Powered by SECURI LAB
-
-
-
-
-
-
-
-
-
-
-
-
Vulnerability Findings
| ID | Vulnerability Detail | Severity | Category | Status |
| SEC-01 | Function initializing state variables (function-init-state) | Informational | Acknowledge | |
| SEC-02 | Pragma version 0.8.20 version too recent to be trusted | Informational | Acknowledge | |
| GAS-01 | Use Custom Errors | – | Acknowledge | |
| GAS-02 | Long revert strings | – | Acknowledge | |
| GAS-03 | Use != 0 instead of > 0 for unsigned integer comparison | – | Acknowledge |
SEC-01: Function initializing state variables (function-init-state)
| Vulnerability Detail | Severity | Location | Category | Status |
| Function initializing state variables (function-init-state) | Informational | Check on finding | Acknowledge |
Finding:
❌ EthaVerse.previousdevFee (EthaVerse.sol:373) is set pre-construction with a non-constant function or state variable:
Recommendation:
Recommendation: Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#function-initializing-state
Exploit Scenario:
–
Alleviation:
–
SEC-02: Pragma version 0.8.20 version too recent to be trusted
| Vulnerability Detail | Severity | Location | Category | Status |
| Pragma version 0.8.20 version too recent to be trusted | Informational | Check on finding | Acknowledge |
Finding:
❌ Pragma version0.8.20 (EthaVerse.sol:20) necessitates a version too recent to be trusted. Consider deploying with 0.8.18.
Recommendation:
Recommendation:
Deploy with any of the following Solidity versions:
– 0.8.18
The recommendations take into account:
– Risks related to recent releases
– Risks of complex code generation changes
– Risks of new language features
– Risks of known bugs
Use a simple pragma version that allows any of these versions.
Consider using the latest version of Solidity for testing.
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity
Exploit Scenario:
–
Alleviation:
–
GAS-01: Use Custom Errors
| Vulnerability Detail | Severity | Location | Category | Status |
| Use Custom Errors | – | Check on finding | Acknowledge |
Finding:
165: require(c >= a, “SafeMath: addition overflow”);
217: require(c / a == b, “SafeMath: multiplication overflow”);
326: require(_owner == _msgSender(), “Ownable: caller is not the owner”);
354: require(newOwner != address(0), “Ownable: new owner is the zero address”);
543: require(from != address(0), “ERC20: transfer from the zero address”);
544: require(amount > 0, “Transfer amount must be greater than zero”);
546: require(amount <= _maxTxAmount, “Transfer amount exceeds the maxTxAmount.”);
595: require(account != address(0), “ERC20: burn from the zero address”);
616: require(owner != address(0), “ERC20: approve from the zero address”);
617: require(spender != address(0), “ERC20: approve to the zero address”);
Recommendation:
[Source](https://blog.soliditylang.org/2021/04/21/custom-errors/)
Instead of using error strings, to reduce deployment and runtime cost, you should use Custom Errors. This would save both deployment and runtime cost.
Alleviation:
–
GAS-02: Long revert strings
| Vulnerability Detail | Severity | Location | Category | Status |
| Long revert strings | – | Check on finding | Acknowledge |
Finding:
217: require(c / a == b, “SafeMath: multiplication overflow”);
354: require(newOwner != address(0), “Ownable: new owner is the zero address”);
543: require(from != address(0), “ERC20: transfer from the zero address”);
544: require(amount > 0, “Transfer amount must be greater than zero”);
546: require(amount <= _maxTxAmount, “Transfer amount exceeds the maxTxAmount.”);
595: require(account != address(0), “ERC20: burn from the zero address”);
616: require(owner != address(0), “ERC20: approve from the zero address”);
617: require(spender != address(0), “ERC20: approve to the zero address”);
Recommendation:
–
Alleviation:
–
GAS-03: Use != 0 instead of > 0 for unsigned integer comparison
| Vulnerability Detail | Severity | Location | Category | Status |
| Use != 0 instead of > 0 for unsigned integer comparison | – | Check on finding | Acknowledge |
Finding:
250: require(b > 0, errorMessage);
544: require(amount > 0, “Transfer amount must be greater than zero”);
Recommendation:
–
Alleviation:
–
SECURI LAB has successfully performed an individual verification. and that person has passed the verification successfully Also, an investigation with the Acuris Risk Intelligence network database revealed that no criminal activity was found.
SECURI LAB IS NOT FINANCIAL ADVICE PLEASE DO YOUR OWN RESEARCH DYOR!
Powered by SECURI LAB SIPNet+
KYC Report Information
| About Report | EthaVerse KYC Report |
| Version | v1.0 |
| Client | EthaVerse |
| Project Name | EthaVerse |
| Website | https://www.etha-verse.com/ |
| Platform | Ethereum |
| Identities Document | National ID Card – Turkey |
| Relationship with the project | Owner (Verified) |
| Number of people who perform KYC | 1 |
| The number of Sanction databases that have performed the KYC. | 96 of Sanction Database & Regulator Law Enforcement Database |
| Matching Sanction/Law Enforcement or Regulatory Enforcement database | 0 [Not found] |
| Financial Crime and Fraud | 0 [Not found] |
| Cybercrime Or Scam | 0 [Not found] |
| Scanning Date | 19 MAY 2023 (UTC+07:00) |
| Identity Check with AI | FACE ANALYSIS Facial similarity – passed Previously enrolled face – passed AUTHENTICITY ANALYSIS INTEGRITY ANALYSIS FACIAL SIMILARITY SCORE LIVENESS CHECK SCORE |
| Document Check with AI | Security elements – passed Photo location – passed Document liveness – passed Expiration date – passed Specimen check – passed |
*Identities Document
Passport: A passport is a travel document issued by a country’s government to its citizens that verifies the identity and nationality of the holder for the purpose of international travel..
National ID: used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other governmentally-related functions.
Driver License: A legal authorization, or the official document confirming such an authorization, for a specific individual to operate one or more types of motorized vehicles—such as motorcycles, cars, trucks, or buses—on a public road. Such licenses are often plastic and the size of a credit card.
Residence Permit: A document or card required in some regions, allowing a foreign national to reside in a country for a fixed or indefinite length of time. These may be permits for temporary residency, or permanent residency. The exact rules vary between regions. In some cases (e.g. the UK[4]) a temporary residence permit is required to extend a stay past some threshold, and can be an intermediate step to applying for permanent residency.
*Relationship with the project from highest confident to low confident
Owner: Project owner including founder and co-founder This also includes shareholders.
C-Level: Project management with authority on the agenda of the meeting, such as CEO, COO, CMO, CFO..
Developer: Eligible project developers can make changes to the Smart Contract for that project.
Note: Marketing Developer, Front-end Developer are not authorized in this section.
DAO: Decentralized Autonomous Organizations There must be a minimum of 75% or three-fourths of the total voting rights for each proposal. KYC procedures must be performed.
Team: Person assigned or working within that project
Disclaimer
Regarding KYC reports, we are not responsible for any information received. or errors arising from the inspection including not being responsible for any law
For identity verification, SECURI will perform a personal check. by attaching to the received documents Verification will not request authenticity to the department of the document issuer, but SECURI will verify identity from photos and videos. And once the analysis is complete, SECURI will perform an audit by searching the list in the Sanction Database & Regulator/Law Enforcement Database to verify that: The person undergoing KYC is not a wanted person such as Notics from Interpol , EUROPOL , FBI Wanted and the person is not involved in any crime or fraud or any crime related to finance. This review will not release any personal information to the public. unless the person is found to be a wanted person or committed a crime related to finances
KYC Report is Not Financial/Investment Advice Any loss arising from any investment in any project is the responsibility of the investor.
SECURI LAB disclaims any liability incurred. Whether it’s Rugpull, Abandonment, Soft Rugpull , Exploit
SECURI LAB has the right to be able to publish the details of personal data that perform KYC operations, which can be made public or distributed to department under Law Enforcement. You can contact SECURI to request information at [email protected] using title: [Law Enforcement] [Your Department] [Project Name].
SECURI LAB is not liable for any applicable law for any privacy policy for KYC services such as GDPR , PDPA.
IF YOU GOT ANY SCAM / RUGPULL Please contact your local legal authority such as local police department
Executive Summary
For this KYC Report, SECURI LAB received a request from EthaVerse on Monday, May 8, 2023.
SECURI will perform a Personal Authentication (KYC) check with the following checks:
KYC Result
SECURI operates KYC. We would like to inform you of the results as follows:
| Document & Identity Verification Check | Most Wanted
EX. FBI, Interpol, EUROPOL |
SIP/REP/PEP | Sanction DB | Journal/Source and Online Media Scan |
| Passed
|
Not found | Not found | Not found | Not found |
*SIP is Special Interest Persons | REP is Regulatory Enforcement Persons | PEP is Politically Exposed Persons