GreenHood is a protocol that enables regulated security token investment through member -based systems. The user subscribes to obtain membership to give the soul’s NFT and security token rewards. After becoming a member, the user can purchase additional security tokens. The system utilizes the T-Rex infrastructure for regulatory compliance and implements a role-based access control for safe operation.
GreenHood participated in Ackee Blockchain Security and conducted a security review of Greenhouse Contracts with a total donation of three days between August 4 and August 8, 2025.
Second, the revision review was carried out for the revision of the previous revision.
methodology
We started reviewing using static analysis tools, including Wake. Then I dive about the logic of the contract. Wake Testing Framework is included for testing and purging. During the review, we paid special attention later.
- The arithmetic guarantee of the system is correct.
- Reinvision detection possible in the code;
- Access control is not too comfortable or strict. and
- We are looking for common problems such as data verification.
range
The audit was performed at Commit b12392f Contract storage and range are as follows:
src/GreenhoodMembership.sol; andsrc/GreenhoodInvestor.sol
The revised 1.1 was carried out between August 13 and August 14, 2025. 9fd11a2 We focused on the early correction of gratitude.
Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. wAnnings or menFormational Severe rating.
Our review results have emerged 5 DiscoveryIt varies from warning to seriousness. Changes between revisions 1.0 and 1.1 have been revised all five results by greatly strengthening the trust model of the protocol by implementing a granted governance mechanism and improved user protection. The results are described in detail in the entire audit report connected below.
Threshold
There was no important serious problem.
The severity is high
H1: missing whenNotPaused Modifying the subscription function
Intermediate
M1: possible of the parameters can be executed due to immediate changes in interest rates, fees and compensation
M2: unlimited subscriptionFee
Low severity
There is no problem with low severity.
Significance of warning
W1: There is no zero address and no validation inspection check
W2: Step 1 ownership transfer
Information seriousness
There was no problem of information.
Trust model
This protocol has strengthened its security model through improved control and user protection.
Management control:
- The owner role is operated through the Time Lock Agreement and ensures the transparency of all parameters.
- The subscription fee cannot exceed the fixed maximum value. and
- The parameter change requires a waiting period before fermentation.
User protection:
- The subscription function accepts the minimum compensation parameters to prevent the full execution.
- Purchase features include slipping protection through minimum token parameters. and
- All critical parameters change is displayed as a chain before running.
This improvement provides a strong protection of parameters while maintaining protocol flexibility.
conclusion
AcKee Blockchain Security is recommended:
- To improve user trust, we implement time locks or limitations for important parameters (exchange rates, subscription costs, compensation amount).
- To prevent pioneering, add to the token purchase function.
- Add zero address and 0 amount verification test to all related functions.
- Review and improve the implementation of the suspension mechanism. and
- Solve all identified problems.
The entire Greenhood Contracts audit report of AcKee Blockchain Security can be found here.
We were happy to be grateful for Greenhood and we look forward to working with them again.