CakeSafe - Smart Contract Audit Report

Summary

CakeSafe Audit Report CakeSafe is building a token locking mechanism for BEP20 compatible tokens on the Binance Smart Chain.

We reviewed CakeSafe's SAFE token and PancakeLocker contracts at commit 8e94b968f98a2a8597c58e4f204d97db1107304d and later at commit 8dfca28b59b94f2dc877a37f7a79e9f253ea6fc1 on GitHub.
CakeSafe's SAFE token has been deployed to 0x82210F2CC11727f3C4dB406E8b086eA12C8E424C on the Binance Smart Chain mainnet.


Notes on the Token Contract:
  • The total supply of the token is 108,250.
  • At the time of deployment all tokens are delivered to the deployer's address.
  • There is no way for more tokens to be minted. Tokens can be burned, though the total supply will not reflect this. The team may want to consider deducting the total supply by the burned amount.
  • The token is designed to be a governance token where 1 token = 1 vote.
  • Another contract will be needed to collect votes and execute transactions on behalf of the governance token holders.
  • Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.
  • No owner-restricted functions exist. The team may remove the Ownable contract to save on deployment costs.
  • The contract utilizes math operations that check for and revert on overflows.
  • Some gas optimizations can be achieved through marking functions external instead of public.

    • Notes on the PancakeLocker Contract:
  • When locking tokens into the contract, users can pay the lock fee in either BNB or a token set by the team.
  • Users can withdraw their locked tokens when the set block timestamp passes their set unlock date.
  • Users can also re-lock or extend the lock on their tokens at any time.
  • After a lock is created, its owner can add to it using the incrementLock() function rather than creating a new lock. A fee paid in a percentage of the additiona tokens locked will be charged.
  • Token locks can be transferred by their owner to a new owner if desired.
  • Token locks can also be split as to provide another address ownership over some of the the tokens locked. There is a fee in BNB associated with this action.
  • The project team has the ability to set all variables related to fees, set addresses called by the platform, exempt addresses from incurring fees.
  • Utilization of ReentrancyGuard, TransferHelper, and SafeMath to prevent attacks, ensure safe transfers, and prevent overflows.


    • Audit Findings Summary:
    • No security issues from outside attackers were identified; though some logic could lead to a small amount of abuse.
    • As with any presale, ensure trust in the team prior to investing.
    • KYC: No.
    • Date: March 21st, 2021.
    • Update Date: March 22nd, 2021 - incorporation of some recommendations.
    • Update Date: May 3rd, 2021 - Add address of mainnet deployment for SAFE token.

    External Threats

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APass
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details - CakeSafe Token Contract


    Smart Contract Graph

    Contract Inheritance

    
 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  BEP20 (Context, IBEP20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  SAFE (BEP20, Ownable)
    - [Pub]  #
    - [Pub] burn #
    - [Int] _transfer #
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

    Click here to download the source code as a .sol file



    Details - PancakeLocker Contract


    Smart Contract Graph

    Contract Inheritance

    
 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] EnumerableSet 
    - [Prv] _add #
    - [Prv] _remove #
    - [Prv] _contains
    - [Prv] _length
    - [Prv] _at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at

 +  ReentrancyGuard 
    - [Int]  #

 + [Lib] TransferHelper 
    - [Int] safeApprove #
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #

 + [Int] IPancakePair 
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1

 + [Int] IBEPBurn 
    - [Ext] burn #
    - [Ext] approve #
    - [Ext] allowance #
    - [Ext] balanceOf

 + [Int] IPancakeFactory 
    - [Ext] getPair

 + [Int] IMigrator 
    - [Ext] migrate #

 +  CakeSafeLocker (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Pub] setDev #
       - modifiers: onlyOwner
    - [Pub] setMigrator #
       - modifiers: onlyOwner
    - [Pub] setSecondaryFeeToken #
       - modifiers: onlyOwner
    - [Pub] setReferralTokenAndHold #
       - modifiers: onlyOwner
    - [Pub] setFees #
       - modifiers: onlyOwner
    - [Pub] whitelistFeeAccount #
       - modifiers: onlyOwner
    - [Ext] lockLPToken ($)
       - modifiers: nonReentrant
    - [Ext] relock #
       - modifiers: nonReentrant
    - [Ext] withdraw #
       - modifiers: nonReentrant
    - [Ext] incrementLock #
       - modifiers: nonReentrant
    - [Ext] splitLock ($)
       - modifiers: nonReentrant
    - [Ext] transferLockOwnership #
    - [Ext] migrate #
       - modifiers: nonReentrant
    - [Ext] getNumLocksForToken
    - [Ext] getNumLockedTokens
    - [Ext] getLockedTokenAtIndex
    - [Ext] getUserNumLockedTokens
    - [Ext] getUserLocksForToken
    - [Ext] getUserLockedTokenAtIndex
    - [Ext] getUserNumLocksForToken
    - [Ext] getUserLockForTokenAtIndex
    - [Ext] getWhitelistedUsersLength
    - [Ext] getWhitelistedUserAtIndex
    - [Ext] getUserWhitelistStatus

    Click here to download the source code as a .sol file