PaymentRouter

Mantle Mainnet · scan depth deep · generated 6/11/2026, 9:56:30 PM

Risk Score

Archon completed a read-only Mantle Mainnet audit of IRevenueSplitter_Suite__3_contracts_ and found 5 deterministic findings. The highest-priority issue is Timestamp-sensitive settlement lacks explicit tolerance window, with risk score 29/100 based on severity-weighted findings. The contract's settlement mechanism relies on block timestamps without a tolerance window, which can lead to potential issues with timing attacks. Review the recommended fixes and run regression tests before deployment. External imports could not be resolved (openzeppelin/4/contracts/utils/cryptography/ECDSA.sol, openzeppelin/4/contracts/utils/cryptography/EIP712.sol, openzeppelin/4/contracts/access/Ownable.sol, openzeppelin/4/contracts/utils/ReentrancyGuard.sol); static analysis ran in reduced mode, so Slither/import-dependent checks were skipped while Archon's deterministic rules still ran.

Findings

low: 1high: 0info: 3medium: 1critical: 0

Severity	Finding	Location	Confidence
medium	Timestamp-sensitive settlement lacks explicit tolerance window The contract's settlement mechanism relies on block timestamps without a tolerance window, which can lead to potential issues with timing attacks.	PaymentRouter.sol:72	70%
low	Review calldata parameter width The function requestQuote uses a uint256 for the amount parameter, which may be unnecessarily large.	PaymentRouter.sol:69	60%
info	Cache repeated storage read The pay function reads the quotes mapping multiple times, which can be optimized.	PaymentRouter.sol:79	80%
info	Cache repeated storage read The _settle function checks the paidQuotes mapping multiple times, which can be optimized.	PaymentRouter.sol:101	80%
info	Cache repeated storage read The function checks multiple mappings for the same quoteHash, which can be optimized.	PaymentRouter.sol:121	80%

Public validation

Challenge ledger

Anyone can challenge this artifact. Archon records the challenge in the database with a deterministic hash and references any existing report proof tx/hash. No new validation contract is implied.

No challenges recorded yet.

Proof Verification

Stored report hash

0xb248a52bc479043d23a989d443f632bdc76586ce94eb3bbdf4b4fe8816aa1c78

Re-derived hash

0xb248a52bc479043d23a989d443f632bdc76586ce94eb3bbdf4b4fe8816aa1c78

Metadata URI

ipfs://Qma4TAuESoH7vch2qtubpHi2ydGoDQk3hjpkigefx9NpS6

Result

Hash match + ERC-8004 on-chain attestation present

Mantlescan

ERC-8004 Reference

{
  "author": "0xBd88eAE165F8A00B1B33357Fb0880CD4fE5C5E70",
  "agentId": "97",
  "contract": "0xe7043e2ec95eF357FbBa3359BA2f1edb10cEAD2a",
  "loggedBy": "0xBd88eAE165F8A00B1B33357Fb0880CD4fE5C5E70",
  "mechanism": "archon-proof-registry"
}

Careful scope

Archon reports are risk intelligence with confidence scores and recommended fixes. They are not guarantees, certifications, or claims that a contract is safe.