Archon public report
VaultV2_Demo_Vault
Mantle Mainnet · scan depth full-report · generated 6/15/2026, 11:52:59 PM
Risk Score
86
Archon completed a read-only Mantle Mainnet audit of VaultV2_Demo_Vault and found 33 deterministic findings. The highest-priority issue is Incorrect Exp, with risk score 86/100 based on severity-weighted findings. The function may allow incorrect calculations of rewards due to improper handling of position ownership. Review the recommended fixes and run regression tests before deployment.
Findings
| Severity | Finding | Location | Confidence |
|---|---|---|---|
| high | Incorrect Exp The function may allow incorrect calculations of rewards due to improper handling of position ownership. | Math.sol:123 | 80% |
| medium | Divide Before Multiply Potential for incorrect reward calculations due to the order of operations in reward distribution. | Math.sol:123 | 75% |
| medium | Incorrect Equality Incorrect equality check may lead to unintended behavior in reward calculations. | VaultV2_Demo_Vault.sol:379 | 70% |
| low | Timestamp Use of block.timestamp can lead to vulnerabilities related to miner manipulation. | VaultV2_Demo_Vault.sol:379 | 60% |
| low | Timestamp Timestamp usage in withdrawal logic may lead to potential manipulation risks. | VaultV2_Demo_Vault.sol:206 | 65% |
| info | Assembly Assembly was detected from deterministic analysis at Address.sol:146-158. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used. | Address.sol:146 | 74% |
| info | Assembly Assembly was detected from deterministic analysis at Strings.sol:24-44. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used. | Strings.sol:24 | 74% |
| info | Assembly Assembly was detected from deterministic analysis at Math.sol:123-202. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used. | Math.sol:123 | 74% |
| info | Assembly Assembly was detected from deterministic analysis at ERC721.sol:465-482. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used. | ERC721.sol:465 | 74% |
| info | Pragma Pragma was detected from deterministic analysis at VaultV2_Demo_Vault.sol:2. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used. | VaultV2_Demo_Vault.sol:2 | 74% |
| info | Dead Code Dead Code was detected from deterministic analysis at Context.sol:25-27. The issue should be reviewed because it can affect contract correctness, user balances, or operational cost depending on how the function is used. | Context.sol:25 | 74% |
| info | Dead Code The code contains a dead code segment that is never executed. | ERC721.sol:385 | 80% |
| info | Dead Code There is a segment of dead code that is not utilized in the contract. | ERC721.sol:346 | 70% |
| info | Dead Code The contract imports unused libraries, indicating potential dead code. | Context.sol:21 | 75% |
| info | Dead Code There is a dead code section that is not invoked in the contract. | ERC721.sol:377 | 70% |
| info | Dead Code The contract contains dead event declarations that are not utilized. | ReentrancyGuard.sol:81 | 65% |
| info | Dead Code Dead code detected in ERC721.sol related to early withdrawal penalties. | ERC721.sol:224 | 80% |
| info | Solc Version The Solidity compiler version specified is ^0.8.24. | Ownable.sol:4 | 70% |
| info | Low Level Calls Low-level calls are used in Address.sol, which may introduce risks if not handled properly. | Address.sol:83 | 60% |
| info | Low Level Calls Low-level calls are present in Address.sol, which may require careful handling. | Address.sol:41 | 65% |
| info | Low Level Calls Low-level calls are utilized in Address.sol, which may pose risks if not managed correctly. | Address.sol:104 | 70% |
| info | Low Level Calls The contract uses low-level calls which can lead to unexpected behavior if not handled properly. | SafeERC20.sol:110 | 70% |
| info | Low Level Calls The contract contains low-level calls that may lead to vulnerabilities if not properly managed. | Address.sol:95 | 70% |
| info | Naming Convention Naming conventions for error messages may not follow standard practices. | IERC20Permit.sol:89 | 50% |
| info | Unindexed Event Address Events lack indexed parameters which can hinder efficient event filtering. | VaultV2_Demo_Vault.sol:85 | 60% |
| info | Unindexed Event Address The contract has unindexed event addresses which can affect event querying. | Pausable.sol:28 | 50% |
| info | Unindexed Event Address The event emitted in the contract does not index the address parameter, which may hinder event filtering. | Pausable.sol:23 | 50% |
| info | Cache repeated storage read Repeated storage reads can be cached to optimize gas usage. | VaultV2_Demo_Vault.sol:128 | 60% |
| info | Use != 0 for unsigned non-zero checks Using '>' for unsigned non-zero checks can be optimized. | VaultV2_Demo_Vault.sol:225 | 70% |
| info | Use != 0 for unsigned non-zero checks Similar to previous findings, this check can be optimized for gas efficiency. | VaultV2_Demo_Vault.sol:237 | 70% |
| info | Use != 0 for unsigned non-zero checks Another instance of non-zero checks that can be optimized. | VaultV2_Demo_Vault.sol:243 | 70% |
| info | Use != 0 for unsigned non-zero checks Using '>' for unsigned non-zero checks can be optimized. | VaultV2_Demo_Vault.sol:407 | 80% |
| info | Index high-value event fields instead of extra lookup storage Consider indexing high-value event fields to optimize storage access. | VaultV2_Demo_Vault.sol:85 | 75% |