Muito Finance
Smart Contract Audit Report
Audit Summary
Muito Finance is building a new ERC-20 token and farming platform where users can initiate deposits and earn rewards.
For this audit, we reviewed the project team's MuitoV2Farm, Token, and Vault contracts at commit ded03768b0db9a7d469f241d28d96d4fbd5a6dab on the team's GitHub repository.
Audit Findings
An Informational finding was identified and the team may want to review it. In addition, some centralized aspects are present.
Date: February 12th, 2024.
Updated: February 28th, 2024 to reflect updates made to the contract that resolves Findings #1 - #3.Finding #1 - Vault - High (Resolved)
Description: When a deposit is made while the Strategy contract address is set toaddress(0), the tokens are stored in the Vault contract. However, if the Strategy contract address is later set and a withdrawal is initiated by the same user, the funds are withdrawn from the Strategy contract instead of the Vault contract, where the original deposit was made.
Risk/Impact: Withdrawals will be funded through other users' deposits in the Strategy contract or, if the token balance in the Strategy contract is insufficient, the transaction will revert.
Recommendation: The team should either prohibit deposits while the Strategy contract is not set or, after the Strategy contract has been set, transfer the entire asset token balance of the Vault to the Strategy contract ensuring that all subsequent withdrawals are funded by the Strategy contract.
Resolution: The team has implemented logic to transfer the entire asset token balance and ETH balance of the Vault to the Strategy contract when the Strategy contract is set.
Finding #2 - Vault - Medium (Resolved)
Description: In the withdraw() function, the tokens collected through the withdraw fee are deducted from the withdraw amount and remain in either the Vault contract or Strategy contract. There is no mechanism for withdrawing these tokens.
Risk/Impact: The tokens deducted through the withdraw fee will either be locked in the Vault contract or, if the Strategy contract is set, in the Strategy contract.
Recommendation: The team should either transfer the tokens deducted through the withdraw fee to an address set by the team in the withdraw() function, or introduce logic that tracks the amount of tokens accrued from fees. Additionally, a function should be implemented in the Vault contract and Strategy contract to enable the team to withdraw only those tokens collected as fees.
Resolution: The team has implemented logic to transfer the withdraw fee to a wallet controlled by the team.
Finding #3 - Vault - Informational (Resolved)
Description: TheuserListarray is not utilized in the contract.
Recommendation: The team should either remove theuserListarray and the getVaultUserList() function to reduce contract size and deployment costs or utilize them in a way that fits their intended functionality.
Resolution: The team has implemented logic to add each user that deposits tokens to theuserListarray.
Finding #4 - MuitoV2Farm & Vault - Informational
Description: Although the SafeMath library is utilized, the contract is implemented with Solidity v0.8.x which has built-in overflow checks.
Recommendation: SafeMath could be safely removed to reduce contract size, deployment costs, and gas costs on all transactions that utilize it.
Contracts Overview
Token Contract:MuitoV2Farm Contract:
- The total supply of the token is set to 100 million [100,000,000].
- No mint or burn functions are accessible though the circulating supply can be decreased by sending tokens to the 0x..dead address.
- The contract complies with the ERC-20 token standard.
Vault Contract:
- Any user can use this contract to initiate deposits into a staking pool to earn rewards.
- The team will set the Reward token address and WMNT address upon initialization. A new wmntHelper contract is created in the process.
- The owner can add a new pool at any time by specifying the number of allocation points to assign to the pool, staking token, performance fee, withdraw fee, vault address, and whether or not the staking token is a native currency.
- The team must exercise caution when assigning the staking token to avoid using a fee-on-transfer token. If a fee-on-transfer token is used, this contract must be exempt from the token's fee mechanism.
- Any user can initiate a deposit by specifying a Pool ID and an amount of the pool's staking token to deposit.
- If the caller has previously deposited tokens, any pending rewards are automatically calculated and transferred from the contract to their wallet address. The pool's performance fee is deducted from the user's pending rewards and remains in the contract.
- The specified number of tokens are transferred from the caller to the contract. The caller must grant this contract a sufficient allowance in order for the transaction to successfully occur.
- If the pool's staking token is set to WMNT and a token amount is specified, the WMNT amount is initially transferred from the user to the contract, and subsequently to the wmntHelper contract. The MNT is then extracted from the wmntHelper contract.
- Any provided MNT is added to the specified WMNT deposit amount.
- If the pool's staking token is not set to WMNT, the deposit amount is first transferred to this contract.
- The user's deposit amount is deposited into the pool's associated Vault contract.
- Any user that has previously initiated a deposit can specify a Pool ID and an amount to withdraw at any time.
- Any pending rewards are automatically calculated and transferred from the contract to their wallet address.
- A withdrawal is executed in the pool's associated Vault contract for the specified amount. The pool's withdraw fee is applied.
- Any user can specify Pool ID and user's address to harvest rewards on behalf of at any time. Any pending rewards are transferred from the contract to the specified user's wallet address.
- The owner can set the tokens per block rate to any value at any time. If set to zero, all deposits and withdrawals are prohibited from occurring.
- The owner can set the start time to any value one time.
- After the start time has been set, the owner can set the bonus end time to any value after the start time.
- If the start time has not yet been set, the owner can elect to start the mining process by specifying the tokens per block rate. The start time is set to the current timestamp of the transaction and the bonus end time is set to 60 days in the future.
- The owner can update the WMNT address referenced in the contract at any time.
- The owner can update the Reward token address at any time.
- The owner can set the total allocation points to any value at any time.
- The owner can update the allocation points, performance fee, withdraw fee, and vault address associated with an existing pool at any time.
- The owner can update an existing pool's staking token at any time.
- The contract utilizes ReentrancyGuard to prevent reentrancy attacks in applicable functions.
- The MainChef address can finalize a deposit by specifying the user's address and deposit amount.
- If the contract's Assets address is set to WETH, the user's total deposit amount is updated and a deposit native transaction is initiated in the Strategy contract if the Strategy contract address is set. The Strategy contract was not in scope for this audit so our team is unable to provide an assessment with regard to its security.
- If the contract's Assets address is not set to WETH, the specified number of tokens are transferred from the MainChef contract to this contract and the user's total deposit amount is updated. A deposit transaction is initiated in the Strategy contract if the Strategy contract address is set.
- The MainChef address can finalize a withdrawal by specifying the user's address, withdraw amount, and withdraw fee.
- The specified withdraw fee is deducted from the withdrawal amount and sent to an address set by the team.
- If the Assets address is set to WETH and the Strategy contract address is set, a withdraw native transaction is executed in the Strategy contract for the withdraw amount. If the Strategy contract address is not set, the amount of WETH is transferred from the contract to the user's address.
- If the Assets address is not set to WETH and the Strategy contract address is set, a withdraw transaction is executed in the Strategy contract for the withdraw amount. If the Strategy contract address is not set the, amount of WETH is transferred from the contract to the user's address. If the Strategy contract address is not set the amount of tokens are transferred from the contract to the user's address.
- The owner can set the Strategy address referenced in the contract to any address at any time. The entire asset token balance and ETH balance of the Vault is sent to the Strategy contract during the process.
- The owner can set the MainChef address referenced in the contract to any address at any time.
- The owner can set the WETH address referenced in the contract to any address at any time.
- The owner can set the Assets address referenced in the contract to any address at any time.
- The contract utilizes ReentrancyGuard to prevent reentrancy attacks in applicable functions.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Jump/Storage Write | N/A | PASS |
| Centralization of Control |
|
PASS |
| Compiler Issues | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Ether/Token Theft | N/A | PASS |
| Flash Loans | N/A | PASS |
| Front Running | N/A | PASS |
| Improper Events | N/A | PASS |
| Improper Authorization Scheme | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Oracle Issues | N/A | PASS |
| Outdated Compiler Version | N/A | PASS |
| Race Conditions | N/A | PASS |
| Reentrancy | N/A | PASS |
| Signature Issues | N/A | PASS |
| Sybil Attack | N/A | PASS |
| Unbounded Loops | N/A | PASS |
| Unused Code | N/A | PASS |
| Overall Contract Safety | PASS |
Token Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _spendAllowance #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ Token (Ownable, ERC20)
- [Pub] #
- modifiers: ERC20 MuitoV2Farm Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] AddressUpgradeable
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] verifyCallResultFromTarget
- [Int] verifyCallResult
- [Prv] _revert
+ Initializable
- [Int] _disableInitializers #
- [Int] _getInitializedVersion
- [Int] _isInitializing
+ ContextUpgradeable (Initializable)
- [Int] __Context_init #
- modifiers: onlyInitializing
- [Int] __Context_init_unchained #
- modifiers: onlyInitializing
- [Int] _msgSender
- [Int] _msgData
+ OwnableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Ownable_init #
- modifiers: onlyInitializing
- [Int] __Ownable_init_unchained #
- modifiers: onlyInitializing
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ ReentrancyGuardUpgradeable (Initializable)
- [Int] __ReentrancyGuard_init #
- modifiers: onlyInitializing
- [Int] __ReentrancyGuard_init_unchained #
- modifiers: onlyInitializing
- [Prv] _nonReentrantBefore #
- [Prv] _nonReentrantAfter #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Permit
- [Ext] permit #
- [Ext] nonces
- [Ext] DOMAIN_SEPARATOR
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResultFromTarget
- [Int] verifyCallResult
- [Prv] _revert
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Int] forceApprove #
- [Int] safePermit #
- [Prv] _callOptionalReturn #
- [Prv] _callOptionalReturnBool #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IMNTHelper
- [Ext] withdrawMnt #
+ MNTHelper
- [Ext] ($)
- [Pub] withdrawMnt #
+ [Lib] TransferHelper
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferMNT #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _spendAllowance #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ Token (Ownable, ERC20)
- [Pub] #
- modifiers: ERC20
+ [Int] IVault
- [Ext] deposit ($)
- [Ext] withdraw #
- [Ext] balance
+ MuitoV2Farm (Initializable, OwnableUpgradeable, ReentrancyGuardUpgradeable)
- [Ext] ($)
- [Pub] initialize #
- modifiers: initializer
- [Pub] setTokenPerBlock #
- modifiers: onlyOwner
- [Pub] setStartTimestamp #
- modifiers: onlyOwner
- [Pub] setBonusEndTime #
- modifiers: onlyOwner
- [Pub] setWmnt #
- modifiers: onlyOwner
- [Pub] setRewardToken #
- modifiers: onlyOwner
- [Pub] setTotalAllocPoint #
- modifiers: onlyOwner
- [Pub] getTotalUserRevenue
- [Pub] getUserInfo
- [Pub] getPoolInfo
- [Pub] getPoolLength
- [Pub] getPoolTvl
- [Pub] getPoolTotalTvl
- [Pub] startMining #
- modifiers: onlyOwner
- [Ext] addPool #
- modifiers: onlyOwner
- [Ext] setPool #
- modifiers: onlyOwner
- [Ext] setPoolAsset #
- modifiers: onlyOwner
- [Pub] updateMassPools #
- [Pub] updatePool #
- [Pub] pendingRewardToken
- [Pub] harvest #
- [Ext] deposit ($)
- modifiers: nonReentrant
- [Ext] withdraw #
- modifiers: nonReentrant
- [Int] checkDuplicatePool
- [Int] safeTokenTransfer #
- [Int] getMultiplier Vault Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Permit
- [Ext] permit #
- [Ext] nonces
- [Ext] DOMAIN_SEPARATOR
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResultFromTarget
- [Int] verifyCallResult
- [Prv] _revert
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Int] forceApprove #
- [Int] safePermit #
- [Prv] _callOptionalReturn #
- [Prv] _callOptionalReturnBool #
+ [Lib] AddressUpgradeable
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] verifyCallResultFromTarget
- [Int] verifyCallResult
- [Prv] _revert
+ Initializable
- [Int] _disableInitializers #
- [Int] _getInitializedVersion
- [Int] _isInitializing
+ ReentrancyGuardUpgradeable (Initializable)
- [Int] __ReentrancyGuard_init #
- modifiers: onlyInitializing
- [Int] __ReentrancyGuard_init_unchained #
- modifiers: onlyInitializing
- [Prv] _nonReentrantBefore #
- [Prv] _nonReentrantAfter #
+ ContextUpgradeable (Initializable)
- [Int] __Context_init #
- modifiers: onlyInitializing
- [Int] __Context_init_unchained #
- modifiers: onlyInitializing
- [Int] _msgSender
- [Int] _msgData
+ OwnableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Ownable_init #
- modifiers: onlyInitializing
- [Int] __Ownable_init_unchained #
- modifiers: onlyInitializing
- [Pub] owner
- [Int] _checkOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IStrategy
- [Ext] want
- [Ext] beforeDeposit #
- [Ext] deposit #
- [Ext] depositNative ($)
- [Ext] withdraw #
- [Ext] withdrawNative ($)
- [Ext] balanceOf
- [Ext] earn
- [Ext] claim #
+ [Lib] TransferHelper
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferMNT #
+ [Int] IVault
- [Ext] deposit ($)
- [Ext] withdraw #
- [Ext] balance
+ Vault (IVault, Initializable, OwnableUpgradeable, ReentrancyGuardUpgradeable)
- [Pub] initialize #
- modifiers: initializer
- [Ext] setStrategy #
- modifiers: onlyOwner
- [Ext] setMainChef #
- modifiers: onlyOwner
- [Ext] setWETH #
- modifiers: onlyOwner
- [Ext] setAssets #
- modifiers: onlyOwner
- [Pub] available
- [Pub] balance
- [Pub] getVaultUserList
- [Pub] deposit ($)
- modifiers: nonReentrant
- [Prv] _depositETH #
- [Prv] _deposit #
- [Pub] withdraw #
- modifiers: nonReentrant
- [Ext] ($)
About SourceHat
SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1800+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value!
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!
Contact us today to get a free quote for a smart contract audit of your project!
What is a SourceHat Audit?
Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.
How Do I Interpret the Findings?
Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:
- High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
- Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
- Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
- Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.