Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity, suitability of the implementation for the intended use case and accuracy of the documentation.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mimo Capital MCAG Contracts
Mimo Capital AG issues ERC-721 compliant NFTs called KUMABondTokens, which are backed by real-world bonds. Additional smart contracts handle functionalities like KYC compliance through KYCToken, role-based access control via AccessController, and price feed updates through MCAGAggregator and KIBTAggregator. The system also allows for pausing the tokens and maintains a blacklist of addresses that cannot interact with the KUMABondTokens.
—
“Mimo Capital AG is authorized to bring real-world assets, such as sovereign and corporate bonds, onto the blockchain via a process called tokenization, allowing for more transparency as each token is linked to a specific set of underlying assets held in custody.”