Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Extended ERC20>Design>DocumentHashRegistry
GeneralOverview
Findings
Low (2)
Informational (1)
DiscussionComprehensive test coverage and upgradability
DesignDocumentHashRegistry
Audit ResultsAssessment Results

DocumentHashRegistry

The DocumentHashRegistry contract is designed to store and manage hashes of documents. Its main function, updateDocumentHashes, can only be called by the admin and is used to add/update or remove existing document hashes.

ExtendedERC20

This implements additional functionalities on top of the ERC-20 standard. It allows the admin to blacklist and KYC addresses. The following changes are noted:

  • The transfer function has been modified to check if the sender and receiver are blacklisted/KYC'd.

  • The transferFrom function has been modified to check if the sender and receiver are blacklisted/KYC'd.

  • The mint function checks if the receiver is blacklisted/KYC'd. It can only be called by the admin.

It also introduces the following main actors within the system:

  • DEFAULT_ADMIN_ROLE — Overall contract administrator

  • PAUSER_ROLE — Can pause/unpause token transfers

  • MINTER_ROLE — Can create new tokens

  • WIPER_ROLE — Can burn tokens from any account

  • KYC_ROLE — Manages KYC approvals

  • UPGRADER_ROLE — Can upgrade the contract

With the key important state transitions being

  • Minting — Increases the total supply and recipient's balance

  • Burning/Wiping — Decreases total supply and account's balance

  • Pausing — Halts all token transfers

  • Changing KYC/Blacklist status — Affects transfer permissions

Zellic © 2025Back to top ↑