CheersLand - Smart Contract Audit Report


CheersLand Audit Report CheersLand is building a platform where users can purchase lives by staking tokens or ETH.

We audited CheersLand's Game contract using code provided to us by the project team.

Overview of the Contract:
  • A user can purchase any amount of lives using ETH or any token that is accepted by the platform.
  • On purchasing lives, an amount in the chosen payment token proportional to the amount of lives purchased is staked in the platform.
  • The user will be able to withdraw the staked amount 24 hours after the order is created.
  • A user can add at most one address as a parent address, which will grant the user and the parent one extra life; the user can only set a parent one time.
  • A user can only be a parent for at most 5 users.
  • The owner is able to set the limit for the amount of addresses that a user can be a parent for to any value at any time.
  • The owner is able to remove a life from any user at any time, as long as the user has more than -2 lives.
  • The owner is able to add any token for payment as well as set the fee amount for each token at any time.
  • The platform should not be used with ERC-777 tokens to prevent re-entrancy issues. This is uncommon.
  • Further, the platform should not be used with deflationary tokens. If a deflationary token is added as a staking asset, then the contract must be exempt from transfer fees.

  • The team worked with us to optimize this contract for gas efficiency.
  • As the contract is implemented with Solidity v0.8.x, it is protected from overflows.

Audit Findings Summary
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as they have substantial control in the ecosystem.
  • Date: August 5th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] transfer #
    - [Ext] approve #
    - [Ext] transferFrom #
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance

 + [Lib] SafeMath 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] mod

 +  Ownable 
    - [Pub]  #
    - [Pub] owner
    - [Pub] isOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 +  Game (Ownable)
    - [Pub]  #
    - [Prv] _createOrder #
    - [Ext] addFeeCoin #
       - modifiers: onlyOwner
    - [Ext] setUserSubMax #
       - modifiers: onlyOwner
    - [Prv] _addLife #
    - [Pub] decLife #
       - modifiers: onlyOwner
    - [Ext] decLifes #
       - modifiers: onlyOwner
    - [Ext] bindParent #
    - [Pub] getLifeAmount
    - [Ext] buyLife #
    - [Ext] buyLifeMain ($)
    - [Ext] unStaking #
    - [Ext] getUserOrderIds
    - [Ext] setUserGameIsAward #
       - modifiers: onlyOwner