Staking Rewards - Billions

1. Introduction

Billions engaged Halborn to conduct a security assessment of the Billions staking rewards contract. The assessment was performed on January 6th, 2026, with the reviewed commit hashes and in-scope contract details documented in the Scope section of this report.

The Billions staking implementation is based on a Synthetix-inspired reward distribution model and provides a staking framework that allows users to stake tokens and earn rewards over time. The system supports configurable reward distribution, pausing functionality, and controlled administrative operations, while introducing upgradeable architecture and time-locked staking mechanics. Upgradeability is implemented using an OpenZeppelin-compatible proxy pattern, enabling controlled logic updates while preserving on-chain state.

2. Assessment Summary

A full-time security engineer was assigned by Halborn to perform a targeted review of the smart contracts in scope. The engineer is a blockchain and smart contract security specialist with advanced penetration - testing and smart - contract auditing skills, and extensive knowledge of multiple blockchain protocols.

The purpose of the assessment was to:

• Identify potential security issues within the smart contracts.

• Confirm that smart contract functionality operates as intended.

In summary, Halborn identified several areas for improvement to minimize both the likelihood and potential impact of security risks, which were partially addressed by the Billions team. The primary issues included:

• Allowed recovery of reward tokens when staking and reward tokens are the same.

• Restricted fee-on-transfer tokens in the staking logic.