Security Audit Report

WalletGuard.ai, powered by Gestalt Labs

April 17, 2026

ID: 77adeb68

0xe269...5494EVMBench: 2024-06-vultisigv1View audit historyEthereumLive TargetCritical Risk

Verified on BaseVerify externally Prompt 0xd29afd...

Apr 17, 2026, 06:02

Standard AuditModel: Claude Sonnet 4.6

What you got

Tier: Standard ($29)
Model: Sonnet
Specialists completed: 8 of 8

Risk Level: Critical Risk

Efficiency

0C10H6M8L

24 security | 3 code quality | 2 gas

10 High: ILOPool.sol (6), ILOManager.sol (3), UniswapV3Oracle.sol (1)

In-Scope Security Score Guide

8.0 - 10.0Low Risk. No critical issues. Safe for interaction.

5.0 - 7.9Moderate Risk. Some issues found. Review before interacting.

1.0 - 4.9High/Critical Risk. Significant vulnerabilities detected.

Score is based on 29 findings from 9 specialist agents.

Exploit Analysis

Findings selected for deep verification. Where possible we generated a Solidity proof-of-concept and executed it against a forked mainnet.

Architectural

Architectural Risk

high

Reentrancy in buy() - totalRaised updated before token transfer but NFT minting creates re-entry risk

File: src/ILOPool.solFunction: buyLines: 93-128

Why no PoC

Pattern, not single-tx exploit

Exploitability

7.4 / 10

Architectural Risk

low

Multicall uses msg.value across delegatecall iterations — same msg.value visible in all iterations

File: src/base/Multicall.solFunction: multicallLines: 14-29

Why no PoC

Pattern, not single-tx exploit

Exploitability

7.7 / 10

Architectural Risk

low

IILOVest.vestingStatus() Missing `view` Modifier in Interface Definition

File: src/interfaces/IILOVest.solFunction: vestingStatusLines: 28-31

Why no PoC

Pattern, not single-tx exploit

Exploitability

6.8 / 10

Executive Summary

The analyzed contract is an Initial Liquidity Offering (ILO) platform built on Uniswap V3, encompassing pool management, whitelist enforcement, vesting, and fee distribution. The analysis identified 0 critical, 10 high, 6 medium, 7 low, and 6 informational findings across 29 total submissions prior to deduplication and gate filtering. The single most dangerous pattern is the shared Uniswap V3 position fee collection in ILOPool.claim(), where a single claimer can drain fees belonging to all other investors due to the use of type(uint128).max in pool.collect() against a shared position. Overall, this contract presents significant security risk and should not be deployed in its current form; multiple high-severity findings with clear exploit paths affect fund distribution, access control, and oracle integrity.

Critical Highlights

highILOPool.claim() transfers tokens to ownerOf(tokenId) after collecting all fees, causing incorrect distribution when NFT is transferred

All investors in an ILO share a single Uniswap V3 liquidity position. When any investor calls claim(), the contract withdraws ALL accumulated trading fees for that entire shared position, not just the fees owed to that one investor. The first person to claim gets credit for fees proportional to their share, but the rest of the collected fees go to the fee collector rather than to the other investors. This means subsequent claimers receive nothing from the fee pool that had already been drained, effectively stealing trading fee income from every other participant.

highILOPool buy() Uses balanceOf(recipient) to Check Existing Position but Recipient Can Have Multiple Tokens

Each investor is supposed to be limited to a maximum investment amount per address. However, an investor can buy up to their maximum, transfer their NFT position to a different wallet, then buy up to the maximum again with the same original address. By repeating this cycle, a single entity can accumulate far more than the intended cap, undermining the fairness of the token sale and allowing a single actor to dominate the ILO allocation.

highILOManager.launch() Has No Access Control — Anyone Can Trigger Launch

The function that launches the ILO and deploys all raised funds into Uniswap can be called by absolutely anyone, not just the project organizer. Once the launch time passes and the Uniswap pool price happens to match the initial price, any external party can trigger the launch. Combined with the finding that the price check uses an exact equality that can be manipulated, this creates a situation where an attacker can force a project to launch at an unintended time or in unfavorable conditions.

24 Security Findings | 3 Code Quality | 2 Gas Optimizations

high(10)

medium(6)

low(8)

Code Quality Observations(3)

Gas Optimizations(2)

Decentralization

1 centralization point identified

approveAndCall in Vultisig.sol allows arbitrary external calls with user-controlled spender address

This is a known design-level property of the approveAndCall pattern; the risk is user-self-inflicted and requires the user to voluntarily call the function with a malicious address they control.

approveAndCall()

Attack Chain Analysis

Oracle Manipulation to Whitelist Cap Bypasshigh

Finding 15 (UniswapV3Oracle TWAP period degrades to near-spot on new pools) enables an attacker to manipulate the VULT/WETH pool price via a flash loan or large swap in the same block. Finding 6 (Whitelist.checkWhitelist uses unvalidated oracle) means that the manipulated oracle price is used directly to estimate the ETH value of a VULT purchase. If the attacker depresses the reported ETH price per VULT, the _maxAddressCap check passes even for purchases that should exceed the cap. The attacker can then acquire far more VULT tokens than permitted during the whitelist period, concentrating token holdings and undermining the fairness of the whitelist mechanism.

UniswapV3Oracle TWAP period degrades to 0 when pool is new, allowing spot price usageWhitelist.checkWhitelist() uses unvalidated oracle for ETH contribution accounting

Permissionless Launch with Price Manipulation Enabling Forced Launchhigh

Finding 12 (ILOManager.launch() has no access control) allows any external caller to trigger launch once launchTime passes. Finding 4 (ILOManager.launch() requires exact sqrtPrice match) shows that the price check uses spot price from slot0(), not TWAP. An attacker can monitor the pool, perform swaps to bring the current pool price exactly to initialPoolPriceX96, and then immediately call launch() in the same transaction or bundle, forcing the project to launch at a moment of the attacker's choosing. This bypasses any intended timing control by the project admin and can be used to launch when conditions benefit the attacker.

ILOManager.launch() Has No Access Control — Anyone Can Trigger LaunchILOManager.launch() requires exact sqrtPrice match which can be manipulated or fail due to pool tick movement

Fee Accounting Underflow Leading to Claim DoShigh

Finding 1 (pool.collect with type(uint128).max drains shared fees) and Finding 18 (unchecked subtraction amountCollected0 - amount0 can underflow in Solidity 0.7.6) interact as follows: because pool.collect() is called with type(uint128).max and collects fees from ALL investors, the relationship between amountCollected and the per-user computed amount0 can diverge unpredictably across claims. In Solidity 0.7.6 without overflow protection, if rounding or the shared-fee drain causes amount0 to exceed amountCollected0 in a subsequent claim, the subtraction silently wraps to a huge number. The resulting fee transfer attempt will revert, permanently DoS-ing claim() for affected investors.

ILOPool.claim() transfers tokens before updating fee growth state — partial CEI violationUnchecked subtraction amountCollected0-amount0 in claim() can underflow

Front-Run Initialize to Seize Protocol Ownershiphigh

Finding 9 (tx.origin used for ownership in ILOManager constructor) establishes that ownership is set to tx.origin at deployment time, which in a factory deployment context is the EOA invoking the factory. Finding 13 (ILOManager.initialize() can be called by anyone before first initialization) shows that initialize() has no ownership check, only a whenNotInitialized guard. If the deployment transaction and initialization transaction are separate, a front-runner observing the deployment transaction can call initialize() first, setting themselves as owner and feeTaker and seizing full protocol control.

tx.origin Used for Ownership Transfer in ILOManager ConstructorILOManager.initialize() can be called by anyone before first initialization

Agent Coverage

Agent	Status	Findings	Severity	Confidence	Duration	Coverage
reentrancy	success	10	2H	64%	2.0m	Classic reentrancy (CEI pattern) in ILOPool.buy(), claim(), claimRefund(), claimProjectRefund(), Cross-function reentrancy across buy/claim/refund sharing position state, ERC-777 callback reentrancy via token transfer hooks in buy() and claim(), ERC-1155 callback patterns - not present in this contract, Read-only reentrancy in view functions (vestingStatus, positions, totalSold), Whitelist.receive() self-whitelist reentrancy via ETH transfer callback, approveAndCall in Vultisig - arbitrary external call pattern, Oracle manipulation in UniswapV3Oracle.peek() and Whitelist.checkWhitelist(), Launch price validation logic in ILOManager.launch(), Access control on project admin functions, tx.origin usage in ILOManager constructor, buy() recipient != msg.sender whitelist bypass logic, Multicall payable delegation - msg.value reuse risk, uniswapV3MintCallback authentication (msg.sender == _cachedUniV3PoolAddress), ILOPool.launch() vesting configuration and liquidity distribution, refundable() modifier state transition safety, Integer overflow/underflow in fee deduction calculations, Fee taker transfer arithmetic (amountCollected - amount) potential underflow
access control	success	9	3H2M	78%	1.5m	Access control on all public/external functions in ILOManager, ILOPool, Whitelist, VultisigWhitelisted, and Vultisig, Initializer protection in ILOPool (Initializable base), ILOManager, tx.origin usage for authorization in ILOManager constructor, Signature-based authentication (none found), Multicall delegatecall with payable pattern, ERC721 transfer hooks and reentrancy in claim(), Oracle manipulation risks in Whitelist.checkWhitelist(), Per-user cap bypass in ILOPool.buy() via NFT transfer, Launch function access control, Clone deployment front-running of initialize(), Fee calculation correctness in _deductFees(), Vesting schedule validation in ILOVest, Whitelist self-registration via ETH transfer, approveAndCall pattern in Vultisig, TWAP oracle reliability in UniswapV3Oracle, Ownership transfer patterns
economic	success	10	2H	73%	1.8m	Flash loan attack vectors on price calculations and balance dependencies, Oracle manipulation in UniswapV3Oracle (TWAP window, spot price fallback), Whitelist ETH cap enforcement via oracle price, ILOPool buy() access control and per-user cap enforcement, ILOPool claim() fee collection and distribution logic, ILOPool launch() price verification using slot0(), ILOManager launch() permissionless execution and price manipulation, Governance attack vectors (project admin privileges), Reentrancy in Whitelist.receive() and ILOPool.claim(), Integer overflow/underflow in fee calculations, MEV exposure in launch and claim operations, Sybil resistance in whitelist mechanism, VultisigWhitelisted _beforeTokenTransfer hook, Vultisig approveAndCall() pattern, ILOVest vesting schedule validation, Multicall payable msg.value reuse risk, ChainId library usage for salt generation, PoolAddress deterministic address computation
logic validation	success	13	2H1M3L	72%	2.2m	Input validation on all public/external functions in ILOPool, ILOManager, Whitelist, Vultisig, Arithmetic safety in Solidity 0.7.6 (no built-in overflow protection) — all arithmetic operations, State machine integrity for ILO lifecycle (buy, launch, refund, claim), Reentrancy vectors in claim(), buy(), claimRefund(), Oracle manipulation in UniswapV3Oracle and Whitelist.checkWhitelist(), Multicall delegatecall with msg.value pattern, NFT transfer during claim() — ownerOf called multiple times, Fee calculation underflow in claim() — amountCollected - amount, Unbounded loops in launch() and claimRefund(), Timestamp dependence in vesting and sale period checks, abi.encodePacked usage in PositionKey and ILOManager salt, EIP-712 and signature replay — not applicable, no signatures used, Access control on all owner/admin functions, Whitelist bypass vectors, Vesting schedule validation in ILOVest, Precision loss in fee and liquidity calculations using FullMath, Downcast safety in uint128 conversions
code quality	success	16		78%	2.4m	ERC-20 compliance (Vultisig, WETH9), ERC-721 compliance (ILOPool), Access control on all external/public functions, Integer overflow/underflow (especially Solidity 0.7.6 code), Reentrancy vectors in claim(), buy(), launch(), claimRefund(), Oracle manipulation in UniswapV3Oracle and Whitelist, State machine transitions (launch, refund, claim states), Cross-function logic in ILOManager and ILOPool, Whitelist bypass vectors, Signature/authentication in approveAndCall, Gas optimization opportunities, Proxy/initialization patterns in ILOManager and ILOPool, Unchecked arithmetic in Solidity 0.7.6 code, External call safety (TransferHelper patterns)
compiler bugs	success	6	1M	75%	1.3m	ILOPool.buy() - whitelist, cap checks, fund transfer, NFT minting logic, ILOPool.claim() - liquidity calculation, fee deduction, token transfers, ownerOf() usage, ILOPool.launch() - access control, liquidity deployment, vesting assignment, ILOPool.claimRefund() / claimProjectRefund() - refund conditions, token transfers, ILOManager.launch() - access control, price check, ILOManager.initProject() / initILOPool() - project admin controls, ILOManager.claimRefund() - refund deadline enforcement, UniswapV3Oracle.peek() - TWAP period fallback, price manipulation risk, Whitelist.checkWhitelist() - oracle-based ETH estimation, cap enforcement, VultisigWhitelisted._beforeTokenTransfer() - whitelist contract interaction, Vultisig.approveAndCall() - approve-then-call pattern, Multicall - delegatecall usage with msg.value, PeripheryPayments - WETH payment logic, ILOVest._unlockedLiquidity() - vesting schedule calculations, Compiler bug patterns for Solidity 0.7.6 (no ABIEncoderV2 storage array bug triggers found), Reentrancy vectors in claim() and buy(), Integer overflow/underflow in Solidity 0.7.6 unchecked arithmetic contexts
assembly safety	success	10	1H1M1L	74%	2.0m	Full source codepoint scan for non-ASCII characters, RTLO (U+202E), zero-width joiners/spaces, and Cyrillic homoglyphs — none found, All assembly{} blocks in TickMath.sol, FullMath.sol, ChainId.sol, Multicall.sol — checked for reversed shift arguments, hardcoded slot access, return vs leave, selfdestruct patterns, ILOPool.sol buy() logic — whitelist bypass, cap enforcement, msg.sender vs recipient mismatch, ILOPool.sol claim() — CEI ordering, fee accounting, TOCTOU with ownerOf(), ILOPool.sol launch() — access control, fund flow, ILOManager.sol launch() — access control (anyone can call), ILOManager.sol initialize() — whenNotInitialized pattern, ownership, Whitelist.sol checkWhitelist() — oracle manipulation, ETH cap bypass, Whitelist.sol receive() — reentrancy via ETH refund, UniswapV3Oracle.sol peek() — TWAP manipulation with short observation periods, Vultisig.sol approveAndCall() — arbitrary external call risk, VultisigWhitelisted.sol _beforeTokenTransfer() — whitelist contract trust, ILOVest.sol _validateSharesAndVests() — share validation logic, Multicall.sol — delegatecall patterns, msg.value reuse, PeripheryPayments.sol — ETH/WETH payment logic, LiquidityManagement.sol — uniswapV3MintCallback authentication, All integer arithmetic for overflow/underflow (Solidity 0.7.6 and 0.8.24 contexts), ERC721 enumerable usage and tokenOfOwnerByIndex assumptions, Clones.cloneDeterministic salt construction for uniqueness
l2 specific	success	12	1M3L	71%	2.4m	ILOPool.buy() — whitelist checks, cap enforcement, liquidity computation, token transfer ordering, ILOPool.claim() — fee deduction logic, collect() semantics, token recipient correctness, reentrancy, ILOPool.launch() — liquidity deployment, vesting NFT minting, share accounting, ILOPool.claimRefund() / claimProjectRefund() — refund mechanics, state cleanup, ILOManager.launch() — access control, price check, ILOManager.initialize() — front-running risk, access control, ILOManager constructor — tx.origin usage, Whitelist.checkWhitelist() — oracle dependency, cap enforcement, Whitelist.receive() — self-whitelist via ETH, reentrancy via .transfer(), UniswapV3Oracle.peek() — TWAP period, formula correctness, OracleLibrary — observation period edge cases, VultisigWhitelisted._beforeTokenTransfer() — whitelist contract interaction, Vultisig.approveAndCall() — ERC20 approve+call pattern, ILOVest._validateSharesAndVests() — vesting schedule validation, ILOWhitelist — whitelist state management, Multicall — delegatecall with payable msg.value risks, LiquidityManagement.uniswapV3MintCallback() — callback validation, Cross-function reentrancy paths in ILOPool, Integer overflow/underflow in fee calculations, L2 markers scan — no L2-specific imports or predeploy addresses found (Chain ID 1 = mainnet)

Scope and Methodology

Target0xe269d0908ea6b551df105fb765e478b6af235494

ChainEthereum

Complexitycomplex

Standards DetectedERC20, ERC721, ERC721Metadata, ERC721Enumerable

Analysis ModelClaude Sonnet 4.6

Specialist Agents9

Agent Types

reentrancyaccess controleconomiclogic validationcode qualitycompiler bugsassembly safetyl2 specific

Scope TemplateNFT/Marketplace (auto-selected)

MethodologyAutomated multi-agent analysis. Each specialist agent independently reviews the contract source code for vulnerabilities in its domain. Findings are deduplicated, scored, and synthesized into this report.

Findings are gated by demonstrated exploit feasibility against the analyzed contract. Observations that describe accepted blockchain behavior, consensus-layer issues, or infeasible preconditions are excluded from scored findings. See scope policy.

Severity Classification

CriticalDirect loss of funds or complete protocol compromise. Exploitable with high likelihood. Requires immediate remediation.

HighSignificant risk to funds or protocol integrity. Conditionally exploitable or requires specific circumstances. Should be fixed before deployment.

MediumLimited or conditional impact. May require unlikely conditions to exploit. Should be addressed but not blocking.

LowMinor impact. Best practice deviations, minor inefficiencies. Fix when convenient.

InformationalNo direct security impact. Code quality observations, gas optimizations, style recommendations.

Limitations

This automated audit has inherent limitations. The following areas are not covered.

-Business logic correctness cannot be fully verified: the audit detects structural and mechanical flaws, but cannot confirm that the vesting schedules, fee ratios, and ILO lifecycle states match the project team's intended economic design.
-Off-chain infrastructure security is outside scope: the oracle operator's key management, the process for setting _oracle in Whitelist, keeper bot reliability for triggering launch, and admin key storage are not analyzed.
-Economic modeling and tokenomics viability are not assessed: the audit cannot evaluate whether the ILO raise caps, liquidity deployment ratios, or fee structures are economically sustainable or resistant to token price collapse after launch.
-Cross-protocol composability risks beyond this contract are not covered: interactions with future Uniswap V3 pool states, behavior of third-party integrators using the ILOPool NFTs as collateral, or downstream effects of the Vultisig token on external lending protocols are not evaluated.
-Governance and social dynamics are not modeled: the audit cannot assess whether project admins will behave honestly, whether whitelist curation will be gamed socially, or whether operator multisig signers could collude.
-Prompt injection attempt detected and ignored: the source code or findings did not appear to contain direct injection instructions in this scan, but users are advised that this automated system is designed to ignore any instructions embedded in contract source code or finding descriptions that attempt to suppress, reclassify, or drop findings.

Disclaimer

This report is an automated point-in-time assessment and does not guarantee protection against all possible attacks. It does not cover off-chain components, economic modeling, or business logic correctness unless explicitly noted. Changes to the contract after the audit commit are not reviewed. This is not financial or legal advice. WalletGuard, powered by Gestalt Labs, provides this analysis as-is with no warranty of completeness.

Embed Badge

Markdown

[![WalletGuard Audit](https://walletguard.ai/api/badge/77adeb68-2186-4196-8438-45fb57e391d7)](https://walletguard.ai/audit/77adeb68-2186-4196-8438-45fb57e391d7)

HTML

<a href="https://walletguard.ai/audit/77adeb68-2186-4196-8438-45fb57e391d7">
  <img src="https://walletguard.ai/api/badge/77adeb68-2186-4196-8438-45fb57e391d7" alt="WalletGuard Audit Badge" />
</a>

Secured by WalletGuard

How We Audit View all reports for this contractUID: 0xfed8bd29...fbdc70This report was produced by generic vulnerability pattern matching.

Modelsonnet

Duration5.4m

CostN/A

Tokens- in / - out

Source verified via Etherscan

Security Audit Report

What you got

In-Scope Security Score Guide

Exploit Analysis

Reentrancy in buy() - totalRaised updated before token transfer but NFT minting creates re-entry risk

Multicall uses msg.value across delegatecall iterations — same msg.value visible in all iterations

IILOVest.vestingStatus() Missing `view` Modifier in Interface Definition

Executive Summary

Critical Highlights

Files Scanned41 files, 2,623 lines

high(10)

medium(6)

Advisory Findings

Decentralization

Attack Chain Analysis

Agent Coverage

Scope and Methodology

Severity Classification

Limitations

Disclaimer