Automated Security Analysis Report v1
Date
April 22, 2026
Scope
TRQ Token smart contract suite (BNB Smart Chain — Mainnet)
Tools Used
Slither v0.11.4, Mythril v0.24.8
Analyzed By
Traiq Engineering Team
Contracts Analyzed
Summary
No critical, high, or medium issues were found.
Findings
Array Length Not Cached in Loop
The scheduleIds.length storage value was read on every loop iteration, incurring an unnecessary SLOAD per cycle.
Fix: Cached length into a local variable before the loop.
Status note: commit 6be3c3b
Strict Equality Comparisons
Slither flagged strict == 0 comparisons in _vestedAmount, releasableAmount, and release. These are intentional guards checking uninitialised schedule slots and zero-releasable states — not floating-point or rounding hazards.
Status note: by design
OpenZeppelin Internal Library Warnings
divide-before-multiply and incorrect-exp warnings inside Math.mulDiv. These are known Slither false positives on OpenZeppelin's intentional bit-manipulation Newton–Raphson inversion algorithm. OpenZeppelin v5 is fully audited.
Status note: OZ false positive, not applicable to project code
Naming Convention (Immutable Variable)
Slither recommends mixedCase for immutables. UPPER_CASE is the widely adopted Solidity convention for compile-time constants and immutables and was used intentionally for clarity.
Status note: by design
Notes
- All contract source code is publicly verified on BscScan.
- Source code is open on GitHub: Innovatex-Digital/traiq-token
- A professional third-party audit is planned prior to full public IDO launch.
- Mythril symbolic execution analysis could not complete locally due to a DNS resolution issue with the solc-bin.ethereum.org download endpoint during this scan run.