← Back to Audits

Shinkai Protocol - Shinkai

Prepared by:

Halborn Logo

HALBORN

Last Updated 07/15/2025

Date of Engagement: August 14th, 2024 - August 23rd, 2024

Summary

100% of all REPORTED Findings have been addressed

All findings

8

Critical

0

High

0

Medium

0

Low

1

Informational

7

Table of Contents

1. Introduction

The Shinkai team engaged Halborn to conduct a security assessment on their smart contracts beginning on 2024-08-14 and ending on 2024-08-23. The security assessment was scoped to the smart contracts provided in the GitHub repositories:

Commit hashes and further details can be found in the Scope section of this report.

2. Assessment Summary

Halborn was provided one week and two days for the engagement and assigned one full-time security engineer to check the security of the smart contract. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

    •  Ensure that smart contract functions operate as intended.

    • Identify potential security issues with the smart contracts.

In summary, Halborn identified several security concerns that were acknowledged by the Shinkai team.

3. Test Approach and Methodology

Halborn performed a combination of manual review of the code and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of the smart contract assessment. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of smart contracts and can quickly identify items that do not follow security best practices. The following phases and associated tools were used throughout the term of the assessment:

    • Research into the architecture, purpose, and use of the platform.

    • Smart contract manual code review and walkthrough to identify any logic issue.

    • Thorough assessment of safety and usage of critical Solidity variables and functions in scope that could led to arithmetic related vulnerabilities.

    • Manual testing by custom scripts.

    • Graphing out functionality and contract logic/connectivity/functions (solgraph).

    • Static Analysis of security for scoped contract, and imported functions. (Slither).

    • Local or public testnet deployment (Foundry, Remix IDE).


4. RISK METHODOLOGY

Every vulnerability and issue observed by Halborn is ranked based on two sets of Metrics and a Severity Coefficient. This system is inspired by the industry standard Common Vulnerability Scoring System.
The two Metric sets are: Exploitability and Impact. Exploitability captures the ease and technical means by which vulnerabilities can be exploited and Impact describes the consequences of a successful exploit.
The Severity Coefficients is designed to further refine the accuracy of the ranking with two factors: Reversibility and Scope. These capture the impact of the vulnerability on the environment as well as the number of users and smart contracts affected.
The final score is a value between 0-10 rounded up to 1 decimal place and 10 corresponding to the highest security risk. This provides an objective and accurate rating of the severity of security vulnerabilities in smart contracts.
The system is designed to assist in identifying and prioritizing vulnerabilities based on their level of risk to address the most critical issues in a timely manner.

4.1 EXPLOITABILITY

Attack Origin (AO):
Captures whether the attack requires compromising a specific account.
Attack Cost (AC):
Captures the cost of exploiting the vulnerability incurred by the attacker relative to sending a single transaction on the relevant blockchain. Includes but is not limited to financial and computational cost.
Attack Complexity (AX):
Describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Includes but is not limited to macro situation, available third-party liquidity and regulatory challenges.
Metrics:
EXPLOITABILITY METRIC (mem_e)METRIC VALUENUMERICAL VALUE
Attack Origin (AO)Arbitrary (AO:A)
Specific (AO:S)		1
0.2
Attack Cost (AC)Low (AC:L)
Medium (AC:M)
High (AC:H)		1
0.67
0.33
Attack Complexity (AX)Low (AX:L)
Medium (AX:M)
High (AX:H)		1
0.67
0.33
Exploitability EE is calculated using the following formula:

E=meE = \prod m_e

4.2 IMPACT

Confidentiality (C):
Measures the impact to the confidentiality of the information resources managed by the contract due to a successfully exploited vulnerability. Confidentiality refers to limiting access to authorized users only.
Integrity (I):
Measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of data stored and/or processed on-chain. Integrity impact directly affecting Deposit or Yield records is excluded.
Availability (A):
Measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. This metric refers to smart contract features and functionality, not state. Availability impact directly affecting Deposit or Yield is excluded.
Deposit (D):
Measures the impact to the deposits made to the contract by either users or owners.
Yield (Y):
Measures the impact to the yield generated by the contract for either users or owners.
Metrics:
IMPACT METRIC (mIm_I)METRIC VALUENUMERICAL VALUE
Confidentiality (C)None (I:N)
Low (I:L)
Medium (I:M)
High (I:H)
Critical (I:C)		0
0.25
0.5
0.75
1
Integrity (I)None (I:N)
Low (I:L)
Medium (I:M)
High (I:H)
Critical (I:C)		0
0.25
0.5
0.75
1
Availability (A)None (A:N)
Low (A:L)
Medium (A:M)
High (A:H)
Critical (A:C)		0
0.25
0.5
0.75
1
Deposit (D)None (D:N)
Low (D:L)
Medium (D:M)
High (D:H)
Critical (D:C)		0
0.25
0.5
0.75
1
Yield (Y)None (Y:N)
Low (Y:L)
Medium (Y:M)
High (Y:H)
Critical (Y:C)		0
0.25
0.5
0.75
1
Impact II is calculated using the following formula:

I=max(mI)+mImax(mI)4I = max(m_I) + \frac{\sum{m_I} - max(m_I)}{4}

4.3 SEVERITY COEFFICIENT

Reversibility (R):
Describes the share of the exploited vulnerability effects that can be reversed. For upgradeable contracts, assume the contract private key is available.
Scope (S):
Captures whether a vulnerability in one vulnerable contract impacts resources in other contracts.
Metrics:
SEVERITY COEFFICIENT (CC)COEFFICIENT VALUENUMERICAL VALUE
Reversibility (rr)None (R:N)
Partial (R:P)
Full (R:F)		1
0.5
0.25
Scope (ss)Changed (S:C)
Unchanged (S:U)		1.25
1
Severity Coefficient CC is obtained by the following product:

C=rsC = rs

The Vulnerability Severity Score SS is obtained by:

S=min(10,EIC10)S = min(10, EIC * 10)

The score is rounded up to 1 decimal places.
SeverityScore Value Range
Critical9 - 10
High7 - 8.9
Medium4.5 - 6.9
Low2 - 4.4
Informational0 - 1.9

5. SCOPE

Files and Repository
(a) Repository: shinkai-contracts
(b) Assessed Commit ID: 52a83ce
(c) Items in scope:
  • src/RegistryControlled.sol
  • src/ShinkaiNft.sol
  • src/ShinkaiToken.sol
↓ Expand ↓
Out-of-Scope: Third party dependencies and economic attacks.
Out-of-Scope: New features/implementations after the remediation commit IDs.

6. Assessment Summary & Findings Overview

Critical

0

High

0

Medium

0

Low

1

Informational

7

Security analysisRisk levelRemediation Date
Hardcoded Limiter Based on Current Number Of Blocks Per YearLowRisk Accepted - 07/14/2025
Missing Visibility Modifier For The Available NamespacesInformationalAcknowledged - 07/14/2025
Lack Of Storage Gap In Upgradeable ContractInformationalAcknowledged - 07/14/2025
Use Of OwnableUpgradeable Library With Single-Step Ownership TransferInformationalAcknowledged - 07/14/2025
Consider Using Named MappingsInformationalAcknowledged - 07/14/2025
Use Of Unlicensed Smart ContractsInformationalAcknowledged - 07/14/2025
Redundant Reward AccrualInformationalAcknowledged - 07/14/2025
Unlocked Pragma CompilersInformationalAcknowledged - 07/14/2025

7. Findings & Tech Details

7.1 Hardcoded Limiter Based on Current Number Of Blocks Per Year

//

Low

Description

The baseRewardsRateMaxMantissa is set in the ShinkaiRegistry contract as a constant, calculated based on a fixed assumption about the number of blocks per year. Due to its immutability, this value is hardcoded into the contract's bytecode and cannot be altered without implementation upgrade. However, as the block time can change over time due to network adjustments or protocol upgrades, relying on this hardcoded constant can lead to inaccuracies.

    uint256 public constant baseRewardsRateMaxMantissa = 190258751902; // 50% inflation yearly (0.5e18 / blocksInYear)

BVSS
Recommendation

Consider implementing a function allowing to dynamically adjust the baseRewardsRateMaxMantissa variable.

Remediation Comment

RISK ACCEPTED: The Shinkai team accepted the risk of this finding.

References
["https://github.com/dcSpark/shinkai-contracts/blob/52a83ce548eac47022b61f7aed23bfaa3e640c7d/src/ShinkaiRegistry.sol#L15"]

7.2 Missing Visibility Modifier For The Available Namespaces

//

Informational

Description

The namespace mapping in the ShinkaiRegistry contract holds a string that is concatenated to the user's identity when they claim a new identity. However, the mapping lacks a visibility modifier, which defaults its visibility to internal. This oversight makes it difficult for users to check the available namespaces before selecting where to concatenate their identity. As a result, users might unintentionally select the wrong namespace, leading to potential identity mismanagement.

    mapping(uint256 => string) namespaces;

BVSS
Recommendation

Consider adding a public visibility to the namespace mapping. 

Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

References
["https://github.com/dcSpark/shinkai-contracts/blob/52a83ce548eac47022b61f7aed23bfaa3e640c7d/src/ShinkaiRegistry.sol#L33"]

7.3 Lack Of Storage Gap In Upgradeable Contract

//

Informational

Description

The ShinkaiRegistry contracts is designed to be used with a UUPS proxy pattern. However, it lacks storage gaps. Storage gaps are essential for ensuring that new state variables can be added in future upgrades without affecting the storage layout of inheriting child contracts. Without it, any addition of new state variables in future contract versions can lead to storage collisions.

BVSS
Recommendation

Consider adding a storage gap as the last storage variable. Place the uint256[50] private __gap; variable at the end of storage layout of ShinkaiRegistry contract.

Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

7.4 Use Of OwnableUpgradeable Library With Single-Step Ownership Transfer

//

Informational

Description

The ownership of the contracts can be lost as the ShinkaiRegistry and ShinkaiControlled contracts inherited from the OwnableUpgradeable/Ownable contract and their ownership can be transferred in a single-step process. The address the ownership is changed to should be verified to be active or willing to act as the owner.

BVSS
Recommendation

It is recommended to implement a two-step process where the owner nominates an account and the nominated account needs to call an acceptOwnership function for the transfer of the ownership to fully succeed. This ensures the nominated EOA account is a valid and active account. This can be achieved by using OpenZeppelin’s Ownable2StepUpgradeable contract instead of the OwnableUpgradeable.

Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

7.5 Consider Using Named Mappings

//

Informational

Description

The project is using Solidity version greater than 0.8.18, which supports named mappings. Using named mappings can improve the readability and maintainability of the code by making the purpose of each mapping clearer. This practice will enhance code readability and make the purpose of each mapping more explicit.

BVSS
Recommendation

Consider refactoring the mappings to use named arguments.

For example, on instead of declaring:
mapping(uint256 => string) public tokenIdToIdentity;
The mapping could be declared as:
mapping(uint256 tokenId => string identity) public tokenIdToIdentity;

Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

7.6 Use Of Unlicensed Smart Contracts

//

Informational

Description

All the Shinkai smart contracts are marked as unlicensed, as indicated by the SPDX license identifier at the top of the files:

// SPDX-License-Identifier: UNLICENSED

Using unlicensed contract can lead to legal uncertainties and potential conflicts regarding the usage, modification and distribution rights of the code. This may deter other developers from using or contributing to the project and could potentially lead to legal issues in the future.

BVSS
Recommendation

It is recommended to choose and apply an appropriate open-source license to the smart contracts. Some popular options for blockchain and smart contract projects include:

  1. MIT License: A permissive license that allows for reuse with minimal restrictions.

  2. GNU General Public License (GPL): A copyleft license that ensures derivative works are also open-source.

  3. Apache License 2.0: A permissive license that provides an express grant of patent rights from contributors to users.


Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

7.7 Redundant Reward Accrual

//

Informational

Description

The unclaimIdentity function implemented in ShinkaiRegistry calls claimStakingRewards method before proceeding with the unclaim process to ensure the user's staking rewards are accrued. After accruing, it burn the related NFT. 

    function unclaimIdentity(string calldata identity) public onlyOwnerIdentity(identity) {
        claimStakingRewards(identity);

        shinkaiNft.burn(identityData[identity].boundNft);
        emit IdentityUnclaim(identity, identityData[identity].boundNft);

        delete tokenIdToIdentity[identityData[identity].boundNft];
        delete identityData[identity].boundNft;
        _resetIdentityData(identity);

        shinToken.transfer(msg.sender, identityData[identity].stakedTokens);
        identityData[identity].stakedTokens = 0;
        emit StakeUpdate(identity, 0);
        identityData[identity].lastUpdated = block.timestamp;
    }

The burn function in ShinkaiNft triggers the _beforeTokenTransfer method, which then calls back to the registry contract, executing the claimRewards function.

    function _beforeTokenTransfers(address from, address, /*to*/ uint256 startTokenId, uint256 /*quantity*/ )
        internal
        override
    {
        if (from == address(0)) return;
        string memory identity = registry.tokenIdToIdentity(startTokenId);
        registry.claimRewards(identity);
    }

The claimRewards function accumulates both staking and delegation rewards.

    function claimRewards(string memory identity) public returns (uint256 tokensAccrued) {
        tokensAccrued += claimStakingRewards(identity);
        tokensAccrued += claimDelegationRewards(identity);
    }

Since the claimRewards function already includes a call to claimStakingRewards, the initial call to claimStakingRewards in the unclaimIdentity function is redundant and can be removed to optimize gas costs.

BVSS
Recommendation

Consider removing the redundant invocation.

Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

References
["https://github.com/dcSpark/shinkai-contracts/blob/52a83ce548eac47022b61f7aed23bfaa3e640c7d/src/ShinkaiRegistry.sol#L427"]

7.8 Unlocked Pragma Compilers

//

Informational

Description

The files in scope currently use floating pragma version ^0.8.20, which means that the code can be compiled by any compiler version that is greater than or equal to 0.8.0, and less than 0.9.0. It is recommended that contracts should be deployed with the same compiler version and flags used during development and testing. Locking the pragma helps to ensure that contracts do not accidentally get deployed using another pragma. For example, an outdated pragma version might introduce bugs that affect the contract system negatively.

Additionally, using a newer compiler version that introduces default optimizations, including unchecked overflow for gas efficiency, presents an opportunity for further optimization.

BVSS
Recommendation

Lock the pragma version to the same version used during development and testing.

Remediation Comment

ACKNOWLEDGED: The Shinkai team acknowledged this finding.

8. Automated Testing

Static Analysis Report

Description

Halborn used automated testing techniques to enhance the coverage of certain areas of the scoped contracts. Among the tools used was Slither, a Solidity static analysis framework. After Halborn verified all the contracts in the repository and was able to compile them correctly into their abi and binary formats, Slither was run on the all-scoped contracts. This tool can statically verify mathematical relationships between Solidity variables to detect invalid or inconsistent usage of the contracts' APIs across the entire code-base.

Slither results 

ShinkaiToken ERC20 analysis

ShinkaiToken

ShinkaiNft ERC721 analysis

ShinkaiNft

ShinkaiNFT.sol

ShinkaiNFT.sol

ShinkaiRegistry.sol

ShinkaiRegistry.sol#1ShinkaiRegistry.sol#2
ShinkaiRegistry.sol#3

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

// Download the full report

Shinkai Protocol

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

© Halborn 2025. All rights reserved.