# Trust Wallet (TWT)

![](https://callisto.network/wp-content/uploads/2021/12/Are-Your-Funds-Safe-Template.jpg)

*Trust Wallet Token smart contract security audit, conducted by the Callisto Network Security Department during December 2021.*

## **Trust Wallet Token** Security Audit Report

### *Are Your Funds Safe?*

#### Summary

[Trust Wallet Token (TWT)](https://bscscan.com/address/0x4b0f1812e5df2a09796481ff14017e6005508003#code) smart contract security audit report performed by [Callisto Security Audit Department](https://github.com/EthereumCommonwealth/Auditing).

#### Platform

Binance Smart Chain.

### **1. In scope**

<https://bscscan.com/address/0x4b0f1812e5df2a09796481ff14017e6005508003#code>

### 2. Findings

In total, **1 issues** were reported including:

* 0 high severity issues.
* 0 medium severity issue.
* 1 low severity issue.

In total, **0 notes** were reported, including:

* 0 notes.
* 0 owner privileges.

No critical security issues were found.

### 2.1 Known vulnerabilities of ERC-20 token

Severity: low.<br>

**Description:**

Lack of transaction handling mechanism issue. [WARNING!](https://gist.github.com/Dexaran/ddb3e89fe64bf2e06ed15fbd5679bd20) This is a very common issue, and it already caused millions of dollars in losses for lots of token users! More details [here](https://docs.google.com/document/d/1Feh5sP6oQL1-1NHi-X1dbgT3ch2WdhbXRevDN681Jv4/edit).

**Recommendation:**

Add the following code to the `transfer(_to address, ...)` function:

```
require( _to != address(this) );
```

### 3. Security practices

☑️ **Open-source contact.**

**🔘️ The contract should pass a bug bounty after the completion of the security audit.**

☑️ **Public testing.**

**🔘️ Multisig owner account.**

🔘 **Standard ERC20-related issues.** – NOT IMPLEMENTED. It is known that every contract can potentially receive an unintended ERC20-token deposit without the ability to reject it even if the contract is not intended to receive or hold tokens. As a result, it is recommended to implement a function that will allow extracting any arbitrary number of tokens from the contract.

### 4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

It is recommended to adhere to the security practices described in pt. 4 of this report to ensure the contract’s operability and prevent any issues that are not directly related to the code of this smart contract.

📋 Read this report on the [Callisto Network Blog](https://callisto.network/trust-wallet-token-security-audit-report/).

####