[Audit Report] Luxon - Airdrop & Gacha

Reported at
3 more properties
Report realeased on Sep 19, 2022

About Luxon Protocol

The contracts in scope of audit are implementation of Airdrop and Gacha systems. The project team set the user’s address and token ID, amount before the airdrop(AirdropUser.sol). Based on the information set by the project team, the Gacha Ticket is distributed to the user(AirdropGachaTicket.sol). The Gacha Ticket is an ERC1155 token implementation(GachaTicket.sol) and the user can use this ticket to make use of the Gacha system.
By burning the Gacha ticket, the user can mint a character that has a random ID value. The tier information(GachaData.sol) set by the project team makes the character’s tier in proportion to tier information(GachaMachineByGachaTicket.sol). The character NFT(ERC721) based on the character ID(LCT.sol) is minted to the user.
The project team has the privilege to pause the Gacha process. If the state of the contract is in Inspection, users can not use the Gacha feature(LuxOnService.sol).

Purpose of this report

This report was prepared to audit the security of the Airdrop and Gacha system-related contracts developed by the Luxon team. HAECHI AUDIT conducted the audit focusing on whether the system created by the Luxon team is soundly implemented and designed as specified in the published materials, in addition to the safety and security of the Airdrop and Gacha implementation.
In detail, we have focused on the following
Unintended behavior on the process of Airdrop.
Possibility of exploiting and abusing predictability of the Gacha system.
Project availability issues like Denial of Service.
Storage variable access control.
Adequate implementation of ERC721 and ERC1155 spec.
Existence of known smart contract vulnerabilities.
*The audited code can be non-disclosure as the client requests.
KALOS is a flagship service of HAECHI LABS, the leader of the global blockchain industry. We bring together the best Web2 and Web3 experts. Security Researchers with expertise in cryptography, leaders of the global best hacker team, and blockchain/smart contract experts are responsible for securing your Web3 service.
We have secured over $60b worth of crypto assets across 400+ global crypto projects — L1/L2 projects, defi protocols, P2E games, and bridges — notably 1inch, SushiSwap, Badger DAO, SuperRare, Klaytn and Chainsafe. KALOS is the only blockchain technology company selected for the Samsung Electronics Startup Incubation Program in recognition of our expertise. We have also received technology grants from the Ethereum Foundation and Ethereum Community Fund.
Secure your smart contracts with KALOS.
Official website: