Elevate DeFi - Smart Contract Audit Report

Summary

Elevate DeFi is a project where the token charges every transaction with a fee and instantly redistributes it among all its token holders. This creates a mechanism that allows for token holders to frictionlessly receive rewards without having to interact with any other contracts.

For the audit, we reviewed Elevate's upcoming staking platform. Please note we have not reviewed the Elevate token contract in detail. The Elevate DeFi team directly provided us the contracts for this review. The code is intended to remain closed-source at least until the launch of the platform.

Notes on the Contracts:
• Users can stake their Elevate tokens to earn additional Elevate as rewards.
• The staking contract properly reflects the logic in the Elevate token contract to prevent any issues related to the token's fee-on-transfer mechanism.
• The team shall determine upon deployment variables related to the amount of rewards to be allocated over time.
• Rewards for user's stakes shall be pulled from a deployment of the reflectiveTreasury contract. The team must ensure this treasury contract is sufficiently funded.
• No ownership-restricted functions are present in the ReflectiveStake contract.
• In the ReflectiveTreasury contract, the owner can withdraw unclaimed funds and set the beneficiary of the treasury.
• SafeMath is utilized throughout the platform to prevent overflow issues.

Minor Recommendations:
• The addition of ReentrancyGuard to the staking contract is unnecessary. This implementation would only be needed if transacting with ETH, tokens with fallback functions (uncommon), or functions where users can pass arbitrary addresses that are called (which are not present in this contract or the ELE token). Therefore, we advise removing ReentrancyGuard as it results in an unneeded spend of users' gas.
• TokenPool.balance() can be declared external to potentially save gas.

Audit Findings Summary

• No security issues from external attackers were identified.
• Date: March 9th, 2021

Combined Audit Results

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  ReentrancyGuard 
    - [Int]  #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] ITREASURY 
    - [Ext] token
    - [Ext] fundsAvailable
    - [Ext] release #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  TokenPool (Ownable)
    - [Pub]  #
    - [Pub] balance
    - [Ext] transfer #
       - modifiers: onlyOwner

 +  ReflectiveStake (ReentrancyGuard)
    - [Pub]  #
    - [Pub] getStakingToken
    - [Ext] getDistributionToken
    - [Ext] stake #
       - modifiers: nonReentrant
    - [Int] _applyFee
    - [Ext] unstake #
       - modifiers: nonReentrant
    - [Ext] unstakeMax #
       - modifiers: nonReentrant
    - [Prv] _unstake #
    - [Prv] computeNewReward
    - [Ext] getUserStakes
    - [Ext] getUserTotals
    - [Pub] totalStakedFor
    - [Pub] totalStaked
    - [Ext] token
    - [Ext] treasuryTarget
    - [Prv] updateAccounting #
    - [Ext] isUnlocked
    - [Pub] totalPending
    - [Pub] totalUnlocked
    - [Ext] totalAvailable
    - [Pub] unlockTokens #
  
							

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  ReentrancyGuard 
    - [Int]  #

 +  ReflectiveTreasury (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] token
    - [Ext] beneficiary
    - [Ext] principle
    - [Pub] fundsAvailable
    - [Ext] deposit #
       - modifiers: nonReentrant
    - [Int] _applyFee
    - [Ext] withdraw #
       - modifiers: onlyOwner,nonReentrant
    - [Ext] setBeneficiary #
       - modifiers: onlyOwner
    - [Ext] release #
							

• Go Home