Protocol: Topizzy — Onchain Airtime Purchase
Auditor: Dennis Kiptoo
Date: May 2026
Commit Hash: [a20bbdfa7ac5cb4730592fe7dc799939f1998c02]
Status: Initial Report Delivered
| Severity | Count | Status |
|---|---|---|
| Critical | 2 | Open |
| High | 3 | Open |
| Medium | 4 | Open |
| Low | 3 | Open |
- C-01: No on-chain refund accounting — double refund drains protocol
- C-02: Treasury withdrawal has no minimum balance check
- H-01: No treasury rotation mechanism — key compromise is irrecoverable
- H-02:
depositWithPermit()vulnerable to permit front-run griefing DOS - H-03: Zero per-user deposit accounting — entire protocol solvency is off-chain
forge test --match-path "test/**/Airtime*.t.sol" -vvvv- 9 unit tests (gas snapshots + PoC exploits)
- 6 fuzz tests (1000 runs each) – property‑based, random inputs
- 4 invariant tests (50,000 state transitions) – handler‑based stateful fuzzing
Invariant runs: 50,000 calls across deposits, refunds, and withdrawals — proving solvency properties hold under adversarial sequences.
audit-artifacts/– Slither output, test logs, gas snapshot, coverage reporttest/– Full Foundry test suite (unit, fuzz, invariants)report/– Final PDF + Markdown source
To reproduce the invariant test that executed 50,000 calls:
forge test --match-contract AirtimeInvariant -vvvv --invariant-runs 1000 --invariant-depth 50The handler executed 16,647 deposits, 16,643 refunds, 16,710 withdrawals across those runs.