Bot Ocean - Smart Contract Audit Report
Bot Ocean is building a platform with signals, portfolio tracking, bots marketplace, and a strategy builder within a single interface.For this audit, we reviewed the project's bridge logic using code provided to us by the team; which includes bridge contracts for both the BSC and ETH networks. Please note we have not reviewed the off-chain logic related to the bridge.
Notes on the Contracts:
The team has developed a cross-chain bridge which will allow users to deposits their native Bot Ocean tokens across the ETH or BSC blockchain. The contracts on each chain serve as the on and off ramp for each chain. Users can send their tokens to the bridge contract on the ETH chain to make those tokens available on the BSC chain. Upon bridging their tokens, the team's off-chain logic will provide the user with a series of data which can be used with withdraw their tokens on the other chain. Users will need some BNB in order to claim their tokens on the BSC chain, and some ETH to claim on the Ethereum chain. The bridge contract on the BSC chain is also the token contract, so when tokens are claimed, they are minted to the user. There are no fees charged by the team for using the contract. The chainName variable can be set constant in both contracts to save gas on deployment. Some functions can be declared external instead of public to save on gas. Utilization of SafeMath to prevent overflows. We advise using Solidity 0.7.6 rather than 0.7.3.
Audit Findings Summary:
- No security issues were identified.
- Users must trust the team as they will operate off-chain logic to power the bridge used for cross-chain transfers.
- Date: May 5th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + Context - [Int] _msgSender - [Int] _msgData + [Int] IBridgeV1 - [Ext] SwapOut # - [Ext] SwapIn # + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + Bridge (IBridgeV1, Ownable) - [Pub] # - [Ext] SwapOut # - [Ext] SwapIn # - modifiers: onlyOwner - [Pub] withdraw # - modifiers: onlyOwner - [Pub] updateFee # - modifiers: onlyOwner