Powered by SECURI LAB
-
yes
-
-
yes
-
-
yes
-
-
-
yes
Vulnerability Severity Summary
Vulnerability Severity Level | Total |
Critical | 0 |
High | 1 |
Medium | 1 |
Low | 0 |
Very Low | 0 |
Informational (Non severity level) | 4 |
Vulnerability Findings
ID | Title | Severity | Status |
SEC-01 | Owner can change user balance by using burn function | High | Acknowledge |
SEC-02 | Imprecise arithmetic operations order (divide-before-multiply) | Medium | Acknowledge |
SEC-03 | Unused state variables (unused-state) | Informational | Acknowledge |
SEC-04 | Comparison to boolean constant (boolean-equal) | Informational | Acknowledge |
SEC-05 | If different pragma directives are used (pragma) | Informational | Acknowledge |
SEC-06 | Conformity to Solidity naming conventions (naming-convention) | Informational | Acknowledge |
SEC-01: Owner can change user balance by using burn function
Type | Severity | Location | Status |
Owner can change user balance by using burn function | High | Check on finding | Acknowledge |
Finding:
❌ (AjiraPayFinanceToken.sol#373-382)
Exploit Scenario:
The contract owner has the authority to modify the balance of tokens at other addresses, which may result in a loss of assets.
Alleviation:
Ajira Pay team has Acknowledge this issue.
SEC-02: Imprecise arithmetic operations order (divide-before-multiply)
Type | Severity | Location | Status |
Imprecise arithmetic operations order (divide-before-multiply) | Medium | Check on finding | Acknowledge |
Finding:
❌ AjiraPayFinanceToken._swapAndLiquify(uint256) (AjiraPayFinanceToken.sol:432-459) performs a multiplication on the result of a division:
❌ AjiraPayFinanceToken._swapAndLiquify(uint256) (AjiraPayFinanceToken.sol:432-459) performs a multiplication on the result of a division:
Recommendation:
Consider ordering multiplication before division.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply
Exploit Scenario:
Solidity’s integer division truncates. Thus, performing division before multiplication can lead to precision loss.
contract A {
function f(uint n) public {
coins = (oldSupply / n) * interest;
}
}
If n is greater than oldSupply, coins will be zero. For example, with oldSupply = 5; n = 10, interest = 2, coins will be zero.
If (oldSupply * interest / n) was used, coins would have been 1.
In general, it’s usually a good idea to re-arrange arithmetic to perform multiplication before division, unless the limit of a smaller type makes this dangerous.
Alleviation:
Ajira Pay team has Acknowledge this issue.
SEC-03: Unused state variables (unused-state)
Type | Severity | Location | Status |
Unused state variables (unused-state) | Informational | Check on finding | Acknowledge |
Finding:
❌ AjiraPayFinanceToken._allowances (AjiraPayFinanceToken.sol:219) is never used in AjiraPayFinanceToken (AjiraPayFinanceToken.sol#199-538)
❌ AjiraPayFinanceToken.devTreasuryPercent (AjiraPayFinanceToken.sol:229) is never used in AjiraPayFinanceToken (AjiraPayFinanceToken.sol#199-538)
Recommendation:
Remove unused state variables.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable
Exploit Scenario:
–
Alleviation:
Ajira Pay team has Acknowledge this issue.
SEC-04: Comparison to boolean constant (boolean-equal)
Type | Severity | Location | Status |
Comparison to boolean constant (boolean-equal) | Informational | Check on finding | Acknowledge |
Finding:
❌ AjiraPayFinanceToken._transfer(address,address,uint256) (AjiraPayFinanceToken.sol:387-419) compares to a boolean constant:
❌ AjiraPayFinanceToken._transfer(address,address,uint256) (AjiraPayFinanceToken.sol:387-419) compares to a boolean constant:
Recommendation:
Remove the equality to the boolean constant.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#boolean-equality
Exploit Scenario:
Detects the comparison to boolean constants.
contract A {
function f(bool x) public {
// …
if (x == true) { // bad!
// …
}
// …
}
}
Boolean constants can be used directly and do not need to be compare to true or false.
Alleviation:
Ajira Pay team has Acknowledge this issue.
SEC-05: If different pragma directives are used (pragma)
Type | Severity | Location | Status |
If different pragma directives are used (pragma) | Informational | Check on finding | Acknowledge |
Finding:
❌ Different versions of Solidity are used:
Recommendation:
Use one Solidity version.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used
Exploit Scenario:
–
Alleviation:
Ajira Pay team has Acknowledge this issue.
SEC-06: Conformity to Solidity naming conventions (naming-convention)
Type | Severity | Location | Status |
Conformity to Solidity naming conventions (naming-convention) | Informational | Check on finding | Acknowledge |
Finding:
❌ Parameter AjiraPayFinanceToken.burn(address,uint256)._account (AjiraPayFinanceToken.sol:373) is not in mixedCase
Finding:
❌ Parameter AjiraPayFinanceToken.burn(address,uint256)._amount (AjiraPayFinanceToken.sol:373) is not in mixedCase
❌ Parameter AjiraPayFinanceToken.setBuyBackEnabled(bool)._enabled (AjiraPayFinanceToken.sol:364) is not in mixedCase
❌ Variable AjiraPayFinanceToken.DEAD (AjiraPayFinanceToken.sol:209) is not in mixedCase
❌ Variable AjiraPayFinanceToken._isExcludedFromFee (AjiraPayFinanceToken.sol:217) is not in mixedCase
Recommendation:
Follow the Solidity [naming convention](https://solidity.readthedocs.io/en/v0.4.25/style-guide.html#naming-conventions).
Exploit Scenario:
Solidity defines a naming convention that should be followed.
Rule exceptions
Follow the Solidity naming convention.
Alleviation:
Ajira Pay team has Acknowledge this issue.
SECURI LAB has successfully performed an individual verification. and that person has passed the verification successfully Also, an investigation with the Acuris Risk Intelligence network database revealed that no criminal activity was found.
SECURI LAB IS NOT FINANCIAL ADVICE PLEASE DO YOUR OWN RESEARCH DYOR!
Powered by SECURI LAB SIPNet+
KYC Report Information
About Report | Ajira Pay Finance KYC Report |
Version | v1.0 |
Client | Ajira Pay Finance |
Project Name | Ajira Pay Finance |
Website | https://ajirapay.finance/ |
Platform | BNB Chain (Previously Binance Smart Chain) |
Contract Address | 0xC55b03dC07EC7Bb8B891100E927E982540f0d181 |
Identities Document | National ID Card (JAMHURI YA KENYA) |
Organization issues documents | REPUBLIC OF KENYA |
Relationship with the project | Owner / Core DEV |
Number of people who perform KYC | 1 |
The number of Sanction databases that have performed the KYC. | 96 of Sanction Database & Regulator Law Enforcement Database |
Matching Sanction/Law Enforcement or Regulatory Enforcement database | 0 [Not found] |
Financial Crime and Fraud | 0 [Not found] |
Cybercrime Or Scam | 0 [Not found] |
Scanning Date | 26 Feb 2023 03:47 PM (UTC+07:00) SCANING ID: S1204215 |
*Identities Document
Passport: A passport is a travel document issued by a country’s government to its citizens that verifies the identity and nationality of the holder for the purpose of international travel..
National ID: used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other governmentally-related functions.
Driver License: A legal authorization, or the official document confirming such an authorization, for a specific individual to operate one or more types of motorized vehicles—such as motorcycles, cars, trucks, or buses—on a public road. Such licenses are often plastic and the size of a credit card.
Residence Permit: A document or card required in some regions, allowing a foreign national to reside in a country for a fixed or indefinite length of time. These may be permits for temporary residency, or permanent residency. The exact rules vary between regions. In some cases (e.g. the UK[4]) a temporary residence permit is required to extend a stay past some threshold, and can be an intermediate step to applying for permanent residency.
*Relationship with the project
Owner: Project owner including founder and co-founder This also includes shareholders.
C-Level: Project management with authority on the agenda of the meeting, such as CEO, COO, CMO, CFO..
Developer: Eligible project developers can make changes to the Smart Contract for that project.
Note: Marketing Developer, Front-end Developer are not authorized in this section.
DAO: Decentralized Autonomous Organizations There must be a minimum of 75% or three-fourths of the total voting rights for each proposal. KYC procedures must be performed.
Team: Person assigned or working within that project
Disclaimer
Regarding KYC reports, we are not responsible for any information received. or errors arising from the inspection including not being responsible for any law
For identity verification, SECURI will perform a personal check. by attaching to the received documents Verification will not request authenticity to the department of the document issuer, but SECURI will verify identity from photos and videos. And once the analysis is complete, SECURI will perform an audit by searching the list in the Sanction Database & Regulator/Law Enforcement Database to verify that: The person undergoing KYC is not a wanted person such as Notics from Interpol , EUROPOL , FBI Wanted and the person is not involved in any crime or fraud or any crime related to finance. This review will not release any personal information to the public. unless the person is found to be a wanted person or committed a crime related to finances
KYC Report is Not Financial/Investment Advice Any loss arising from any investment in any project is the responsibility of the investor.
SECURI disclaims any liability incurred. Whether it’s Rugpull, Abandonment, Soft Rugpull , Exploit
SECURI has the right to be able to publish the details of personal data that perform KYC operations, which can be made public or distributed to department under Law Enforcement. You can contact SECURI to request information at [email protected] using title: [Law Enforcement] [Your Department] [Project Name].
SECURI is not liable for any applicable law for any privacy policy for KYC services such as GDPR , PDPA.
IF YOU GOT ANY SCAM / RUGPULL Please contact your local legal authority such as local police department
Executive Summary
For this KYC Report, SECURI LAB received a request from Ajira Pay on Saturday, February 25, 2023.
SECURI will perform a Personal Authentication (KYC) check with the following checks:
KYC Result
SECURI operates KYC. We would like to inform you of the results as follows:
Document & Identity Verification Check | Most Wanted
EX. FBI, Interpol, EUROPOL |
SIP/REP/PEP | Sanction DB | Journal/Source and Online Media Scan |
Passed
|
Not found | Not found | Not found | Not found |
*SIP is Special Interest Persons | REP is Regulatory Enforcement Persons | PEP is Politically Exposed Persons