PASSED

Spinance

Self-Sovereign Token Protocol

Spin Team 2026-06-01 Ethereum Mainnet spinance.xyz

Executive Summary

Comprehensive audit of 13 contracts (~1,450 lines Solidity) on Ethereum Mainnet. Uniswap V4 hook-based. Found 2 High, 6 Medium. All high resolved.

Contract	File	Lines	Category
Token	`src/Token.sol`	56	ERC-20
Hook	`src/Hook.sol`	29	V4 Hook Entry
HookBase	`src/hook/HookBase.sol`	173	Shared State
HookSwap	`src/hook/HookSwap.sol`	267	Bonding Curve + Tax
HookRelease	`src/hook/HookRelease.sol`	62	Phase + Release
HookStaking	`src/hook/HookStaking.sol`	161	NFT Staking
SpinCurve	`src/lib/SpinCurve.sol`	82	Curve Math
SpinRouter	`src/SpinRouter.sol`	146	Custom V4 Router
SpinNFT	`src/SpinNFT.sol`	14	NFT Entry
NFTBase	`src/nft/NFTBase.sol`	146	ERC-721 Base
NFTMinting	`src/nft/NFTMinting.sol`	215	Mint + Singularity
NFTMetadata	`src/nft/NFTMetadata.sol`	147	On-Chain SVG
RoyaltyAutoBuy	`src/RoyaltyAutoBuy.sol`	63	Royalty Deflation

Architecture & Threat Modeling — map Token→Hook→HookSwap/HookRelease/HookStaking→SpinRouter→NFT→RoyaltyAutoBuy

Access Control Review — onlyHook, onlyDeployer, onlyPoolManager gates, cross-contract trust model

Vulnerability Scanning — reentrancy, hook permissions (14 flags), arithmetic, business logic

Economic Attack Simulation — curve manipulation, tax evasion, Singularity RNG gaming, reward extraction

Edge Case & Invariant Testing — zero-supply, boundary values, bonding curve inverse verification

Gas & Operational Review — on-chain SVG cost, loop bounds, event coverage, storage packing

ID	Severity	Contract	Title	Status
`H-01`	HIGH	NFTMinting	paidMint ETH transfer before state update violates CEI	Resolved
`H-02`	HIGH	HookSwap	Unbounded buy in Phase 2 enables curve manipulation	Resolved
`M-01`	MEDIUM	NFTMinting	mintWithETH raw call return could trap ETH	Resolved
`M-02`	MEDIUM	Token	setHook front-runnable if not deployed atomically	Resolved
`M-03`	MEDIUM	HookStaking	emergencyUnstake forfeits pending rewards without event	Resolved
`M-04`	MEDIUM	RoyaltyAutoBuy	buyAndLock uses minOut=0 — no slippage protection	Resolved

HIGH H-01 NFTMinting

paidMint() sends ETH via .call{}("") BEFORE updating paidMintCount and hasMinted. Violates Checks-Effects-Interactions principle.

Resolution: Reordered to update state before external ETH transfer.

HIGH H-02 HookSwap

Phase 2 _executeBuy() has no maximum buy limit. A whale could buy massive SPIN in one tx, causing extreme price impact.

Resolution: Added configurable max buy in Phase 2 (default: 100 ETH).

#	Invariant	Holds	Notes
1	`TOKEN.totalSupply() ≤ MAX_SUPPLY (3^21)`	Yes	Enforced in Token.mint()
2	`circulatingSupply() = totalSupply - lockPoolBalance`	Yes	Lock pool excluded from circulation
3	`totalMinted(0) = 0, monotonic increasing`	Yes	SpinCurve property verified
4	`burnFor(X, m) = valid inverse of totalMinted`	Yes	Round-trip property verified
5	`phaseTwoActivated transitions false→true exactly once`	Yes	Immutable transition

Zero Admin / Zero Upgrade — no Ownable, no proxy, no governance. Protocol is fully autonomous.

ReentrancyGuardTransient (EIP-1153) — cheaper than SSTORE, auto-cleared at tx end.

CEI pattern on every ETH/SPIN transfer path.

Bonding curve natural deterrence — exponential curve makes manipulation expensive.

Lock pool alignment — tax from buys AND sells distributed to stakers.

Phase transition automated — no manual trigger, no governance vote.

Deflationary royalty flywheel — royalty ETH → auto-buy SPIN → burn.

Singularity forging costly — 13k SPIN + 2 Vortex NFTs burned per attempt.

Immutable economic parameters — no one can change protocol economics.

On-chain SVG metadata — fully self-contained NFT, no external dependencies.