Meliora Finance - Smart Contract Audit Report

Summary

Meliora Finance Meliora Finance intends to build a multichain, trust-less, permission-less, and secure wallet & decentralized swap ecosystem.

We reviewed Meliora Finance's staking contract at commit c73681fe32bd3dd31fdddbf248bc281032957d32 on GitHub.
We also reviewed Meliora Finance's token contract at 0xb64cd4f56043f8d80691433e395d08b1bebdadf0.

    Notes on the Staking Contract:
  • Users can stake their Meliora tokens to earn additional Meliora as rewards.
  • The reward rate earned on staked funds depends on the amount of tokens staked as follows:
  • There are no rewards for staking under 2,000 tokens. The team should consider requiring at least this many tokens be staked.
  • Staking 2000-7000 tokens earns the staker 50% APY.
  • Staking 7,000-16,000 tokens earns the staker 70% APY.
  • Staking more than 16,000 tokens earns the staker 90% APY.

  • Staking rewards will last for 5 months. 24 hours after rewards end, anyone will be able to call BurnRemainingTokens() which burns all tokens in the contract that have yet to be allocated for rewards.
  • The team intends to provide 1 million tokens to the contract upon deployment to fund these rewards.
  • Defining _staker and _to as local variables is redundant when their definitions can be used in their place.
  • Some gas optimizations can be achieved through marking functions external instead of public.
  • Utilization of SafeMath throughout the platform to prevent overflow issues.

  • Notes on the Token Contract:
  • The total supply of the token is 5.5 million, delivered to the team upon deployment. Currently the team holds all of these tokens.
  • No further tokens can be minted, though tokens can be burned.
  • No ownership-related functions exist
  • The contract utilizes SafeMath to prevent overflows.
  • Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational.

Audit Findings Summary:
  • No security issues from external attackers were identified.
  • As with any presale, ensure trust in the team prior to investing.
  • KYC: Yes, by Pinpoint Capital.
  • Date: March 12th, 2021
  • Update Date: March 19th, 2021 - Incorporate changes and add analysis on token contract.

Combined Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS


Details: Staking Contract



Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  ERC20Burnable (Context, ERC20)
    - [Pub] burn #
    - [Pub] burnFrom #

 +  Moratoken (ERC20Burnable)
    - [Pub]  #
       - modifiers: ERC20

 +  MoraStaking 
    - [Pub]  #
       - modifiers: nonZeroAddress
    - [Ext] Stake #
    - [Ext] UnstakeAndClaim #
    - [Ext] BurnRemainingTokens #
    - [Ext] MyStakes
    - [Ext] TotalActiveStakes
    - [Ext] TotalActiveStakeAmount
    - [Ext] TotalDistributedReward
    - [Ext] RemainingTokens

							

Source Code

Click here to download the source code as a .sol file.

Details: Token Contract



Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  ERC20Burnable (Context, ERC20)
    - [Pub] burn #
    - [Pub] burnFrom #

 +  Mora (ERC20Burnable)
    - [Pub]  #
       - modifiers: ERC20
							

Source Code

Click here to download the source code as a .sol file.