[MATIC] ERC20 Token Smart Contract Technical Assessment

Note: This has been updated from High Risk to Low Risk due the Polygon team revoking their admin access. View the history for the old report.

General Information

Risk Summary

  • Does the contract implement the ERC20 token standards? Yes.
  • Risk analysis : LOW.

Technical Information

  • Compiler version : v0.5.2+commit.1df8f40c
  • Decimals : 18
  • Overflow checks : Yes, the contract uses the SafeMath library for uint operations.
  • Mitigation against allowance race-condition : Yes, the contract implements increaseAllowance and decreaseAllowance to get around this issue.
  • Upgradeable contract patterns : No.
  • Access control or restriction lists : No.
  • Non-standard features or behaviors : No.

Formal Verification Considerations:

  • Does transfer have simple semantics? Yes.
  • Does transferFrom have simple semantics? Yes.
  • Can balances be arbitrarily modified by some actor? No.
  • Are there any external calls? No.

Testnet Information

  • Polygon is deployed on Goerli. List of relevant addresses here.

Contract Logic Summary

Administrative Addresses

None.

Inheritance Structure

MATIC uses OpenZeppelin inheritance patterns.

Contract Risk Summary

This is a low risk contract. The ERC20 function are implemented to industry standard, there are checks to prevent over/underflows, the approval race condition is correctly handled using increase/decreaseAllowance functions.

Supporting Materials

Architecture Diagram

Inheritance Diagram

MATIC-inheritance

Sūrya’s Description Report

Files Description Table

File Name SHA-1 Hash
MATIC.sol f19409035dc860548941d47655d7ff6495804384

Contracts Description Table

Contract Type Bases
Function Name Visibility Mutability Modifiers
IERC20 Interface
transfer External :exclamation: :stop_sign: NO❗️
approve External :exclamation: :stop_sign: NO❗️
transferFrom External :exclamation: :stop_sign: NO❗️
totalSupply External :exclamation: NO❗️
balanceOf External :exclamation: NO❗️
allowance External :exclamation: NO❗️
SafeMath Library
mul Internal :lock:
div Internal :lock:
sub Internal :lock:
add Internal :lock:
mod Internal :lock:
ERC20 Implementation IERC20
totalSupply Public :exclamation: NO❗️
balanceOf Public :exclamation: NO❗️
allowance Public :exclamation: NO❗️
transfer Public :exclamation: :stop_sign: NO❗️
approve Public :exclamation: :stop_sign: NO❗️
transferFrom Public :exclamation: :stop_sign: NO❗️
increaseAllowance Public :exclamation: :stop_sign: NO❗️
decreaseAllowance Public :exclamation: :stop_sign: NO❗️
_transfer Internal :lock: :stop_sign:
_mint Internal :lock: :stop_sign:
_burn Internal :lock: :stop_sign:
_burnFrom Internal :lock: :stop_sign:
Roles Library
add Internal :lock: :stop_sign:
remove Internal :lock: :stop_sign:
has Internal :lock:
PauserRole Implementation
Internal :lock: :stop_sign:
isPauser Public :exclamation: NO❗️
addPauser Public :exclamation: :stop_sign: onlyPauser
renouncePauser Public :exclamation: :stop_sign: NO❗️
_addPauser Internal :lock: :stop_sign:
_removePauser Internal :lock: :stop_sign:
Pausable Implementation PauserRole
Internal :lock: :stop_sign:
paused Public :exclamation: NO❗️
pause Public :exclamation: :stop_sign: onlyPauser whenNotPaused
unpause Public :exclamation: :stop_sign: onlyPauser whenPaused
ERC20Pausable Implementation ERC20, Pausable
transfer Public :exclamation: :stop_sign: whenNotPaused
transferFrom Public :exclamation: :stop_sign: whenNotPaused
approve Public :exclamation: :stop_sign: whenNotPaused
increaseAllowance Public :exclamation: :stop_sign: whenNotPaused
decreaseAllowance Public :exclamation: :stop_sign: whenNotPaused
ERC20Detailed Implementation IERC20
Public :exclamation: :stop_sign: NO❗️
name Public :exclamation: NO❗️
symbol Public :exclamation: NO❗️
decimals Public :exclamation: NO❗️
MaticToken Implementation ERC20Pausable, ERC20Detailed
Public :exclamation: :stop_sign: ERC20Detailed

Legend

Symbol Meaning
:stop_sign: Function can modify state
:dollar: Function is payable
9 Likes

Thank you for pointing this out.

Foundation removed pauser since contract is stable for long time and no need for any pauser going forward. You can find the transaction id here - https://etherscan.io/tx/0xc80c071cb9f46c7db3a3ecbce21a4c82bda730a94c2aa24203472d8fc0cb12b9

MATIC token is stable now and we dont believe there’s need for this access anymore. :slight_smile:

6 Likes

Thanks for correcting this so quickly. I’ll update the post to reflect the change.

4 Likes

The edit should not hide the initial findings, right now it’s just changed to the opposite review. For transparency, additions should be structured as a changelog and keep the initial findings intact.

3 Likes

If you press the edit button in the top right of the post it shows the changelog. Maybe I could add a note saying this was previously high risk? Not sure if that helps much as the code is the code. Doesn’t really matter that it was previously high risk now that it’s not.

1 Like

I’ve included a note at the top about the change.

4 Likes