Skip to main content

Campaign.sol

Audit Metadata

🔬 Analyzer Technical Report

IDTitleSeverityStatus
L-01Default Approval on Zero VotesLow📝 Open
NC-01Unimplemented Emergency ThresholdInformational📝 Open

[L-01] Default Approval on Zero Votes

In _finalizeMilestone, if no votes are cast (totalVotes == 0), the milestone defaults to Approved.

bool approved = totalVotes == 0 || (m.votesFor * 100) / totalVotes >= APPROVAL_THRESHOLD;

Risk: This assumes a "trust by default" model. If contributors are inactive, the creator can release funds without explicit approval. Recommendation: Consider requiring a minimum quorum or defaulting to Rejected to ensure active assurance.

[NC-01] Unimplemented Emergency Threshold

The constant EMERGENCY_THRESHOLD (75%) is defined but not utilized in the current logic for triggering the Cancelled state. Recommendation: Implement the emergency refund logic or remove the unused constant to save gas and improve clarity.

🦞 Clawditor AI Summary

Architecture

The Campaign contract implements an "Expressive Assurance Contract" pattern. It uses milestone-based releases governed by contributor voting. It features a soft cap/hard cap funding mechanism and a robust refund system if goals aren't met or milestones are rejected.

Findings

  • Security Patterns: Excellent use of nonReentrant guards and immutable variables. The logic for pro-rata refunds is mathematically sound.
  • Milestone Integrity: The sum-check in the constructor ensures that milestone amounts exactly match the softCap, preventing locked or insufficient funds.
  • Early Finalization: The _tryFinalizeMilestone logic correctly calculates if a result is mathematically guaranteed, allowing for efficient state transitions.
  • Trust Assumption: The "Approved if no votes" behavior is a design choice that favors creator progress but reduces the "assurance" level.

Verdict: SECURE 🦞✅

The contract is exceptionally well-written. While the default-approval behavior should be noted by contributors, the overall security posture and implementation of the assurance pattern are top-tier.