Project Information
Description
Torcash an anonymous transaction smart contract on the BSC network using ZKSNARKS technology with an automatic price increment yield farm.
Torcash an anonymous transaction smart contract on the BSC network using ZKSNARKS technology with an automatic price increment yield farm.
04 Jul 2021
13 Jul 2021
Verifier | 0x77b5cd924fb56a5c6690dda4bb6e0c67f8b34d87 |
Hasher* | 0xb8941F853cCBcb4AcF0F8fe40B06E0Cc24202854 |
Anonymous Tree** | 0x728b3880DC04c8C3319b6729Fd339b35e384a0B9 |
MasterChef | 0x4c5Eb4ABF6CAF4acFe70E238554D9d284793f36d |
Anonymous-tree Deploy | 0x678aB8a6e336482cd6FC415de3eF99cf2EeA4CC4 |
TorCoin | 0xa3b6618f932d6c6b5252a501da50e3069dd049c8 |
Timelock | 0xda1e55da00265ca9ef2ddbefd7c5c49ab31eafa9 |
* Verified using compileHasher.js in github.com/tornadocash/tornado-core.
** There are 42 copies of the Anonymous Tree contract, and the listed contract above is the one we have reviewed.
View Audit Report
Found | Resolved | Partially Resolved | Acknowledged (no change made) |
|
---|---|---|---|---|
10 | 7 | 2 | 1 | |
4 | 1 | 1 | 2 | |
11 | 6 | – | 5 | |
12 | 2 | 1 | 9 | |
Total | 37 | 16 | 4 | 17 |
The TorCash team tries to ambitiously combine the Tornado Cash protocol inside the Masterchef. This effectively allows for deposited funds to generate yield until they are eventually withdrawn.
During our audit, the auditing team found a large degree of severe issues as documented in the report. A large number of these issues have been mitigated to a great extent, but not all of them were resolved, and we recommend investors to carefully go through the audit to form their opinion. Since there were many issues, it was also more difficult for our auditors to be confident that there could not be more.
We recommend the TorCash protocol to carefully reconsider and reimplement their current protocol from the ground up, instead of patching each and every issue separately. We believe that a careful redesign of the protocol could lead to a safer protocol overall.
Potential risks:
Exploits, vulnerabilities or errors that will certainly or probabilistically lead towards loss of funds, control, or impairment of the contract and its functions. Issues under this classification are recommended to be fixed with utmost urgency.
Bugs or issues with that may be subject to exploit, though their impact is somewhat limited. Issues under this classification are recommended to be fixed as soon as possible.
Effects are minimal in isolation and do not pose a significant danger to the project or its users. Issues under this classification are recommended to be fixed nonetheless.
Consistency, syntax or style best practices. Generally pose a negligible level of risk, if any.