Doge Dash Farm - Smart Contract Audit Report
Summary
Doge Dash is building a new yield farming platform with a referral system and a token locker.
We reviewed the project team's DogeDashFarm, TokenReferral, TokenLocker, and Timelock contracts using code provided to us by the project team.
We previously reviewed the project team's token contract here.
Notes on Individual Contracts:
DogeDashFarm Contract:TokenReferral Contract:
- Anyone can use this contract to deposit tokens into various staking pools configured by the project team.
- Each pool has its own staking token, allocation weight, deposit fee of up to 4%, and harvest interval time up to 90 days determined by the project team.
- Users who participate in the staking pools will receive a reward amount proportional to the allocation weight assigned to the pool on each block; staking rewards are calculated and harvested on deposits and withdrawals.
- Staking rewards will not accrue after the end block number has passed.
- Staking rewards are locked in the contract until the harvest interval period has passed. Each time rewards are harvested, the harvest interval timer is reset.
- On deposits, users can specify a referrer address which can earn up an additional 10% on top of the user's staking rewards.
- Referral rewards are distributed along with staking rewards.
- Users can also trigger an emergency withdraw, which will transfer all the user's deposited staked tokens to their wallet address, without calculating rewards.
- The owner must use the addBalance() function to transfer reward tokens to the contract and specify the end block for these rewards. This is required in order to determine the amount of available tokens. Otherwise, rewards will be discontinued.
- The owner can set the reward emission rate and the end block number at any time.
- The owner can set the dev address, the fee address, and the Token Referral contract address at any time.
- The owner can set the referral commission rate to any value up to 10% at any time.
- The owner can set the allocation points, the deposit fee, and the harvest interval time for any existing pool at any time.
- The owner can add pools for various tokens.
- The owner can withdraw any tokens erroneously sent to the contract at any time.
TokenLocker Contract:
- This contract is used by approved Operators to keep track of referrals and their earned commission over time.
- The owner is able grant or revoke Operator status to any address at any time.
- The owner is able to withdraw any BEP20 tokens erroneously sent to the contract at any time.
Timelock Contract:
- This contract contains a single function that allows only the owner to withdraw any tokens from the contract at any time.
General Notes Across All Contracts:
- This contract is used to enforce a delay period before a transaction is executed.
- The contract Admin and delay time are set upon deployment.
- The delay can be between 6 hours and 30 days.
- The Admin is able to queue a transaction which they cannot execute until the delay period has passed.
- After the delay period, the Admin must manually execute the transaction before the grace period of 14 days has passed.
- Ensure trust in the Admin as the Timelock contract will execute any arbitrary code the Admin desires.
- The Admin may cancel the transaction at any time.
- The Admin may set a new pending Admin address at any time. This address must then accept the Admin role.
- The Admin may set the delay to any value within the accepted range.
- We advise users who have invested in the project to set up email alerts for the Timelock contract's activity using Etherscan to stay up to date on any proposed admin activity.
- Excellent structuring of logic to allow for fee-on-transfer tokens to be used as staking tokens in the DogeDash Farm.
- The contracts utilize ReentrancyGuard to prevent against re-entrancy attacks in applicable functions.
- The team worked with us to implement changes related to gas optimization.
- The contracts utilize the SafeMath library to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have notable control in the ecosystem.
- Date: November 20th, 2021.
- Updated: November 22th, 2021 to cover logic related to an end block number for the staking contract.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
DogeDash Farm Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] ITokenReferral
- [Ext] recordReferral #
- [Ext] recordReferralCommission #
- [Ext] getReferrer
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ReentrancyGuard
- [Int] #
+ DogeDashFarm (Ownable, ReentrancyGuard)
- [Pub] #
- [Ext] poolLength
- [Pub] add #
- modifiers: onlyOwner
- [Pub] set #
- modifiers: onlyOwner
- [Pub] getMultiplier
- [Ext] pendingToken
- [Pub] canHarvest
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Pub] deposit #
- modifiers: nonReentrant
- [Pub] withdraw #
- modifiers: nonReentrant
- [Pub] emergencyWithdraw #
- modifiers: nonReentrant
- [Int] payOrLockupPendingToken #
- [Pub] setDevAddress #
- [Pub] setFeeAddress #
- [Pub] updateEmissionRate #
- modifiers: onlyOwner
- [Pub] setTokenReferral #
- modifiers: onlyOwner
- [Pub] setReferralCommissionRate #
- modifiers: onlyOwner
- [Int] payReferralCommission #
- [Pub] addBalance #
- modifiers: onlyOwner
- [Int] mint #
- [Int] safeTokenTransfer #
- [Pub] getBlock Token Referral Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] ITokenReferral
- [Ext] recordReferral #
- [Ext] recordReferralCommission #
- [Ext] getReferrer
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ TokenReferral (ITokenReferral, Ownable)
- [Pub] recordReferral #
- modifiers: onlyOperator
- [Pub] recordReferralCommission #
- modifiers: onlyOperator
- [Pub] getReferrer
- [Ext] updateOperator #
- modifiers: onlyOwner
- [Ext] drainBEP20Token #
- modifiers: onlyOwner Token Locker Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ TokenLocker (Ownable)
- [Pub] unlock #
- modifiers: onlyOwner TimeLock Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Timelock
- [Pub] #
- [Ext] ($)
- [Pub] setDelay #
- [Pub] acceptAdmin #
- [Pub] setPendingAdmin #
- [Pub] queueTransaction #
- [Pub] cancelTransaction #
- [Pub] executeTransaction ($)
- [Int] getBlockTimestamp