LiftKitchen - Smart Contract Audit Report

Summary

LiftKitchen is building a decentralized DAO incubator.

For this audit, we reviewed LiftKitchen's Seigniorage contracts at the addresses below on the Ethereum Mainnet:

Notes on the Contracts:

• Users can stake their Sushiswap LIFT/LFBTC and WBTC/LFBTC LP tokens in these contract to earn rewards in Lift Kitchen tokens.
• The contract supporting WBTC/LFBTC has a 30-day lockup period for stakers, while the LIFT/LFBTC has an optional lockup period.
• The contract for staking LIFT/LFBTC LP tokens has multiple reward rates, while the contract for WBTC/LFBTC has one set reward rate.
• Rewards for staking LIFT/LFBTC LP tokens are can be subject to a lockup term and multiplier if a user desires.
• For this contract users recieve the following reward rates for each associated lockup period: 2x - 30 days, 3x - 60 days, 4x - 90 days, 5x - 120 days.
• When a user withdraws from the contract their rewards will automatically be claimed.
• Users can also stake their rewards to the 'boardroom', forwarding their unclaimed reward tokens there. We have not reviewed the boardroom contract.


• The team must provide the reward tokens to the contract using the notifyReward() function. The team can extend the rewards duration by providng more tokens using this function as well.
• The owner of the contract can withdraw reward tokens and other tokens erroneously sent to the contract. Staked LP tokens can not be withdrawn by the team.
• SafeMath is utilized in most areas to prevent overflow issues. It is not used in some areas, but no opportunity for overflows were identified.

Audit Findings Summary

• No security issues from external attackers were identified.
• Ensure trust in the team as they have some control in the ecosystem.
• Date: May 19th, 2021

External Threat Results

($) = payable function
# = non-constant function

Int = Internal
Ext = External
Pub = Public

 + [Lib] Math 
    - [Int] max
    - [Int] min
    - [Int] average

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  IRewardDistributionRecipient (Ownable)
    - [Ext] notifyRewardAmount #
    - [Ext] setRewardDistribution #
       - modifiers: onlyOwner

 + [Int] IBoardroom 
    - [Ext] allocateSeigniorage #
    - [Ext] stakeShareForThirdParty #
    - [Ext] stakeControlForThirdParty #

 + [Int] IBasisAsset 
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] burnFrom #
    - [Ext] isOperator #
    - [Ext] operator

 +  Operator (Context, Ownable)
    - [Pub]  #
    - [Pub] operator
    - [Pub] isOperator
    - [Pub] transferOperator #
       - modifiers: onlyOwner
    - [Int] _transferOperator #

 +  LPTokenWrapper 
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Int] stake #
    - [Pub] withdraw #

 +  lfBTCLIFTLPTokenSharePool (LPTokenWrapper, IRewardDistributionRecipient, Operator)
    - [Pub]  #
    - [Pub] lastTimeRewardApplicable
    - [Ext] daysElapsed
    - [Pub] rewardPerToken
    - [Pub] earned
    - [Pub] stake #
       - modifiers: updateReward
    - [Ext] stakeLP #
       - modifiers: updateReward
    - [Pub] withdraw #
       - modifiers: updateReward
    - [Ext] exit #
    - [Pub] stakeInBoardroom #
       - modifiers: updateReward
    - [Ext] notifyRewardAmount #
       - modifiers: onlyRewardDistribution,updateReward
    - [Ext] burnRewards #
       - modifiers: onlyOwner
    - [Ext] updateBoardroom #
       - modifiers: onlyOwner
    - [Pub] cleanUpDust #
       - modifiers: onlyOperator
    - [Pub] updateStakingToken #
       - modifiers: onlyOperator

($) = payable function
# = non-constant function

Int = Internal
Ext = External
Pub = Public

 + [Lib] Math 
    - [Int] max
    - [Int] min
    - [Int] average

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  IRewardDistributionRecipient (Ownable)
    - [Ext] notifyRewardAmount #
    - [Ext] setRewardDistribution #
       - modifiers: onlyOwner

 + [Int] IBoardroom 
    - [Ext] allocateSeigniorage #
    - [Ext] stakeShareForThirdParty #
    - [Ext] stakeControlForThirdParty #

 + [Int] IBasisAsset 
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] burnFrom #
    - [Ext] isOperator #
    - [Ext] operator

 +  LPTokenWrapper 
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Int] stake #
    - [Pub] withdraw #

 +  Operator (Context, Ownable)
    - [Pub]  #
    - [Pub] operator
    - [Pub] isOperator
    - [Pub] transferOperator #
       - modifiers: onlyOwner
    - [Int] _transferOperator #

 +  wBTClfBTCLPTokenSharePool (LPTokenWrapper, IRewardDistributionRecipient, Operator)
    - [Pub]  #
    - [Pub] lastTimeRewardApplicable
    - [Ext] daysElapsed
    - [Pub] rewardPerToken
    - [Pub] earned
    - [Pub] stake #
       - modifiers: updateReward
    - [Ext] stakeLP #
       - modifiers: updateReward
    - [Pub] withdraw #
       - modifiers: updateReward
    - [Ext] exit #
    - [Pub] stakeInBoardroom #
       - modifiers: updateReward
    - [Ext] notifyRewardAmount #
       - modifiers: onlyRewardDistribution,updateReward
    - [Ext] burnRewards #
       - modifiers: onlyOwner
    - [Ext] updateBoardroom #
       - modifiers: onlyOwner
    - [Pub] cleanUpDust #
       - modifiers: onlyOperator
    - [Pub] updateStakingToken #
       - modifiers: onlyOperator

• Go Home