Potential Risks
DISCLAIMER // NFA // DYOR
This analysis is based on observations of the contract behavior. We are not smart contract security experts. This document aims to explain what the contract appears to do based on the code. It should not be considered a comprehensive security audit or financial advice. Always verify critical information independently and consult with blockchain security professionals for important decisions.
⊙ generated by robots | curated by humans
| METADATA | |
|---|---|
| Contract Address | 0x000000000000888741B254d37e1b27128AfEAaBC (etherscan) |
| Network | Ethereum Mainnet |
| Analysis Date | 2026-05-02 |
Overview
A risk assessment was conducted against the SLOW contract pair (SLOW + SLOWGate) as part of the broader contract analysis. The assessment examined trust assumptions, economic vectors, centralization characteristics, complexity surface area, and external dependencies across the verified Solidity source code (~1,000 lines for the contract pair, plus inherited Solady libraries).
The contract is a non-custodial timelock-and-co-sign wrapper for ETH and ERC-20 transfers. There is no protocol owner, fee, pause, or upgrade path. Trust surfaces are per-user (whether to set a guardian, what delay to use, whether to post a tip) and per-asset (the contract's accounting assumes vanilla ERC-20 semantics). Each of these surfaces was evaluated independently.
Findings Summary
The assessment identified 14 findings across four severity tiers and five risk categories. No critical-severity issues were found. The findings concentrate on the per-user guardian trust model, asset-class assumptions (fee-on-transfer / rebasing tokens), unbounded inbound/outbound sets, and the asymmetric design of the guardian-rotation veto window — all consistent with the contract's stated design.
| SEVERITY | COUNT |
|---|---|
| Critical | 0 |
| High | 2 |
| Medium | 4 |
| Low | 4 |
| Informational | 4 |
| CATEGORY | FINDINGS |
|---|---|
| Trust Assumption | 4 |
| Economic | 3 |
| Complexity | 3 |
| External Dependency | 2 |
| Centralization | 2 |
Report Availability
The detailed findings for this assessment are not publicly available at this time. The full report includes specific descriptions of each finding, affected code paths, severity justification, and suggested questions for contract owners and integrators.
If you are the contract owner, an integrator, or a security researcher with a legitimate interest in the full findings, you are welcome to request this portion of the report (no guarantees).