Ember ProtocolEMBER

Firepan Sentinel has completed an automated AI-assisted risk analysis of Ember Protocol (EMBER) on Ethereum Mainnet. The contract received an overall risk score of 63/100, placing it in the High Risk category. The primary concerns are centralization of admin controls — the deployer address retains the ability to mint new tokens and pause all token transfers without a timelock or multisig. While the source code is verified and the contract does not exhibit honeypot characteristics, these owner permissions represent a material risk for investors. Liquidity of approximately $420,000 is present across Uniswap V3, though it is not locked. Holder distribution shows moderate concentration, with the top 10 holders controlling 44.2% of supply. This report is generated through automated analysis and AI interpretation. It does not constitute a manual security audit and should not be treated as a guarantee of safety.

Ember Protocol is an ERC-20 token deployed on Ethereum Mainnet with a fixed total supply of 1 billion EMBER. The contract is compiled with Solidity v0.8.20 under the MIT license. The token has been live for 498 days and currently trades primarily on Uniswap V3.

The contract source code is verified on Etherscan, allowing full code review. The contract follows standard ERC-20 patterns with Ownable extensions. Three admin functions present elevated risk: mint(), pause(), and setMaxTx(). The contract is not upgradeable via a proxy pattern.

• Source code verified — full auditability
• ERC-20 compliant — standard transfer/approve/allowance interface
• No proxy or upgrade mechanism — code cannot be changed post-deployment
• mint() is callable by owner — supply can be increased at will
• pause() halts all transfers — owner can freeze user funds
• setMaxTx() allows owner to restrict transaction size

The contract uses OpenZeppelin's Ownable pattern. Ownership has NOT been renounced and no multisig or timelock is configured. The deployer wallet (0xDeployer...cafe) retains all administrative privileges. This is the most significant risk factor in this report.

• Ownership active — 0xDeployer123456789abcdef0000000000000cafe
• No multisig (Gnosis Safe, etc.) detected on owner address
• No timelock contract protecting admin functions
• renounceOwnership() function present but not called
• ℹtransferOwnership() present — owner can be transferred to new address

The contract is not upgradeable. No proxy patterns (UUPS, Transparent, Beacon) were detected. The deployed bytecode is final and cannot be modified by the owner. This is a positive signal — the contract logic is immutable.

• No proxy pattern detected
• No upgradeTo() or upgradeToAndCall() functions
• Contract bytecode is immutable

The mint function is the highest individual risk in this contract. An unconstrained mint() callable only by owner allows theoretically unlimited token creation. The burn function is present and standard. No blacklist function was detected, which is positive.

• mint(address to, uint256 amount) — callable by owner, no cap enforced in the function itself
• burn(uint256 amount) — user-initiated burn, standard
• burnFrom(address, uint256) — standard with allowance check
• No blacklist or address freeze function detected
• pause() / unpause() — owner can halt all transfers

Holder distribution shows moderate-to-high concentration. The top 10 holders control 44.2% of circulating supply, and the largest single holder controls 12.1%. With 3,847 total holders, distribution is reasonable for a token of this age, but concentration remains above thresholds considered healthy.

• Top 10 holders: 44.2% of supply
• Top 50 holders: 71.8% of supply
• Largest single holder: 12.1% — potential for significant price impact
• ℹTotal holders: 3,847
• ℹConcentration has likely decreased over the 498-day token lifetime

Approximately $420,000 in liquidity is available across Uniswap V3 pools. This represents adequate but not deep liquidity. The primary risk is that liquidity is not locked — the 34 LP holders could withdraw at any time. Pair is 412 days old, suggesting organic market formation.

• ℹTotal liquidity: ~$420,000 USD
• ℹPrimary DEX: Uniswap V3
• Liquidity is NOT locked — no Unicrypt or Team.Finance lock detected
• Pair age: 412 days — established trading history
• ℹ34 LP token holders — relatively small LP base
• ℹBuy/sell tax: 2% each — within acceptable range

No honeypot signals were detected by automated scanning. Tokens can be sold freely with no transfer restrictions beyond the standard max transaction limit. GoPlus Security reports no trading restrictions.

• No cannot_sell_all signal
• No trading cooldown detected
• Transfers are not unconditionally pausable by design flaw
• Sell tax is 2% — within normal range
• Owner CAN pause transfers via pause() — this is different from a honeypot but still a risk

• •Owner-controlled mint with no supply cap in the mint function itself
• •Centralized pause mechanism without timelock — single point of failure
• •Liquidity not locked — LP removal possible without notice
• •No on-chain governance or multisig protecting admin functions

1. 1Transfer contract ownership to a Gnosis Safe multisig with 2-of-3 or higher threshold
2. 2Add a Timelock controller (minimum 48-hour delay) before owner can execute privileged functions
3. 3Lock liquidity using Unicrypt or Team.Finance for a minimum of 12 months
4. 4If continued mint capability is needed, add an onchain supply cap to the mint function
5. 5Publish a public ownership/decentralization roadmap with committed timelines
6. 6Consider renouncing the pause() function if it is not operationally necessary
7. 7Reduce top holder concentration through LP incentives or vesting cliff adjustments