Friendly Casper Token Minter - Casper Association

1. Introduction

Casper Association engaged Halborn to conduct a security assessment of the DAO contracts, beginning on July 4th, 2025 and ending on August 8th, 2025. This security assessment was scoped to the smart contracts in the csprfun-core contracts GitHub repository.

The engagement involved a detailed, line-by-line security review of all smart contracts within the Friendly Casper Token Minter ecosystem. This included analysis of the contract code, entry point implementations, bonding curve mechanics, DEX integration, and related administrative controls.

2. Assessment Summary

Halborn's team of blockchain security specialists conducted a rigorous smart contract audit on the Friendly Casper Token Minter ecosystem. The review involved a cross-functional team of experts working over a 4 week period to uncover deeply embedded logic flaws, economic design risks, and practical implementation bugs. The primary goal was to stress-test the security posture for token issuance and trading.

The overall architecture demonstrates robust on-chain controls and correct use of Casper primitives. Most critical business logic passed all functional test cases, supporting safe minting, trading, and graduation to DEX liquidity.

However, the audit identified important areas for improvement, which have been partially addressed:

• Insufficient input validation. Some functions accept parameters (like tax or fee rates) that can break economic incentives or degrade product safety.

• Unexposed getter/setter functions and excessive token approvals—potentially reducing transparency and exposing contracts to privilege escalation or attack in edge cases.

• Lack of event emissions, inconsistent error handling, and documentation gaps—reducing upgrade transparency and maintainability.

• Numerous minor code hygiene issues: debug code, commented/dead code, naming mismatches.

  
  

3. Test Approach and Methodology

Halborn employs a combined approach of manual code review and automated security testing to ensure a balanced assessment of efficiency, thoroughness, and practicality within the scope of the smart contract review. Manual testing is essential for uncovering logical flaws, process weaknesses, and implementation issues, while automated techniques expand coverage and rapidly identify security best practice violations. The following phases and tools were utilized throughout the assessment:

• Research into the architecture, purpose, and usage of the platform.

• Manual code review and walkthrough.

• Manual assessment of critical Rust variables and functions to evaluate their use and safety, focusing on identifying potential arithmeticrelated vulnerabilities.

• Verification of cross-contract call controls.

• Review of architecture-related logical controls.

• Scanning Rust files for vulnerabilities using cargo audit)

• Analysis and review of unit tests and integration tests.

• Deployment to testnet via casper-client.