Smart Contract Security Audit — Trustmura

1

2

3

4

Critical

Vulnerable.sol

function withdraw(uint amount) external {
    require(balances[msg.sender] >= amount);
    // ⚠️ External call before state update
    (bool ok, ) = msg.sender.call{value: amount}("");
    require(ok);
    balances[msg.sender] -= amount;
}

High

Overflow.sol

// Solidity < 0.8.0 — no built-in overflow check
uint8 balance = 255;
balance += 1; // ⚠️ Wraps to 0

// ✅ Use SafeMath or Solidity >= 0.8.0
balance = balance + 1; // Reverts on overflow

High

AccessControl.sol

// ⚠️ Missing access control
function setPrice(uint _price) external {
    price = _price;
}

// ✅ With proper modifier
function setPrice(uint _price) external onlyOwner {
    price = _price;
}

Medium

FlashLoan.sol

// ⚠️ Price derived from single pool — manipulable
uint price = reserveA / reserveB;

// ✅ Use time-weighted average price (TWAP)
uint price = oracle.consult(token, period);

Medium

Frontrun.sol

// ⚠️ Vulnerable to sandwich attack
function swap(uint amountIn) external {
    uint amountOut = getAmountOut(amountIn);
    token.transfer(msg.sender, amountOut);
}

// ✅ Use minimum output amount
function swap(uint amountIn, uint minOut) external {
    uint amountOut = getAmountOut(amountIn);
    require(amountOut >= minOut, "Slippage");
    token.transfer(msg.sender, amountOut);
}

Low

ReturnValue.sol

// ⚠️ Ignoring return value
token.transfer(to, amount);

// ✅ Check return value
bool success = token.transfer(to, amount);
require(success, "Transfer failed");

// ✅ Or use SafeERC20
SafeERC20.safeTransfer(token, to, amount);

Completed 2026-03-10

VaultDeFi Protocol

Smart Contract Audit

Comprehensive security audit of VaultDeFi's lending and borrowing protocol including interest rate models, liquidation mechanisms, and flash loan implementations.

Findings: 27 LoC: 12,500 Duration: 3 weeks

High: 2 Medium: 5 Low: 8 Info: 12

Completed 2026-02-18

NexBridge

Cross-Chain Bridge Audit

Full security assessment of NexBridge's cross-chain messaging protocol and token bridge contracts across Ethereum, BSC, and Polygon networks.

Findings: 23 LoC: 18,200 Duration: 4 weeks

Critical: 1 High: 3 Medium: 4 Low: 6 Info: 9

Completed 2026-01-25

MetaKnight Games

NFT & GameFi Audit

Security review of MetaKnight's NFT minting contracts, marketplace, staking mechanisms, and in-game token economy smart contracts.

Findings: 22 LoC: 9,800 Duration: 2 weeks

High: 1 Medium: 3 Low: 7 Info: 11

Completed 2025-12-15

StellarSwap DEX

DEX Protocol Audit

End-to-end audit of StellarSwap's automated market maker, liquidity pools, farming contracts, and governance token distribution mechanism.

Findings: 31 LoC: 22,000 Duration: 5 weeks

High: 2 Medium: 6 Low: 9 Info: 14

Completed 2025-11-08

ChainPay Solutions

Payment Gateway Audit

Security audit of ChainPay's multi-chain payment processing contracts, escrow system, and merchant settlement protocols.

Findings: 18 LoC: 8,500 Duration: 2 weeks

High: 1 Medium: 4 Low: 5 Info: 8

Completed 2025-10-20

OmniLend Finance

Lending Protocol Audit

Comprehensive review of OmniLend's cross-chain lending protocol including collateral management, oracle integration, and risk parameters.

Findings: 25 LoC: 15,600 Duration: 4 weeks