CryptoCart Token - Smart Contract Audit Report
CryptoCart is a new project on the Ethereum blockchain which is building an e-commerce platform.
For this audit we reviewed the project's pool contract, deployed at 0x6d98c23ba73c4F5d1BEeC3BE124ED07D01Ab6c84 on the Ethereum mainnet.
We previously reviewed the project team's Token Contract here.
Notes on the Contract:
Users can stake CryptoCart tokens into this contract into order to earn further CryptoCart tokens. There are no fees associated with making a deposit into the contract. User's rewards are claimed when withdrawing from the contract. There are no fees associated with this action. Users can also claim their rewards separately without withdrawing their stake. There is a 1.5% fee charged upon unstaking from the contract. The fee will be sent to the treasury wallet set by the team. In case rewards run out or some other issue is encountered, an emergencyWithdraw function is present allowing users to withdraw their stake while ignoring rewards. The team has the ability to update reward rates and time periods. After the staking period has elapsed, the team will have the ability to remove any remaining tokens left in the contract. The unstakingFee variable could be declared constant to save gas on deployment and each reference; but as this is already deployed, this is merely informational. Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have some control in the ecosystem.
- Date: August 14th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Prv] _setOwner # + [Lib] Math - [Int] max - [Int] min - [Int] average - [Int] ceilDiv + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Int] functionStaticCall - [Int] functionStaticCall - [Int] functionDelegateCall # - [Int] functionDelegateCall # - [Prv] _verifyCallResult + [Lib] SafeERC20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + LPTokenWrapper - [Pub] # - [Pub] balanceOf - [Pub] stake # - [Pub] withdraw # + [Int] IERC20Metadata (IERC20) - [Ext] decimals + CryptoCartPool (LPTokenWrapper, Ownable) - [Pub] # - modifiers: LPTokenWrapper,Ownable - [Ext] setNewTreasury # - modifiers: onlyOwner - [Pub] lastTimeRewardsActive - [Pub] rewardPerToken - [Pub] earned - [Pub] stake # - [Pub] withdraw # - [Ext] exit # - [Pub] getReward # - [Ext] notifyRewardAmount # - modifiers: onlyOwner - [Ext] eject # - modifiers: onlyOwner - [Ext] kill # - modifiers: onlyOwner - [Ext] emergencyWithdraw # - [Int] updateRewardPerTokenStored # - [Int] updateReward #