GoldFarm - Smart Contract Audit Report

Summary

GoldFarm Audit Report GoldFarm is building a new yield farming platform.

For this audit, we analyzed the project's GOLD token contract and their GoldFarmFAAS staking contract. We reviewed the team's code at the following addresses on the Binance Smart Chain mainnet:

GOLD Token: 0xd0f653ad03ca32a792abfa6d6711cdf1311e5d9d

GoldFarmFAAS Staking: 0xb97591b3a5a7017a8e92e24f75eb28106dd94f0a

Notes on the Contracts:
The GOLD token is designed to be a governance token where 1 token = 1 vote.
Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.
The total supply of the token is 500,000.
While the contract includes a mint function, the cap has been reached so no further tokens can be minted.

~30% of the token's supply is in a "stake$GOLD" not reviewed by our team.
9.3% of the token's supply is in the GoldFarmFAAS staking contract.
The team holds 9.4% of the token's supply in the deployer's wallet.
8.6% of the token's supply is in the Pancakeswap pair. 50% of liquidity is unlocked and claimable by the team at any time. The other 50% of liqudity is locked for 5 months. We advise re-locking the unlocked liquidity.
The next largest holder has 5.8% of the token's supply.

Users can stake GOLD tokens into the GoldFarmFAAS staking contract into order to earn further Tardigrades Finance tokens in addition to GOLD tokens. We have not reviewed the Tardigrades tokens contract.
There is a fee associated with making a deposit to the contract, set by the team.
1% of the tokens deposited into the contract shall be sent to the project team as a developer's fee.
The contract is designed to allow the owner, some time after rewards have ended, to transfer any leftover tokens out of the farm. The logic is not properly implemented though, allowing the team to withdraw user's staked funds at any time.
The reward distributor, an address set by the team, can provide additional rewards to update reward rates and extend the length of the farm's rewards period.
Contracts are not allowed to use the farm, and ReentrancyGuard is used, preventing reentrancy issues.
Some logic can be streamlined to save on gas; but as this is already deployed, those informational details are omitted here.
Some gas optimizations can be achieved through marking functions external instead of public and declaring some variables constant. As this contract are already deployed, this is informational.
Utilization of SafeMath across all contracts to prevent overflows.

Audit Findings Summary:
No security issues from outside attackers were identified.
Ownership was renounced so the bug allowing the owner to take user's funds has been resolved.
Date: April 23rd, 2021
Update Date: April 28th, 2021 - Renouncing of Ownership

Combined External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Details: GOLD Token

Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  ERC20Capped (ERC20)
    - [Int]  #
    - [Pub] cap
    - [Int] _beforeTokenTransfer #

 +  GOLDFARM (ERC20Capped, Ownable)
    - [Pub]  #
       - modifiers: ERC20,ERC20Capped
    - [Pub] burn #
    - [Pub] burnFrom #
    - [Ext] mint #
       - modifiers: onlyOwner
    - [Pub] transfer #
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

Details: GoldFarmFAAS Staking

Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] Math 
    - [Int] max
    - [Int] min
    - [Int] average

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod
    - [Int] ceil

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 +  ReentrancyGuard 
    - [Pub]  #

 +  IRewardDistributionRecipient (Ownable)
    - [Int] setRewardDistributionAdmin #
    - [Pub] updateRewardDistributionAdmin #
       - modifiers: onlyOwner

 +  GoldFarmFAAS (IRewardDistributionRecipient, ReentrancyGuard)
    - [Pub]  #
    - [Pub] setdevAddy #
       - modifiers: onlyOwner
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Ext] recoverLostTokensAfterFarmExpired #
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Pub] lastTimeRewardApplicable
    - [Pub] lastTimeRewardApplicable1
    - [Pub] rewardPerToken
    - [Pub] rewardPerToken1
    - [Pub] earned
    - [Pub] earned1
    - [Pub] isStakeholder
    - [Pub] addStakeholder #
    - [Ext] farm #
       - modifiers: updateReward,noContract,nonReentrant
    - [Pub] withdraw #
       - modifiers: updateReward,noContract,nonReentrant
    - [Ext] exit #
    - [Pub] getReward #
       - modifiers: updateReward,noContract
    - [Pub] getReward1 #
       - modifiers: updateReward1,noContract
    - [Pub] setFarmRewards #
       - modifiers: onlyRewardDistribution,nonReentrant,updateReward
    - [Pub] setFarmRewards1 #
       - modifiers: onlyRewardDistribution,nonReentrant,updateReward1
    - [Pub] ClaimAllRewards #
    - [Pub] getAllUnclaimed
    - [Prv] onePercent
    - [Pub] ClaimLPReward #

Go Home