# Sooho's Audit Report on Bitbyte ![](https://1598402773-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYHkicuHxni9JKmPRU5Dl%2Fuploads%2FEKCvnGoN1wt7BMYr1Tre%2Fimage.png?alt=media\&token=7b778606-0192-4257-96ef-5986f931fe2d) ## **Security audit report of** Bitbyte 1\. summary 2\. Audit method 3\. Background of the project 3.1 Project Introduction 3.2 Project structure 3.3 Project structure 4\. Code overview 4.1 Visibility analysis of main contract functions 4.2 Code audit details 4.2.1 Medium-Dangerous Vulnerability 4.2.2 Low-risk vulnerabilities 5\. Audit results 5.1 Summarize 6\. statement
## 1. **Summary** On June 11, 2021, the Sooho security team received the application of Bitbyte team for safety audit of Bitbyte system. According to the characteristics of the project, the Sooho security team made the following audit plan. Sooho security team will adopt the strategy of "white box first, supplemented by black and gray", and conduct security audit on the project in the way closest to real attack. Test method of Sooho technology DeFi project: | Black box test | Security test from the attacker's point of view. | | ---------------- | ----------------------------------------------------------------------------------------------------------------------- | | grey box testing | Test the security of the code module through script tools, observe the internal running state, and mine the weaknesses. | | White box test | Based on the source code of the project, vulnerability analysis and vulnerability mining are carried out. | Sooho technology DeFi vulnerability risk level: | Serious loophole | Serious vulnerabilities will have a significant impact on the safety of the project, and it is strongly recommended to fix them. | | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | High risk vulnerability | High-risk vulnerabilities will affect the normal operation of the project, so it is strongly recommended to fix them. | | Medium-risk vulnerability | Medium-risk vulnerabilities will affect the operation of the project, so it is recommended to fix them. | | Low-risk vulnerability |

Low-risk vulnerabilities may affect the business operation of the project in specific scenarios. It is recommended that the project party evaluate and consider these questions by itself

Whether the question needs to be repaired.

| | Weaknesses | There are potential safety hazards in theory, but they are extremely difficult to reappear in engineering. | | Enhancement suggestions | There are better practices in coding or architecture. | one
## 2. **Audit method** The Sooho security team's intelligent contract security audit process consists of two steps: u Use open source or internal automated analysis tools to scan and test common security vulnerabilities in contract code. u Manually audit the security of the code, and find out the potential security problems in the code by manually analyzing the contract code. The following is a list of vulnerabilities that we will focus on during the contract code audit: (Other unknown security vulnerabilities are not included in the scope of this audit) u Reentry attack u Replay attack u Rearrangement attack u Short url attack u Denial of service attack u Transaction order dependence u Conditional competition attack u Permission control attack u Integer overflow/underflow attack u Timestamp dependent attack u Gas use, Gas restriction and circulation u Redundant callback function u Unsafe interface usage u Explicit Visibility of Function State Variables u logic flaw u Undeclared storage pointer u Arithmetic precision error u Tx.origin authentication u False recharge vulnerability u Variable coverage 2
## 3. **Project background** ### 3.1 **Project introduction** **Bitbyte is the first decentralized exchange in the world to complete the invitation completely through the contract and return the commission for mining. It is a decentralized trading product based on the concept of fund pool. As a fully functional Bitbyte, it also proposes and implements a double-chain Bitbyte model based on the fire coin ecological chain and Ethereum public chain. It combines the advantages of low transaction cost of fire coin ecological chain and prosperity of Ethereum ecological circle, and supports the "double mining mechanism" of liquidity mining and transaction mining. Bitbyte is committed to building a DeFi platform integrating Bitbyte, IMO and DAO on Heco, which provides users with decentralized token exchange services that are safer and more reliable, with more diversified asset selection and configuration and higher expected return on investment. Bitbyte is the core hub of value exchange in Heco ecology and an important attempt to open up CeFi and DeFi markets.** ### 3.2 **Project structure** contracts ├── Migrations.sol ├── assets │ ├── Airdrop.sol │ ├── AirdropZBC.sol │ ├── BlackHole.sol │ └── Repurchase.sol ├── governance │ ├── GovernorAlpha.sol │ └── Timelock.sol ├── heco │ ├── Factory.sol │ ├── HecoPool.sol │ ├── ZBCTokenHeco.sol │ ├── Router.sol │ └── SwapMining.sol ├── interface │ ├── IERC20.sol │ ├── IBitbyteFactory.sol │ ├── IBitbytePair.sol │ └── IZBC.sol ├── library │ └── SafeMath.sol ├── mainnet │ ├── CoinChef.sol │ └── ZBCToken.sol ├── oracle │ └── Oracle.sol └── timeLock └── TeamTimeLock.sol
### 3.3 **Project architecture** The BitbyteOOSWAP project is divided into two parts according to the chain, in which Ethereum chain mainly provides the function of double digging tokens, and users can deposit LP tokens into CoinChef contract to carry out double digging tokens in conjunction with Uniswap token pool. Heco chain provides token transaction pair creation, LP mortgage mining and transaction mining functions. The overall architecture diagram is as follows: four
## 4. **Code overview** ### 4.1 **Visibility analysis of main contract functions** ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps3.png)During the audit, the Sooho security team analyzed the visibility of the core contract, and the results are as follows: | **CoinChef** | | | | | ----------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | poolLength | Public | - | - | | addSushiLP | Public | can modify state | onlyOwner | | isSushiLP | Public | - | - | | getSushiLPLength | Public | - | - | | getSushiLPAddress | Public | - | - | five
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps4.png) | add | Public | can modify state | - | | ---------------------------- | -------- | ---------------- | --------- | | set | Public | can modify state | onlyOwner | | setPoolCorr | Public | can modify state | onlyOwner | | massUpdatePools | Public | can modify state | - | | updatePool | Public | can modify state | - | | pending | External | - | - | | pendingZBCAndSushi | Private | - | - | | pendingZBC | Private | - | - | | deposit | Public | can modify state | - | | depositZBCAndSushi | Private | can modify state | - | | depositZBC | Private | can modify state | - | | withdraw | Public | can modify state | - | | withdrawZBCAndSushi | Private | can modify state | - | | withdrawZBC | Private | can modify state | - | | emergencyWithdraw | Public | can modify state | - | | emergencyWithdrawZBCAndSushi | Private | can modify state | - | | emergencyWithdrawZBC | Private | can modify state | - | | safeZBCTransfer | Internal | can modify state | - | | Bitbyte**OracleLibrary** | | | | | ------------------------ | ---------- | ---------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | currentBlockTimestamp | Internal | - | - | | currentCumulativePrices | Internal | - | - | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps5.png)six
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps6.png) | **SwapMining** | | | | | ------------------ | ---------- | ---------------- | ---------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | poolLength | Public | - | - | | addPair | Public | can modify state | onlyOwner | | setPair | Public | can modify state | onlyOwner | | setZBCPerBlock | Public | can modify state | onlyOwner | | addWhitelist | Public | can modify state | onlyOwner | | delWhitelist | Public | can modify state | onlyOwner | | getWhitelistLength | Public | - | - | | isWhitelist | Public | - | - | | getWhitelist | Public | - | - | | setHalvingPeriod | Public | can modify state | onlyOwner | | setRouter | Public | can modify state | onlyOwner | | setOracle | Public | can modify state | onlyOwner | | phase | Public | can modify state | - | | phase | Public | - | - | | reward | Public | - | - | | reward | Public | - | - | | getZBCReward | Public | - | - | | massMintPools | Public | can modify state | - | | mint | Public | can modify state | - | | swap | Public | can modify state | onlyRouter | | takerWithdraw | Public | can modify state | - | seven
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps7.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps8.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps9.png) | getUserReward | Public | - | - | | ------------- | ------ | - | - | | getPoolInfo | Public | - | - | | getQuantity | Public | - | - | | **Oracle** | | | | | ---------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | update | External | can modify state | - | | computeAmountOut | Private | - | - | | consult | External | - | - | | **TransferHelper** | | | | | ------------------ | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | safeApprove | Internal | can modify state | - | | safeTransfer | Internal | can modify state | - | | safeTransferFrom | Internal | can modify state | - | | **Airdrop** | | | | | ------------------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | poolLength | External | - | - | | newAirdrop | Public | can modify state | onlyOwner | | updatePoolLastRewardBlock | Private | can modify state | - | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps10.png)eight
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps11.png) | setCycle | Public | can modify state | onlyOwner | | ----------------- | -------- | ---------------- | --------- | | add | Public | can modify state | onlyOwner | | set | Public | can modify state | onlyOwner | | massUpdatePools | Public | can modify state | - | | updatePool | Public | can modify state | - | | pending | External | - | - | | deposit | Public | can modify state | - | | withdraw | Public | can modify state | - | | emergencyWithdraw | Public | can modify state | - | | safeWhtTransfer | Internal | can modify state | - | | Bitbyte**ER20** | | | | | --------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | \_mint | Internal | can modify state | - | | \_burn | Internal | can modify state | - | | \_approve | Private | can modify state | - | | \_transfer | Private | can modify state | - | | approve | External | can modify state | - | | transfer | External | can modify state | - | | transferFrom | External | can modify state | - | | permit | External | can modify state | - | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps12.png)nine
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps13.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps14.jpg)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps15.jpg)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps16.jpg) | Bitbyte**Pair** | | | | | --------------- | ---------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | Function Name | Visibility | Mutability | Modifiers | | getReserves | Public | - | - | | \_safeTransfer | Private | can modify state | - | | constructor | Public | can modify state | - | | initialize | External | can modify state | - | | \_update | Private | can modify state | - | | \_mintFee | Private | can modify state | - | | mint | External | can modify state | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps17.jpg)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps18.jpg)lock | | burn | External | can modify state | lock | | swap | External | can modify state | lock | | skim | External | can modify state | lock | | sync | External | can modify state | lock | | price | Public | - | - | | Bitbyte**Factory** | | | | | ------------------ | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | allPairsLength | External | - | - | | createPair | External | can modify state | - | | setFeeTo | External | can modify state | - | | setFeeToSetter | External | can modify state | - | | setFeeToRate | External | can modify state | - | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps19.png)10
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps20.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps21.png) | sortTokens | Public | - | - | | ------------- | ------ | - | - | | pairFor | Public | - | - | | getReserves | Public | - | - | | quote | Public | - | - | | getAmountOut | Public | - | - | | getAmountIn | Public | - | - | | getAmountsOut | Public | - | - | | getAmountsIn | Public | - | - | | **UQ112x112** | | | | | ------------- | ---------- | ---------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | encode | Internal | - | - | | uqdiv | Internal | - | - | | **HecoPool** | | | | | ---------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | setHalvingPeriod | Public | can modify state | onlyOwner | | setZBCPerBlock | Public | can modify state | onlyOwner | | poolLength | Public | - | NO | | addMultLP | Public | can modify state | onlyOwner | | isMultLP | Public | - | NO | | getMultLPLength | Public | - | - | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps22.png)11
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps23.png) | getMultLPAddress | Public | - | - | | ---------------------------- | -------- | ---------------- | --------- | | setPause | Public | can modify state | onlyOwner | | setMultLP | Public | can modify state | onlyOwner | | replaceMultLP | Public | can modify state | onlyOwner | | add | Public | can modify state | onlyOwner | | set | Public | can modify state | onlyOwner | | setPoolCorr | Public | can modify state | onlyOwner | | phase | Public | - | - | | reward | Public | - | - | | getZBCBlockReward | Public | - | - | | massUpdatePools | Public | can modify state | - | | updatePool | Public | can modify state | - | | pending | External | - | - | | pendingZBCAndToken | Private | - | - | | pendingZBC | Private | - | - | | deposit | Public | can modify state | notPause | | depositZBCAndToken | Private | can modify state | - | | depositZBC | Private | can modify state | - | | withdraw | Public | can modify state | notPause | | withdrawZBCAndToken | Private | can modify state | - | | withdrawZBC | Private | can modify state | - | | emergencyWithdraw | Public | can modify state | notPause | | emergencyWithdrawZBCAndToken | Private | can modify state | - | | emergencyWithdrawZBC | Private | can modify state | - | | safeZBCTransfer | Internal | can modify state | - | 12
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps24.png) | **DelegateERC20** | | | | | ----------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | \_mint | Internal | can modify state | - | | \_transfer | Internal | can modify state | - | | delegate | External | can modify state | - | | delegateBySig | External | can modify state | - | | getCurrentVotes | External | - | - | | getPriorVotes | External | - | - | | \_delegate | Internal | - | - | | \_moveDelegates | Internal | can modify state | - | | \_writeCheckpoint | Internal | can modify state | - | | safe32 | Internal | - | - | | getChainId | Internal | - | - | | **ZBCToken** | | | | | --------------- | ---------- | ---------------- | ---------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | ERC20 | | mint | Public | can modify state | onlyMinter | | addMinter | Public | can modify state | onlyOwner | | delMinter | Public | can modify state | onlyOwner | | getMinterLength | Public | - | - | | isMinter | Public | - | - | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps25.png)13
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps26.png) | getMinter | Public | - | onlyOwner | | --------- | ------ | - | --------- | | Bitbyte**Router** | | | | | ---------------------------------------------------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | fallback | External | payable | - | | pairFor | Public | - | - | | setSwapMining | Public | can modify state | onlyOwner | | \_addLiquidity | Internal | can modify state | - | | addLiquidity | External | can modify state | ensure | | addLiquidityETH | External | payable | ensure | | removeLiquidity | Public | can modify state | ensure | | removeLiquidityETH | Public | can modify state | ensure | | removeLiquidityWithPermit | External | can modify state | - | | removeLiquidityETHWithPermit | External | can modify state | - | | removeLiquidityETHSupportingFeeOn TransferTokens | Public | can modify state | - | | removeLiquidityETHWithPermit SupportingFeeOnTransferTokens | External | can modify state | - | | \_swap | Internal | can modify state | - | | swapExactTokensForTokens | External | can modify state | ensure | | swapTokensForExactTokens | External | can modify state | ensure | | swapExactETHForTokens | External | payable | ensure | | swapTokensForExactETH | External | can modify state | ensure | | swapExactTokensForETH | External | can modify state | ensure | ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps27.png)14
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps28.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps29.png) | swapETHForExactTokens | External | payable | ensure | | ------------------------------------------------------ | -------- | ---------------- | ------ | | \_swapSupportingFeeOnTransferTokens | Internal | can modify state | - | | swapExactTokensForTokensSupporting FeeOnTransferTokens | External | can modify state | ensure | | swapExactETHForTokensSupportingFee OnTransferTokens | External | payable | ensure | | swapExactTokensForETHSupportingFee OnTransferTokens | External | can modify state | ensure | | quote | Public | - | - | | getAmountOut | Public | - | - | | getAmountIn | Public | - | - | | getAmountsOut | Public | - | - | | getAmountsIn | Public | - | - | | **TeamTimeLock** | | | | | ---------------- | ---------- | ---------------- | --------- | | Function Name | Visibility | Mutability | Modifiers | | constructor | Public | can modify state | - | | getBalance | Public | - | - | | getReward | Public | - | - | | withDraw | External | can modify state | - | | setBeneficiary | Public | can modify state | - | 15
### 4.2 **Code audit details** ### 4.2.1 **Medium-risk vulnerability** #### 4.2.1.1 **Trading volume forgery risk** In SwapMining contract, the problem that users use lightning loan for exchange is not considered when calculating the mining amount of users' transactions. When the user uses the lightning loan to trade and mine, the user only needs to pay the handling fee lost in the transaction exchange and the cost of the lightning loan itself, and can forge the transaction of the amount of the lightning loan. Magnifying and falsifying the number of transactions. Code location: SwapMining.sol swap function ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps30.png) 16
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps31.png) Repair status: ignored. After confirmation with the project party, the project party confirms that the cost of such attacks is high. At present, more users are involved in trading and mining activities at the same time. It is difficult for attackers to profit from the enlarged trading volume of Lightning Loan. ### 4.2.2 **Low-risk vulnerability** #### 4.2.2.1 **Excessive authority problem** Owner right of HecoPool contract can modify sensitive parameters, add new token pool and double dig pool, etc. There is a problem of excessive permissions. This function belongs to the needs of business design and can not directly affect the assets of users. It is recommended to add event records to facilitate community users to change parameter settings ![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps32.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps33.png)Dynamic review. |

function setMultLP(address \_multLpToken, address \_multLpChef) public onlyOwner { require(\_multLpToken ! = address(0) && \_multLpChef ! = address(0), "is the zero address");

multLpToken = \_multLpToken; multLpChef = \_multLpChef;

}

| | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | **function replaceMultLP(address \_multLpToken, address \_multLpChef) public** | onlyOwner { | |

require(\_multLpToken ! = address(0) && \_multLpChef ! = address(0), "is the zero address"); require(paused == true, "No mining suspension");

multLpToken = \_multLpToken;

multLpChef = \_multLpChef; uint256 length = getMultLPLength();

while (length > 0) {

address dAddress = EnumerableSet.at(\_multLP, 0); uint256 pid = LpOfPid\[dAddress];

IMasterChefHeco(multLpChef).emergencyWithdraw(poolCorrespond\[pid]);

| | 17
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps34.png)![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps35.png) |

EnumerableSet.remove(\_multLP, dAddress); length--;

}

}

/ Addanewlptothepool.Canonlybecalledbytheowner.

/ XXXDONOTaddthesameLPtokenmorethanonce.Rewardswillbemessedupifyoudo.

| | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | **function add(uint256 \_allocPoint, IERC20 \_lpToken, bool \_withUpdate) public** | onlyOwner { | |

require(address(\_lpToken) ! = address(0), "\_lpToken is the zero address"); if (\_withUpdate) {

massUpdatePools();

}

uint256 lastRewardBlock = block.number > startBlock ? block.number : startBlock; totalAllocPoint = totalAllocPoint.add(\_allocPoint);

poolInfo.push(PoolInfo({ lpToken : \_lpToken, allocPoint : \_allocPoint,

lastRewardBlock : lastRewardBlock, accZBCPerShare : 0,

accMultLpPerShare : 0,

totalAmount : 0

}));

LpOfPid\[address(\_lpToken)] = poolLength() - 1;

}

/ Updatethegivenpool'sZBCallocationpoint.Canonlybecalledbytheowner.

| | | **function set(uint256 \_pid, uint256 \_allocPoint, bool \_withUpdate) public** | onlyOwner { | |

if (\_withUpdate) { massUpdatePools();

}

totalAllocPoint = totalAllocPoint.sub(poolInfo\[\_pid].allocPoint).add(\_allocPoint); poolInfo\[\_pid].allocPoint = \_allocPoint;

}

/ ThecurrentpoolcorrespondstothepidofthemultLPpool

function setPoolCorr(uint256 \_pid, uint256 \_sid) public onlyOwner {

require(\_pid <= poolLength() - 1, "not find this pool"); poolCorrespond\[\_pid] = \_sid;

}

function phase(uint256 blockNumber) public view returns (uint256) {

| | 18
![](file:///C:/Users/nobody/AppData/Local/Temp/ksohtml10152/wps36.png) Repair status: ignored. After communication and discussion with the project side, the parameters of multLpChef and multLpToken are both public at present. Community users can directly obtain the values of parameters and review the setting status of parameters. ## 5. **audit finding** ### **5.1 General knot** Audit conclusion: passed Audit number: 0X002106170003 Audit time: June 17, 2021 Audit team: Sooho security team Audit summary: the Sooho security team used manual and internal tools to analyze the code. Two problems were found during the audit. It includes one medium-risk vulnerability and one low-risk vulnerability. After communication and feedback with the project side, it is confirmed that the transaction volume forgery risk in the medium-risk risks found in the audit process is ignored, and the problem of excessive authority in the low-risk risks is ignored. Comprehensive assessment is risk-free ## 6. **statement** Sooho only issues this report on the facts that occurred or existed before the issuance of this report, and bears corresponding responsibilities for this. Sooho cannot judge the security status of its smart contract and is not responsible for the fact that occurred or existed after it was issued. The safety audit analysis and other contents in this report are only based on the documents and materials provided by the information provider to Sooho as of the issuance of this report (referred to as "provided materials"). Sooho assumes that there is no missing, altered, deleted or concealed information provided. If the information provided is missing, tampered, deleted, concealed or reflected is inconsistent with the actual situation, Sooho shall not be liable for the losses and adverse effects caused thereby.