy.sol - proxy/ClaimTopicsRegistryProxy.sol
IdentityRegistryProxy.sol - proxy/IdentityRegistryProxy.sol
IdentityRegistryStorageProxy.sol - proxy/IdentityRegistryStorageProxy.sol
interface
IImplementationAuthority.sol - proxy/interface/IImplementationAuthority.sol
IProxy.sol - proxy/interface/IProxy.sol
ModularComplianceProxy.sol - proxy/ModularComplianceProxy.sol
ProxyV1.sol - proxy/ProxyV1.sol
TokenProxy.sol - proxy/TokenProxy.sol
TrustedIssuersRegistryProxy.sol - proxy/TrustedIssuersRegistryProxy.sol
registry
implementation
ClaimTopicsRegistry.sol - registry/implementation/ClaimTopicsRegistry.sol
IdentityRegistry.sol - registry/implementation/IdentityRegistry.sol
IdentityRegistryStorage.sol - registry/implementation/IdentityRegistryStorage.sol
TrustedIssuersRegistry.sol - registry/implementation/TrustedIssuersRegistry.sol
interface
IClaimTopicsRegistry.sol - registry/interface/IClaimTopicsRegistry.sol
IIdentityRegistry.sol - registry/interface/IIdentityRegistry.sol
IIdentityRegistryStorage.sol - registry/interface/IIdentityRegistryStorage.sol
ITrustedIssuersRegistry.sol - registry/interface/ITrustedIssuersRegistry.sol
storage
CTRStorage.sol - registry/storage/CTRStorage.sol
IRSStorage.sol - registry/storage/IRSStorage.sol
IRStorage.sol - registry/storage/IRStorage.sol
TIRStorage.sol - registry/storage/TIRStorage.sol
roles
AgentRole.sol - roles/AgentRole.sol
AgentRoleUpgradeable.sol - roles/AgentRoleUpgradeable.sol
Roles.sol - roles/Roles.sol
token
IToken.sol - token/IToken.sol
Token.sol - token/Token.sol
TokenStorage.sol - token/TokenStorage.sol
VERC20.sol - token/VERC20.sol
wrapper
Wrapper.sol - wrapper/Wrapper.sol
WrapperStorage.sol - wrapper/WrapperStorage.sol
WrapperProxy.sol - wrapper/WrapperProxy.sol
Duration Start date03 Mar 2025
End date29 Mar 2025
Rewards Range of bounty$0 - $75,000
Severity
Critical$75,000
High$0
Medium$0
Low$0
'%3e%3cpath%20d='M3%2021H24V24H0V0H3V21ZM6.75%2019.5C6.44587%2019.5006%206.14477%2019.4396%205.8649%2019.3205C5.58502%2019.2015%205.33219%2019.027%205.12167%2018.8075C4.91115%2018.588%204.74731%2018.3281%204.64006%2018.0435C4.5328%2017.7589%204.48436%2017.4555%204.49766%2017.1517C4.51095%2016.8478%204.58571%2016.5498%204.71741%2016.2757C4.84911%2016.0015%205.03502%2015.7569%205.2639%2015.5567C5.49279%2015.3564%205.7599%2015.2046%206.0491%2015.1105C6.3383%2015.0164%206.64358%2014.9818%206.9465%2015.009L9.3645%2010.9785C9.1434%2010.639%209.0181%2010.246%209.00182%209.84115C8.98554%209.43629%209.07888%209.03455%209.272%208.67835C9.46512%208.32215%209.75084%208.02471%2010.099%207.81743C10.4472%207.61016%2010.8448%207.50074%2011.25%207.50074C11.6552%207.50074%2012.0528%207.61016%2012.401%207.81743C12.7492%208.02471%2013.0349%208.32215%2013.228%208.67835C13.4211%209.03455%2013.5145%209.43629%2013.4982%209.84115C13.4819%2010.246%2013.3566%2010.639%2013.1355%2010.9785L15.5535%2015.009C15.6682%2014.9987%2015.7836%2014.9977%2015.8985%2015.006L19.8915%208.019C19.6046%207.59868%2019.4686%207.0935%2019.5058%206.58594C19.543%206.07837%2019.7511%205.59841%2020.0963%205.22442C20.4415%204.85043%2020.9032%204.60449%2021.4062%204.52678C21.9091%204.44906%2022.4236%204.54415%2022.8655%204.79653C23.3075%205.0489%2023.6508%205.44364%2023.8395%205.91631C24.0281%206.38897%2024.051%206.91163%2023.9043%207.39896C23.7576%207.88628%2023.45%208.30948%2023.0317%208.59945C22.6135%208.88942%2022.1093%209.02903%2021.6015%208.9955L17.6085%2015.9825C17.8379%2016.319%2017.9717%2016.7114%2017.9956%2017.118C18.0195%2017.5245%2017.9326%2017.9299%2017.7442%2018.291C17.5558%2018.652%2017.2729%2018.9552%2016.9258%2019.1681C16.5786%2019.381%2016.1802%2019.4957%2015.7729%2019.4999C15.3657%2019.5041%2014.965%2019.3978%2014.6134%2019.1922C14.2619%2018.9865%2013.9728%2018.6893%2013.7769%2018.3323C13.581%2017.9753%2013.4857%2017.5717%2013.5011%2017.1648C13.5165%2016.7578%2013.6421%2016.3627%2013.8645%2016.0215L11.4465%2011.991C11.3158%2012.0031%2011.1842%2012.0031%2011.0535%2011.991L8.6355%2016.0215C8.85679%2016.3611%208.98226%2016.7541%208.99864%2017.159C9.01503%2017.564%208.92172%2017.9659%208.72858%2018.3222C8.53544%2018.6785%208.24963%2018.9761%207.90137%2019.1834C7.5531%2019.3907%207.1553%2019.5001%206.75%2019.5Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2777_6507'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Stats Scope Review735
Submissions0
Total rewards$0
Types'%3e%3cpath%20d='M16%208.10685L12.0364%2013.0212L10.5818%2012.0459L13.7745%208.10685L10.5818%204.16784L12.0364%203.19254L16%208.10685ZM5.69273%204.16784L3.96364%203.19254L0%208.10685L3.96364%2013.0212L5.69273%2012.0459L2.5%208.10685L5.69273%204.16784ZM5.5%2015.1069L7.23091%2015.6069L10.9909%201L9.26%200.5L5.5%2015.1069Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2689_5375'%3e%3crect%20width='16'%20height='16'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Languages SLA (Service Level Agreement)
Time within which the program's triage team must respond
Response TypeBusiness days
First Response0d
Triage Time0d
Reward Time30d
Resolution Time30d