# METAVIL Audit ## Info - Auditor: mohamed moualim - Commit hash: xx git repository (commit hash) ## Disclaimers ## Issues ## Owner Can Renounce Ownership ## [Low] **Description** Typically, the account that deploys the contract is also its owner. Consequently, the owner is able to engage in certain privileged activities in his own name. In smart contracts, the renounceOwnership function is used to renounce ownership, which means that if the contract's ownership has never been transferred, it will never have an Owner, rendering some owner-exclusive functionality unavailable. **file** * `audit-main/contracts/Airdrop.sol` (L6) * `audit-main/contracts/Creative.sol` (L6) * `audit-main/contracts/Donate.sol` (L6) * `audit-main/contracts/Private.sol` (L6) * `audit-main/contracts/Seed.sol` (L6) * `audit-main/contracts/VestingSchedule.sol` (L5) * `audit-main/contracts/CreativeMarket.sol` (L7) **Recommendation** We recommend that you prevent the owner from calling renounceOwnership without first transferring ownership to a different address. Additionally, if you decide to use a multi-signature wallet, then the execution of the renounceOwnership will require for at least two or more users to be confirmed. Alternatively, you can disable Renounce Ownership functionality by overriding it. ## Miss address verification ## [Low] **Description** Certain functions lack a safety check in the address, the address-type arguments should include a zero-address test, otherwise, the contract's functionality may become inaccessible. **file** * `audit-main/contracts/Creative.sol` (L19) * `audit-main/contracts/Creative.sol` (L23) * `audit-main/contracts/Private.sol` (L23) **Recommendation** We recommend that you make sure the addresses provided in the arguments are different from the address(0). ## Operation equal 0 ## [Informationnal] **Description** To claim the value of totals[user] * permil should be greater than 1000 but this will not creat a probleme in the claimed value because it'll be equal to 0. **file** * `audit-main/contracts/Private.sol` ## Division before multiplication ## [Medium] **Description** The result of integer division in solidity is an integer value. As a result, dividing before multiplying will result in inaccurate results, which may result in certain anomalies in the contract's logic. **file** * `audit-main/contracts/IDOWhitelist.sol` (L68) **Recommendation** Put the multiplication operations before the division operations. ## Two address of reception ## [Informational] **Description** using two address is not necessary to receive the mvtoken and the busd token . **file** **Recommendation** one address can receive the both;