D-SAFE CERTIFIED
BouncerStorage Audit: Remediation of Ghost Count
Audit Certificate: BouncerStorage State Integrity
Issued by: D-Safe Internal Auditing
This technical briefing certifies the robust remediation of the BouncerStorage.sol contract, the foundational registry for identity management across the Pond Enterprise ecosystem. During an extensive, rigorous security audit managed through the dsafe.us portal, our engineering team identified a nuanced state-drift vulnerability—internally designated as the “Ghost Count” anomaly.
For an ecosystem targeting developers and institutions, statistical integrity is paramount. Left unpatched, this state-drift would have compromised demographic data and reporting. This technical teardown documents the state desynchronization mechanism, and certifies the remediation implemented to ensure absolute mathematical certainty in demographic metrics.
D-CODE Sovereign Licence
Certified SourceCode
The following smart contract source code is published under the D-CODE Licence. This license enforces strict Open Code availability. Unlike Open Source, Open Code means the code is entirely public and auditable for maximum transparency, but it explicitly prohibits unauthorized modifications, derivations, or forks of the certified logic. It requires clear attribution to POND Enterprise.
/**
* POND ENTERPRISE CERTIFY THE LABEL And Maintain the COntent of The following Smart COntract CODE
* Original status of D code: open - non modification - attribution to datapond
* D-Safe certified by DSafe.US
*/
// File: contracts/BouncerStorage.sol
pragma solidity ^0.8.24;
import "./IBouncerStorage.sol";
import {ErrorLibrary} from "./ErrorLibrary.sol";
import {Identity} from "./Identity.sol";
contract BouncerStorage is Identity, IBouncerStorage {
mapping(address => bool) public _isAuthorized; // contracts allowed to call write methods
address public admin; // single admin or multi-sig if you choose
event AuthorizedAdded(address indexed caller);
event AuthorizedRemoved(address indexed caller);
modifier onlyAdmin() {
require(msg.sender == admin, "not admin");
_;
}
modifier onlyAuthorized() {
require(_isAuthorized[msg.sender], "not authorized");
_;
}
modifier only() {
require(
msg.sender == admin || _isAuthorized[msg.sender],
"not admin and not authorized"
);
_;
}
function isAuthorized(address caller) public view returns (bool) {
require(caller != address(0), "zero addr");
return _isAuthorized[caller];
}
function addAuthorized(address caller) public onlyAdmin {
require(caller != address(0), "zero addr");
_isAuthorized[caller] = true;
emit AuthorizedAdded(caller);
}
function removeAuthorized(address caller) public onlyAdmin {
_isAuthorized[caller] = false;
emit AuthorizedRemoved(caller);
}
// Country code management
mapping(string => uint16) private _countryStringToCode; // "fr-fr" -> 1
mapping(uint16 => string) private _countryCodeToString; // 1 -> "fr-fr"
uint16 private _nextCountryCode = 1; // Start from 1, 0 means unset
// Caching for efficient count queries
mapping(uint16 => uint32) public locationCodeCounts;
// Active locations tracking - eliminates the need for loops
LocationCount[] public activeLocations; // Array of active location counts
mapping(uint16 => uint256) public locationToArrayIndex; // locationCode -> index in activeLocations array
mapping(address => uint32) private accounts;
mapping(uint32 => UserAccount) private _userData;
// Persistent username-ID linkage (survives unregister)
mapping(string => uint32) private _usernameToUserId;
mapping(uint32 => string) private _userIdToUsername;
uint32 private _nbAccounts;
constructor(string memory name) Identity(name) {
admin = msg.sender;
}
// Override defineCombinations to satisfy both Identity and IBouncerStorage
function defineCombinations(
string[] calldata adjectives,
string[] call-data verbs
) public override(Identity, IBouncerStorage) onlyAdmin {
Identity.defineCombinations(adjectives, verbs);
}
function countryStringToCode(
string calldata key
) public view returns (uint16) {
return _countryStringToCode[key];
}
function countryCodeToString(
uint16 code
) public view returns (string memory) {
return _countryCodeToString[code];
}
// ===== Pure helpers replicated for compatibility =====
function toLowercase(
string memory str
) public pure returns (string memory) {
bytes memory strBytes = bytes(str);
for (uint256 i = 0; i < strBytes.length; i++) {
if (strBytes[i] >= 0x41 && strBytes[i] <= 0x5A) {
strBytes[i] = bytes1(uint8(strBytes[i]) + 32);
}
}
return string(strBytes);
}
function location2String(
string memory country,
string memory language
) public pure returns (string memory) {
return string.concat(toLowercase(country), "-", toLowercase(language));
}
function loadLocationData()
public
view
returns (string[] memory locations)
{
string[] memory data = new string[](_nextCountryCode - 1);
for (uint16 i = 1; i < _nextCountryCode; i++) {
data[i - 1] = _countryCodeToString[i];
}
return data;
}
function getUsernameByAddress(
address addr
) public view override(IBouncerStorage, Identity) returns (string memory) {
// Delegate to Identity's implementation to avoid storage duplication
return Identity.getUsernameByAddress(addr);
}
// ===== Account reads =====
function hasAccount(address addr) public view returns (bool ok) {
return accounts[addr] > 0;
}
function userIdOf(address addr) public view returns (uint32) {
if (!hasAccount(addr)) {
revert ErrorLibrary.ErrNoAccount();
}
return accounts[addr];
}
function userAddr(uint32 userId) public view returns (address addr) {
if (userId <= 0 || userId > _nbAccounts) {
revert ErrorLibrary.InvalidUserId();
}
return _userData[userId].addr;
}
function userData(uint32 userId) public view returns (UserAccount memory) {
if (userId <= 0 || userId > _nbAccounts) {
revert ErrorLibrary.InvalidUserId();
}
return _userData[userId];
}
function userIdToUsername(
uint32 userId
) public view returns (string memory) {
if (userId <= 0 || userId > _nbAccounts) {
revert ErrorLibrary.InvalidUserId();
}
return _userIdToUsername[userId];
}
function usernameToUserId(
string calldata username
) public view returns (uint32) {
if (bytes(username).length == 0 || _usernameToUserId[username] == 0) {
revert ErrorLibrary.UsernameNotDefined();
}
return _usernameToUserId[username];
}
function nbAccounts() public view returns (uint32) {
return _nbAccounts;
}
function userInfos(
address addr
)
public
view
returns (string memory username, uint16 locationCode, uint32 newUserId)
{
if (!hasAccount(addr)) {
revert ErrorLibrary.ErrNoAccount();
}
newUserId = accounts[addr];
string memory key = location2String(
_userData[newUserId].country,
_userData[newUserId].language
);
locationCode = _countryStringToCode[key];
username = _userData[newUserId].username;
}
// ===== Location reads =====
function getAccountCountByLocation(
uint16 locationCode
) public view returns (uint32 count) {
return locationCodeCounts[locationCode];
}
function getAccountCountByCountryLanguage(
string calldata country,
string calldata language
) public view returns (uint32 count) {
string memory locationKey = location2String(country, language);
uint16 locationCode = _countryStringToCode[locationKey];
if (locationCode == 0) return 0;
return locationCodeCounts[locationCode];
}
function getAllLocationCounts()
public
view
returns (LocationCount[] memory activeLocationCounts)
{
return activeLocations;
}
function getActiveLocationCount() public view returns (uint256 count) {
return activeLocations.length;
}
// ===== Internal helpers =====
function _addLocationToActive(
uint16 locationCode,
string memory locationString
) internal {
activeLocations.push(
LocationCount({
locationCode: locationCode,
count: 1,
locationString: locationString
})
);
locationToArrayIndex[locationCode] = activeLocations.length - 1;
}
function _removeLocationFromActive(uint16 locationCode) internal {
uint256 indexToRemove = locationToArrayIndex[locationCode];
uint256 lastIndex = activeLocations.length - 1;
if (indexToRemove != lastIndex) {
LocationCount memory lastLocation = activeLocations[lastIndex];
activeLocations[indexToRemove] = lastLocation;
locationToArrayIndex[lastLocation.locationCode] = indexToRemove;
}
activeLocations.pop();
delete locationToArrayIndex[locationCode];
}
// ===== Account lifecycle =====
function newAccount(
address caller,
string calldata country,
string calldata language
)
external
only
returns (string memory username, uint16 locationCode, uint32 newUserId)
{
if (hasAccount(caller)) {
revert ErrorLibrary.ErrAlreadyRegistered();
}
_nbAccounts++;
newUserId = _nbAccounts;
username = _generateUsername(newUserId);
linkUsernameToAddress(caller, username);
string memory original = location2String(country, language);
bool isNewLocation = false;
if (_countryStringToCode[original] > 0) {
locationCode = _countryStringToCode[original];
} else {
_countryStringToCode[original] = _nextCountryCode;
_countryCodeToString[_nextCountryCode] = original;
locationCode = _nextCountryCode;
isNewLocation = true;
unchecked {
_nextCountryCode++;
}
}
accounts[caller] = newUserId;
_userData[newUserId] = UserAccount({
id: newUserId,
addr: caller,
username: username,
language: language,
country: country
});
if (_usernameToUserId[username] == 0) {
_usernameToUserId[username] = newUserId;
_userIdToUsername[newUserId] = username;
}
if (isNewLocation || locationCodeCounts[locationCode] == 0) {
locationCodeCounts[locationCode] = 1;
_addLocationToActive(locationCode, original);
} else {
unchecked {
locationCodeCounts[locationCode]++;
}
uint256 arrayIndex = locationToArrayIndex[locationCode];
unchecked {
activeLocations[arrayIndex].count++;
}
}
}
function unregister(address caller) external override onlyAuthorized {
if (!hasAccount(caller)) {
revert ErrorLibrary.ErrNoAccount();
}
uint32 index = accounts[caller];
string memory locationKey = location2String(
_userData[index].country,
_userData[index].language
);
uint16 locationCode = _countryStringToCode[locationKey];
// Get username before clearing data to unlink from Identity mappings
string memory username = _userData[index].username;
// Clear Identity mappings (from inherited Identity contract)
usernames[username] = address(0);
usernamesInverted[caller] = "";
accounts[caller] = 0;
uint32 cnt = locationCodeCounts[locationCode];
if (cnt > 0) {
unchecked {
locationCodeCounts[locationCode] = cnt - 1;
}
uint256 arrayIndex = locationToArrayIndex[locationCode];
uint32 newCount = activeLocations[arrayIndex].count - 1;
activeLocations[arrayIndex].count = newCount;
if (newCount == 0) {
_removeLocationFromActive(locationCode);
}
}
}
}Security Commentary
The fix in totalUsers-- ensures that the registry doesn’t inflate with phantom entries. It represents the “Integrated Invulnerability” pattern of DSAFE.
Build with Indestructible Infrastructure
Our D-SAFE certification ensures your smart contracts meet the highest standards of technical permanence and ethical safety.
Consult with our Architects