Audit Disclaimer

Short form (embedded on every report)

This is a code-analysis report, not investment advice.

GhostLabs has analyzed the smart contract source code you submitted. We use automated static analysis, symbolic execution, and AI-assisted review to identify patterns commonly associated with risk in Ethereum Virtual Machine (EVM) smart contracts. Our scan returns a score and a list of findings.

A GhostLabs score is not a prediction that a contract is safe to invest in, profitable to trade, legally compliant, free of bugs, or resistant to future changes. A GhostLabs score is a summary of what our tools found in the code you gave us at the time you gave it to us.

What this report does cover. Properties of the submitted Solidity (or equivalent language) source code at the moment of analysis. Common vulnerability patterns. Owner-controlled functions. Access control. Obvious economic attacks. Proxy and upgrade structure. Liquidity-related signals where source is available. Other findings described in the body of this report.

What this report does not cover. (a) Future modifications to the contract after this scan. including proxy upgrades, owner actions, governance votes, or any upstream dependency change. (b) The off-chain components of any system. front-end websites, centralized admin panels, key management practices, team multi-sigs, bridge validators, oracle inputs. (c) The legal, regulatory, tax, or securities status of any token, protocol, or transaction. (d) Market risks of any kind. price volatility, liquidity exit, or counterparty risk of any operator. (e) Vulnerabilities that no automated or AI-assisted tool could reasonably be expected to find. (f) Whether the code does what you, the reader, think it does.

A high score is not a guarantee. Our highest-scoring contracts have included audited protocols that later suffered exploits through vectors outside the scope of any code review. A high score means the code exhibited fewer red flags against our ruleset. It does not mean the code is safe.

A low score is not a verdict. A low score flags characteristics that we have seen correlate with risk. Plenty of low-scoring contracts operate normally for years. Use the findings as a starting point for your own due diligence, not a conclusion.

You are responsible for your own decisions. If you transact with, deploy, or rely upon the contract described in this report, you do so at your own risk. Before committing funds, consult qualified professionals. Do not treat this report as a substitute for your own research, a security audit by a firm specializing in manual review, or professional financial, legal, or tax advice.

By receiving this report you acknowledge that you have read and understood this disclaimer.

Long form (detailed reference)

This long form restates and expands the short-form disclaimer above. It is retained here as a reference for customer-support responses, partnership discussions, and any customer who asks for a detailed explanation of scope.

Nature of the Service

GhostLabs is an automated smart contract analysis platform. It applies a combination of deterministic static analysis, symbolic execution across common EVM opcodes, and AI-assisted review of source code. The platform produces (a) a numeric score summarizing detected risk levels against the GhostLabs ruleset, (b) a structured list of findings, and (c) plain-language commentary. The scan is delivered as a PDF report and as an HTML page accessible from a signed URL.

The Service is designed to give a rapid, inexpensive first look at a contract’s code. It is not, and is not marketed as, a substitute for a traditional manual security audit performed by specialist auditors over a period of weeks. A specialist manual audit typically costs tens of thousands of dollars, takes longer, and may detect issues that an automated scan cannot. If you are deploying a contract intended to hold material funds or operate at scale, you should not rely on an automated scan alone. a manual review from a specialist firm is appropriate.

Scope of the analysis

The analysis covers only the artifact submitted. If you submitted a verified source from a block explorer, the analysis covers that verified source. If you uploaded source code, the analysis covers the code as you uploaded it. If the on-chain deployed bytecode differs from the source we analyzed. for example because a proxy contract delegates to an implementation that was upgraded after your scan. the report does not cover that variance and you should not treat our analysis as describing the currently deployed behavior.

The analysis does not cover: off-chain infrastructure; the security of a project’s website; the integrity of a team’s key management; operational security of any party that holds admin privileges over the contract; reliability of third-party oracles or off-chain data sources; upstream chain reorganizations, consensus failures, or bridge-level exploits; behaviors introduced by contracts that call, or are called by, the submitted contract but were not themselves submitted for analysis; social engineering, phishing, or other non-code attack surfaces; and the commercial, tax, or regulatory treatment of any token or protocol.

Analysis limitations

Automated and AI-assisted tools have known limitations. They can produce false positives (flagging code that is in fact safe in context) and false negatives (failing to flag code that contains a genuine vulnerability). They can be misled by obfuscation, unusual code patterns, or by attacker-controlled comments. We take reasonable steps to detect and mitigate these risks, but no analytical technique is perfect.

In particular:

• Our AI-assisted review uses external language models. Those models have their own training cut-offs and their own limitations. Findings that rely on general knowledge of a vulnerability pattern may lag behind the most recently discovered classes of exploit.
• Our static analysis ruleset is updated on a rolling basis. A scan run today reflects the ruleset as of today. The same contract scanned next month may receive a different score because the ruleset has evolved.
• Our symbolic execution explores paths up to a configured depth. Deeper paths, and paths gated by inputs our solver cannot satisfy, may not be fully explored.

These are properties of the technique, not defects, and they mean the tool is a complement to. not a replacement for. rigorous manual review for any contract of material economic importance.

No financial, legal, or tax advice

Nothing in a GhostLabs report constitutes financial, investment, trading, legal, tax, or accounting advice. We do not assess whether a token is a security in any jurisdiction, whether a protocol is properly licensed, or whether interacting with a contract would violate any law applicable to you. We do not predict future token prices, liquidity, or market behavior. We do not certify or endorse any project, team, or contract. A report is a technical document about code, and nothing more.

You are solely responsible for your investment, trading, and compliance decisions. Consult qualified, licensed professionals in the relevant jurisdictions before making those decisions.

Time-bound validity

A report reflects the code submitted at the time of scan. Smart contracts change. Proxies can be upgraded, owners can execute privileged functions, governance can vote through parameter changes, dependent contracts can change, and the surrounding ecosystem can evolve in ways that change the operational risk of a contract. A report that was accurate when issued can become stale quickly. Unless you have subscribed to monitoring, we do not track changes to a contract after the scan, and you should treat the report as a point-in-time snapshot rather than a living assessment.

Use of the report

The report is licensed to you for your own use in accordance with our Terms of Service. You may share an individual report on social media and in direct communications for non-commercial promotion provided that the GhostLabs branding is not removed or altered. You may not redistribute reports commercially, incorporate them into a derivative product, or represent any report as a “certification” or “endorsement” by GhostLabs.

Disclaimer of warranties and limitation of liability

To the maximum extent permitted by law, the Service and all reports are provided on an “as-is” and “as-available” basis, without warranties of any kind, express or implied. GhostLabs’ aggregate liability for any claim arising out of or relating to a report is limited as set out in Section 9 of the Terms of Service. GhostLabs is not liable for losses of any kind arising from your decision to transact with, deploy, or rely upon any contract, whether or not we have scanned that contract.

Contact

Questions about the scope or methodology of a specific report should be sent to admin@ghostlabs.asia. Security-related disclosures should be sent to admin@ghostlabs.asia.