Halborn: audit report
- Commit ID: 590ebd8d5931cb6811ea55ca9e6e3f96df6969b3
- Started: July 11th, 2025
- Finished: July 14th, 2025
- Updated: September 29th, 2025
TokenVoting v1.4 has been ported to Foundry.
The HardHat codebase of version 1.3 and earlier can be found in this repo.
Halborn: audit report
- Commit ID: 02a7dbb95c42ebd2226117bf85a0fe330c788948
- Started: 2024-11-18
- Finished: 2025-02-13
Check out the artifacts folder to get the deployed addresses and the contract ABI's.
TokenVoting is an Aragon OSx Plugin, designed to conduct governance processes where the voting power of each member is determined by an IVotes compatible token.
Three voting modes:
- Early execution: Execute when there's mathematical certainty that the proposal can't be defeated
- Vote replacement: Allow to change votes until the proposal ends
- Standard mode: No vote replacement or early execution.
Two token contracts are provided for convenience:
- GovernanceERC20: Mint a new token with a predefined set of addresses to mint for
- GovernanceWrappedERC20: Wrap an existing token that does not support IVotes by itself
If you already have an IVotes compatible token, you can simply import it.
Other features:
- Excluding balances from certain accounts (non-circulating supply, e.g. vaults, the DAO's own holdings, etc)
- Mint freezing
- Granular permission management for proposal creation, proposal execution, token minting
- Minimum balance requirements for proposers
├── Makefile
├── foundry.toml
├── remappings.txt
├── npm-artifacts
│   └── src
│       ├── abi.ts
│       └── addresses.json
├── script
│   ├── DeployNewTokenVotingRepo.s.sol
│   ├── DeployTokenVoting_1_4.s.sol
│   ├── make-test-tree.ts
│   └── verify-contracts.sh
├── src
│   ├── TokenVoting.sol
│   ├── TokenVotingSetup.sol
│   ├── TokenVotingSetupZkSync.sol
│   ├── base
│   │   ├── IMajorityVoting.sol
│   │   └── MajorityVotingBase.sol
│   ├── condition
│   │   └── VotingPowerCondition.sol
│   └── erc20
│       ├── GovernanceERC20.sol
│       ├── GovernanceWrappedERC20.sol
│       ├── IERC20MintableUpgradeable.sol
│       └── IGovernanceWrappedERC20.sol
└── test
Optional:
To get started, clone this repository and initialize it:
cp .env.example .env
make initEdit .env to match your desired network and settings.
The Makefile is the target launcher of the project. It's the recommended way to operate the repository. It manages the env variables of common tasks and executes only the steps that need to be run.
$ make
Available targets:
- make help               Display the available targets
- make init               Check the dependencies and prompt to install if needed
- make clean              Clean the build artifacts
Testing lifecycle:
- make test               Run unit tests, locally
- make test-fork          Run fork tests, using RPC_URL
- make test-coverage      Generate an HTML coverage report under ./report
- make sync-tests         Scaffold or sync test definitions into solidity tests
- make check-tests        Checks if the solidity test files are out of sync
- make test-tree          Generates a markdown file with the test definitions
- make test-tree-prompt   Prints an LLM prompt to generate the test definitions for a given file
- make test-prompt        Prints an LLM prompt to implement the tests for a given contract
Metadata targets:
- make pin-metadata       Uploads and pins the release/build metadata on IPFS
Deployment targets:
- make predeploy          Simulate a protocol deployment
- make deploy             Deploy the protocol, verify the source code and write to ./artifacts
- make resume             Retry pending deployment transactions, verify the code and write to ./artifacts
Upgrade proposal:
- make upgrade-proposal   Encodes and shows the calldata to create the upgrade proposal
Verification:
- make verify-etherscan   Verify the last deployment on an Etherscan (compatible) explorer
- make verify-blockscout  Verify the last deployment on BlockScout
- make verify-sourcify    Verify the last deployment on Sourcify
- make refund             Refund the remaining balance left on the deployment account
Using make:
$ make
[...]
Testing lifecycle:
- make test               Run unit tests, locally
- make test-fork          Run fork tests, using RPC_URL
- make test-coverage      Generate an HTML coverage report under ./report
Run make test or make test-fork to check the logic's accordance to the specs. The latter will require RPC_URL to be defined.
Optionally, tests with hierarchies can be described using yaml files like MyPlugin.t.yaml, which will be transformed into solidity files by running make sync-tests, thanks to bulloak.
Create a file with .t.yaml extension within the test folder and describe a hierarchy using the following structure:
# MyPlugin.t.yaml
MyPluginTest:
  - given: The caller has no permission
    comment: The caller needs MANAGER_PERMISSION_ID
    and:
      - when: Calling setNumber()
        then:
          - it: Should revert
  - given: The caller has permission
    and:
      - when: Calling setNumber()
        then:
          - it: It should update the stored number
  - when: Calling number()
    then:
      - it: Should return the right valueNodes like when and given can be nested without limitations.
Then use make sync-tests to automatically sync the described branches into solidity test files.
$ make
Testing lifecycle:
# ...
- make sync-tests         Scaffold or sync test definitions into solidity tests
- make check-tests        Checks if the solidity test files are out of sync
- make test-tree          Generates a markdown file with the test definitions
$ make sync-testsEach yaml file generates (or syncs) a solidity test file with functions ready to be implemented. They also generate a human readable summary in TESTS.md.
Check the available make targets to simulate and deploy the smart contracts:
- make predeploy        Simulate a protocol deployment
- make deploy           Deploy the protocol and verify the source code
When running a production deployment ceremony, you can use these steps as a reference:
-  I have cloned the official repository on my computer and I have checked out the mainbranch
-  I am using the latest official docker engine, running a Debian Linux (stable) image
-  I have run docker run --rm -it -v .:/deployment debian:bookworm-slim
-  I have run apt update && apt install -y make curl git vim neovim bc
- On standard EVM networks:
-  I have run curl -L https://foundry.paradigm.xyz | bash
-  I have run source /root/.bashrc
-  I have run foundryup
 
-  I have run 
- On ZkSync networks:
-  I have run curl -L https://raw.githubusercontent.com/matter-labs/foundry-zksync/main/install-foundry-zksync | bash
-  I have run source /root/.bashrc
-  I have run foundryup-zksync
 
-  I have run 
-  I have run cd /deployment
-  I have run cp .env.example .env
-  I have run make init
 
-  I have run 
-  I am opening an editor on the /deploymentfolder, within the Docker container
-  The .envfile contains the correct parameters for the deployment-  I have created a new burner wallet with cast wallet newand copied the private key toDEPLOYMENT_PRIVATE_KEYwithin.env
-  I have set the correct RPC_URLfor the network
-  I have set the correct CHAIN_IDfor the network
-  I have set ETHERSCAN_API_KEYorBLOCKSCOUT_HOST_NAME(when relevant to the target network)
- (TO DO: Add a step to check your own variables here)
-  I have printed the contents of .envto the screen
- I am the only person of the ceremony that will operate the deployment wallet
 
-  I have created a new burner wallet with 
-  All the tests run clean (make test)
- My computer:
- Is running in a safe location and using a trusted network
-  It exposes no services or ports
- MacOS: sudo lsof -iTCP -sTCP:LISTEN -nP
- Linux: netstat -tulpn
- Windows: netstat -nao -p tcp
 
- MacOS: 
- The wifi or wired network in use does not expose any ports to a WAN
 
-  I have run make predeployand the simulation completes with no errors
-  The deployment wallet has sufficient native token for gas
- At least, 15% more than the amount estimated during the simulation
 
-  make teststill runs clean
-  I have run git statusand it reports no local changes
-  The current local git branch (main) corresponds to its counterpart onorigin-  I confirm that the rest of members of the ceremony pulled the last git commit on mainand reported the same commit hash as my output forgit log -n 1
 
-  I confirm that the rest of members of the ceremony pulled the last git commit on 
-  I have initiated the production deployment with make deploy
- The deployment process completed with no errors
- The factory contract was deployed by the deployment address
- All the project's smart contracts are correctly verified on the reference block explorer of the target network.
-  The output of the latest logs/deployment-<network>-<date>.logfile corresponds to the console output
-  A file called artifacts/deployment-<network>-<timestamp>.jsonhas been created, and the addresses match those logged to the screen
-  I have uploaded the following files to a shared location:
- logs/deployment-<network>.log(the last one)
- artifacts/deployment-<network>-<timestamp>.json(the last one)
- broadcast/DeployTokenVoting_*.s.sol/<chain-id>/run-<timestamp>.json(the last one, or- run-latest.json)
 
- The rest of members confirm that the values are correct
-  I have transferred the remaining funds of the deployment wallet to the address that originally funded it
- make refund
 
This concludes the deployment ceremony.
When running a deployment with make deploy, Foundry will attempt to verify the contracts on the corresponding block explorer.
If you need to verify on multiple explorers or the automatic verification did not work, you have three make targets available:
$ make
[...]
Verification:
- make verify-etherscan   Verify the last deployment on an Etherscan (compatible) explorer
- make verify-blockscout  Verify the last deployment on BlockScout
- make verify-sourcify    Verify the last deployment on Sourcify
These targets use the last deployment data under broadcast/DeployTokenVoting_*.s.sol/<chain-id>/run-latest.json.
- Ensure that the required variables are set within the .envfile.
This flow will attempt to verify all the contracts in one go, but yo umay still need to issue additional manual verifications, depending on the circumstances.
$ forge verify-contract <address> <path/to/file.sol>:<contract-name> --verifier-url 'https://api.routescan.io/v2/network/<testnet|mainnet>/evm/<chain-id>/etherscan' --etherscan-api-key "verifyContract" --num-of-optimizations 200 --compiler-version 0.8.28 --constructor-args <args>Where:
- <address>is the address of the contract to verify
- <path/to/file.sol>:<contract-name>is the path of the source file along with the contract name
- <testnet|mainnet>the type of network
- <chain-id>the ID of the chain
- <args>the constructor arguments- Get them with $(cast abi-encode "constructor(address param1, uint256 param2,...)" param1 param2 ...)
 
- Get them with 
If you believe you've found a security issue, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Security Contact Email: [email protected]
Please do not use the public issue tracker to report security issues.
Contributions are welcome! Please read our contributing guidelines to get started.
This project is licensed under AGPL-3.0-or-later.
For support, join our Discord server or open an issue in the repository.