Critical
None identifiedNo direct arbitrary mint, owner drain, private-key, custody or hidden transfer function was identified in the reviewed source.
Loading market data layer
Public contract review
VIGIX smart contract audit.
Non-custodialWallet-signedRoute clarity
This page publishes a static engineering review of the public VIGIX smart contract source. It is not a replacement for a full third-party formal audit, but it gives users and reviewers a clear public baseline for how the current Polygon contract behaves.
Review scope
NetworkPolygon Mainnet
Contract0xea1989dDc9F7db000347F6Ac14C63fd395B6EDAd
Settlement assetPolygon USDC — 0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359
Source reviewedgithub.com/VestigeIndex/Vigix.Contract/vigix.sol
Review date2026-05-10
Reviewed controls
01OpenZeppelin ERC20, Ownable, Pausable, ReentrancyGuard and SafeERC20 are used.
02The owner cannot arbitrarily mint VIGIX. New supply is minted only through the buy flow.
03The sell flow burns VIGIX and checks USDC reserves before returning USDC to the user.
04Buy and sell execution include minOut slippage protection controlled by the user interface.
05There is no seed phrase, private key, custody, auto-signing or wallet bypass surface in the contract.
Findings
High
None identifiedNo high-severity issue was identified in the reviewed source. Buy and sell are protected by nonReentrant and explicit amount checks.
Medium
Operational controlThe owner can pause/unpause and update the fee wallet. This does not grant arbitrary reserve withdrawal, but it should remain publicly monitored.
Informational
Documentation alignmentThe source does not include a separate sell-activation threshold beyond reserve availability and normal balance checks. Product documentation should not imply an extra hidden threshold.
Limitations
This review covers the public source and application ABI used by Vestige Index. It does not claim bytecode equivalence certification, economic-model assurance, reserve sufficiency guarantees, or legal approval. Users should still verify the official contract address and confirm every action inside their own wallet.