valory-xyz · mariapiamo · Mar 13, 2025 · Mar 4, 2025 · Mar 4, 2025 · Mar 5, 2025
diff --git a/audit/README.md b/audit/README.md
@@ -8,6 +8,7 @@ An internal audit with a focus on updated marketplace contracts is located in th
 An internal audit with a focus on re-design marketplace contracts is located in this folder: [internal audit 3](https://github.com/valory-xyz/ai-registry-mech/blob/main/audits/internal3). <br>
 An internal audit with a focus on latest re-design marketplace contracts is located in this folder: [internal audit 4](https://github.com/valory-xyz/ai-registry-mech/blob/main/audits/internal4). <br>
 An internal audit with a focus on latest re-design ref:nmv marketplace contracts is located in this folder: [internal audit 5](https://github.com/valory-xyz/ai-registry-mech/blob/main/audits/internal5). <br>
+An internal audit with a focus on token-usdc ref:nmv marketplace contracts is located in this folder: [internal audit 6](https://github.com/valory-xyz/ai-registry-mech/blob/main/audits/internal6). <br>
 
 
 ### External audits

diff --git a/audit/internal6/README.md b/audit/internal6/README.md
@@ -0,0 +1,47 @@
+# Internal audit of ai-registry-mech
+The review has been performed based on the contract code in the following repository:<br>
+`https://github.com/valory-xyz/ai-registry-mech` <br>
+commit: c72195a6be5bbefcfa40af87f2e1c1bfed2fa9e7 (tag: v0.4.1-pre-internal-audit) <br> 
+
+## Objectives
+The audit focused on NVM-usdc marketplace contracts in this repo. <br>
+Limits: The subject of the audit is not contracts used as library contracts. Thus, this audit is not a full-fledged audit of contracts underlying the contract ERC721Mech. <br>
+
+
+## Coverage
+```
+------------------------------------------|----------|----------|----------|----------|----------------|
+File                                      |  % Stmts | % Branch |  % Funcs |  % Lines |Uncovered Lines |
+------------------------------------------|----------|----------|----------|----------|----------------|
+  contracts/mechs/nevermined_token/        |    94.12 |     87.5 |    57.14 |    85.71 |                |
+  BalanceTrackerNvmSubscriptionToken.sol  |    94.12 |     87.5 |    57.14 |    85.71 |... 122,160,166 |
+ contracts/mechs/nevermined_token/usdc/   |      100 |      100 |      100 |      100 |                |
+  MechFactoryNvmSubscriptionTokenUSDC.sol |      100 |      100 |      100 |      100 |                |
+  MechNvmSubscriptionTokenUSDC.sol        |      100 |      100 |      100 |      100 |                |
+
+```
+insufficient testing coverage
+[]
+
+### Security issues. 
+#### Notes
+```
+Does different decimals in ERC20 affect it somehow? I don't think so, and everything is calculated and compared in raw values. For discussion.
+        // Convert mech credits balance into tokens
+        balance = (balance * tokenCreditRatio) / 1e18;
+        mapMechBalances[mech] = balance;
+
+        // Check current contract balance
+        uint256 trackerBalance = IERC20(token).balanceOf(address(this));
+        if (balance > trackerBalance) {
+            revert Overflow(balance, trackerBalance);
+        }
+```
+[x] Discussed, not an issue
+
+
+
+
+
+
+
diff --git a/scripts/deployment/e_check_00_agent_mech.js b/scripts/deployment/e_check_00_agent_mech.js
diff --git a/scripts/deployment/e_verify_olas_mech.js b/scripts/deployment/e_verify_olas_mech.js
@@ -0,0 +1,33 @@
+/*global process, hre*/
+
+async function main() {
+    const fs = require("fs");
+    const globalsFile = "globals.json";
+    const dataFromJSON = fs.readFileSync(globalsFile, "utf8");
+    let parsedData = JSON.parse(dataFromJSON);
+
+    const provider = new ethers.providers.JsonRpcProvider(parsedData.networkURL);
+    const signers = await ethers.getSigners();
+
+    const deployer = signers[0];
+    console.log("Deployer is:", deployer.address);
+
+    const mechAddress = "";
+    const mech = await ethers.getContractAt("MechFixedPriceNative", mechAddress);
+    const mechMarketplaceAddress = await mech.mechMarketplace();
+    const serviceRegistryAddress = await mech.serviceRegistry();
+    const serviceId = await mech.tokenId();
+    const maxDeliveryRate = await mech.maxDeliveryRate();
+    await hre.run("verify:verify", {
+        address: mechAddress,
+        constructorArguments: [mechMarketplaceAddress, serviceRegistryAddress, serviceId, maxDeliveryRate],
+    });
+}
+
+main()
+    .then(() => process.exit(0))
+    .catch((error) => {
+        console.error(error);
+        process.exit(1);
+    });
+