Eleven Finance - Smart Contract Audit Report Summary
Eleven Finance has built a high APY vault ecosystem on Binance Smart Chain. For this audit, we analyzed the following contracts provided to us by the project team. Source code for each is available below.
addStrat.sol bigfoot.sol bigfootConfig.sol liqStrat.sol oracle.sol Please note we have not reviewed the project's token or vaults. They were, however, reviewed by
WarOnRugs here.
Notes of the Contracts:Users can add liquidity via this contract to have them deposited into the farm and earn rewards. Users can reinvest their earnings into the farm via calling the harvest() function. Users can check their position's health (risk of liquiditation) at any time via a view function in the contract. There are some fees associated with usage of the platform - 0.625% is sent to the Eleven rewards pool, 0.25% is allocated to callers as a gas stipend, and 0.25% goes to the team's treasury. The owner has the ability to update fee rates up to a limited amount, set the strategy contracts used, and can recover any tokens erroneously sent to the bigfoot contract at any time. The bigfootConfig contract holds variables used in calculating users debt and rewards. The team can update the variables in the contract, as well as the oracle contract address used, at any time. The strategy contracts allow the owner to set the tokens that are whitelisted on the platform and handle the execution of liquidations, which can be called by any user. Users who liquidate vulnerable positions shall recieve a reward for doing so in BNB. The owner can also recover tokens erroneously sent to the strategy contracts. The oracle contract is used for the reporting of off-chain data, which can only be provided by the contract's owner. The oracle contract will store sent data on-chain and make it callable by any user. There is no on-chain way to request data. Data can only be pushed by the team from off-chain. As the team is the owner, users must trust that the team will provide honest data. The team is also actively exploring other oracle solutions such as Chainlink to reduce the trust required in the team. Reentrancyguard, SafeMath, and Safe Transfers are properly used across the platform. Some functions could be declared external, and some variables constant, to save a small amount of gas. Audit Findings: No security vulnerabilities from external actors were identified. Ensure trust in the team as they have significant control in the ecosystem. Date: April 11th, 2021 External Threat Results Vulnerability Category Notes Result Arbitrary Storage Write N/A PASS Arbitrary Jump N/A PASS Delegate Call to Untrusted Contract N/A PASS Dependence on Predictable Variables N/A PASS Deprecated Opcodes N/A PASS Economic Issues N/A PASS Ether Thief N/A PASS Exceptions N/A PASS External Calls N/A PASS Integer Over/Underflow N/A PASS Multiple Sends N/A PASS Suicide N/A PASS State Change External Calls N/A Pass Unchecked Retval N/A PASS User Supplied Assertion N/A PASS Critical Solidity Compiler N/A PASS Overall Contract Safety PASS
Click on each of the dropdowns below to see visualizations of the contract and access source code.
Details: addStrat.sol Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] ERC20Interface
- [Ext] balanceOf
+ [Int] IUniswapV2Router02
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Ownable
- [Int] #
- [Pub] owner
- [Pub] isOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ ReentrancyGuard
- [Int] #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
+ [Int] Strategy
- [Ext] execute ($)
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Lib] Math
- [Int] min
- [Int] sqrt
+ [Lib] SafeToken
- [Int] myBalance
- [Int] balanceOf
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferBNB #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] VaultInterface
- [Ext] getPricePerFullShare
- [Ext] depositAll #
- [Ext] deposit #
- [Ext] withdrawAll #
- [Ext] withdraw #
+ StrategyAllBNBOnly (Ownable, ReentrancyGuard, Strategy)
- [Pub] #
- [Ext] setWhitelistTokens #
- modifiers: onlyOwner
- [Ext] execute ($)
- modifiers: nonReentrant
- [Ext] recover #
- modifiers: onlyOwner,nonReentrant
- [Ext] ($)
Source Code Click here to download the source code as a .sol file.
Details: bigfoot.sol Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] ERC20Interface
- [Ext] balanceOf
+ [Int] Bigfoot
- [Ext] work ($)
- [Ext] reinvest #
- [Ext] health
- [Ext] liquidate #
+ [Int] IUniswapV2Router02
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Ownable
- [Int] #
- [Pub] owner
- [Pub] isOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ ReentrancyGuard
- [Int] #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
+ [Int] Strategy
- [Ext] execute ($)
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] BurnInterface
- [Ext] burn #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ IMasterChef
- [Ext] deposit #
- [Ext] withdraw #
+ [Lib] SafeToken
- [Int] myBalance
- [Int] balanceOf
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferBNB #
+ [Int] VaultInterface
- [Ext] getPricePerFullShare
- [Ext] depositAll #
- [Ext] deposit #
- [Ext] token
- [Ext] transfer #
+ [Lib] Math
- [Int] min
- [Int] sqrt
+ PancakeswapPool1Bigfoot (Ownable, ReentrancyGuard, Bigfoot)
- [Pub] changeBpsOnHarvest #
- modifiers: onlyOwner
- [Pub] addFeeWeight #
- modifiers: onlyOwner
- [Pub] removeFeeWeight #
- modifiers: onlyOwner
- [Pub] #
- [Pub] shareToBalance
- [Pub] balanceToShare
- [Pub] lpToBalance
- [Pub] balanceToLp
- [Int] chargeFees #
- [Int] addLiquidity #
- [Pub] harvest #
- modifiers: onlyEOA,nonReentrant
- [Ext] work ($)
- modifiers: onlyOperator,nonReentrant
- [Pub] getMktSellAmount
- [Ext] health
- [Ext] liquidate #
- modifiers: onlyOperator,nonReentrant
- [Int] _addShare #
- [Int] _removeShare #
- [Ext] recover #
- modifiers: onlyOwner,nonReentrant
- [Ext] setStrategyOk #
- modifiers: onlyOwner
- [Ext] ($)
Source Code Click here to download the source code as a .sol file.
Details: bigfootConfig.sol Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] ERC20Interface
- [Ext] balanceOf
+ [Int] GoblinConfig
- [Ext] acceptDebt
- [Ext] workFactor
- [Ext] killFactor
+ Ownable
- [Int] #
- [Pub] owner
- [Pub] isOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
+ [Int] PriceOracle
- [Ext] getPrice
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IPancakeswapGoblin
- [Ext] lpToken
+ [Lib] SafeToken
- [Int] myBalance
- [Int] balanceOf
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferBNB #
+ PancakeswapGoblinConfig (Ownable, GoblinConfig)
- [Pub] #
- [Ext] setOracle #
- modifiers: onlyOwner
- [Ext] setConfigs #
- modifiers: onlyOwner
- [Pub] isStable
- [Ext] acceptDebt
- [Ext] workFactor
- [Ext] killFactor
Source Code Click here to download the source code as a .sol file.
Details: liqStrat.sol Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] ERC20Interface
- [Ext] balanceOf
+ [Int] IUniswapV2Router02
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Ownable
- [Int] #
- [Pub] owner
- [Pub] isOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ ReentrancyGuard
- [Int] #
+ [Int] Strategy
- [Ext] execute ($)
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Lib] SafeToken
- [Int] myBalance
- [Int] balanceOf
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferBNB #
+ [Int] VaultInterface
- [Ext] getPricePerFullShare
- [Ext] depositAll #
- [Ext] deposit #
- [Ext] withdrawAll #
- [Ext] withdraw #
+ StrategyLiquidate (Ownable, ReentrancyGuard, Strategy)
- [Pub] #
- [Ext] setWhitelistTokens #
- modifiers: onlyOwner
- [Ext] execute ($)
- modifiers: nonReentrant
- [Ext] recover #
- modifiers: onlyOwner,nonReentrant
- [Ext] ($)
Source Code Click here to download the source code as a .sol file.
Details: oracle.sol Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Ownable
- [Int] #
- [Pub] owner
- [Pub] isOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] PriceOracle
- [Ext] getPrice
+ SimplePriceOracle (Ownable, PriceOracle)
- [Ext] setPrices #
- modifiers: onlyOwner
- [Ext] getPrice
Source Code Click here to download the source code as a .sol file.