ChainSecurity performed a smart contract audit of the HOPR token smart contracts.
The HOPR token implementation extends the ERC777 with a snapshot ability. Because of the data types employed, a maximum of 3.4*10^20 tokens (with 18 decimals) can exist. An additional distribution contract manages different vesting schemes. The token must be minted via a minter role, since the distribution contract calls the mint function to distribute the token. Additionally, a default admin role exists to grant permissions to the minter role. The token distribution is flexible and one account can be part of different distribution schemes.
No critical severity findings were reported. There were two high severity findings, one medium severity finding and six low severity findings. All have now been fixed in the code, with the exception of one low severity finding related to theoretical snapshotting gas costs, where the risk has been temporarily accepted.
See the report for more information on our findings.