Code Audit

PENGU Airdrop

A decentralized token used for community engagement and rewards within the Pudgy Penguins ecosystem.

Blockchain security isn't optional.

Protect your smart contracts and DeFi protocols with Three Sigma, a trusted security partner in blockchain audits, smart contract vulnerability assessments, and Web3 security.

Get a Quote Today

Introduction

PENGU is an airdrop-distribution program on Solana.

A signer address authorises each claim via an off-chain signature; eligible users submit that signature on-chain before a preset expiration date to receive their tokens.

Why Did They Need an Audit?

A single flaw in signature validation or account-linking could let a malicious actor drain the entire airdrop pool. PENGU’s team sought an external assessment to verify that:

claims cannot be replayed or forged,
source token reserves are locked to the legitimate program state,
ownership and signer-management flows are safe.

Scope of the Engagement

File Audited: programs/token_claimer/src/lib.rs
Team: 2 auditors · 1.2 person weeks
Chain: Solana

Audit Date: 2024-12-09

Language: Solidity

Type: Code Audit

Results and Findings

Audit Period

1.2 PW

Report

Audit Period

1.2 PW

Severity Issues

critical

high

medium

low

informational

Report

Secure Your Crypto Project Before It’s Too Late. Get in Touch Today.

Get a Quote Today