PolyDuff - Smart Contract Audit Report
Summary
PolySa Finance is building a new yield farming platform on Polygon.
Notes on the Contracts:The current total supply of the PolyDuff token is 1,000 Duff tokens. More tokens can be minted by the owner of the token contract at any time. The owner of the token contract has been properly set to the MasterChef staking contract for the provision of staking rewards. Currently, 36% of the token's supply is held in the MasterChef contract. 33% of the supply is held in the liquidity pool. Liquidity is not locked as it is primarily being provided by users staking LP tokens in the MasterChef contract. The team holds 9.9% of the supply unlocked. 7.5% of the token's supply has been burned. The next largest holder has 1.5%. There is a 1% burn on each transfer of the token. There is also a maximum number of tokens which can be sent in a single transaction, presently set to the total supply and updateable by the team. The owner of the contact can use a specialized function to transfer tokens and not incur any fees or restrictions. The token is designed to be a governance token where 1 token = 1 vote. Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature. Users can stake various tokens in this contract to earn rewards in the form of the project's native PolyDuff token. There is a fee associated with making a deposit to the contract, set by the team upon adding the pool. The fee is directed to the team and its percentage can be updated at any time. Users can claim their rewards automatically upon unstaking, or they can manually claim them every time period as determined by the team. The team will also be allocated some tokens when rewards are claimed, though these team tokens do not reduce a user's rewards. Rewards are funded via the minting of tokens. Rewards will end when the supply cap of 2.5 million tokens is reached. Users can also earn further token rewards by refering others to deposit into the contract. Referral logic is held in a separate contract. The developers will be minted some tokens from rewards to incentivize further development. The team must be careful not to add the same token twice for staking, and to avoid the use of fee-on-transfer tokens. Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational. Utilization of SafeMath (or similarily safe functions) to prevent overflows; and usage of ReentrancyGuard to prevent reentrancy via ERC777-compliant tokens.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have notable control in the ecosystem.
- Date: June 18th, 2021
Combined External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: Duff Token
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ERC20 (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ DuffToken (ERC20)
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] #
- modifiers: ERC20
- [Pub] maxTransferAmount
- [Pub] updateMaxTransferAmountRate #
- modifiers: onlyOperator
- [Pub] isExcludedFromAntiWhale
- [Pub] setExcludedFromAntiWhale #
- modifiers: onlyOperator
- [Int] _transfer #
- modifiers: antiWhale
- [Pub] transferOperator #
- modifiers: onlyOperator
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId Details: MasterChef Staking
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ ReentrancyGuard
- [Int] #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ERC20 (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ DuffToken (ERC20)
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] #
- modifiers: ERC20
- [Pub] maxTransferAmount
- [Pub] updateMaxTransferAmountRate #
- modifiers: onlyOperator
- [Pub] isExcludedFromAntiWhale
- [Pub] setExcludedFromAntiWhale #
- modifiers: onlyOperator
- [Int] _transfer #
- modifiers: antiWhale
- [Pub] transferOperator #
- modifiers: onlyOperator
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] IReferral
- [Ext] recordReferral #
- [Ext] getReferrer
+ MasterChef (Ownable, ReentrancyGuard)
- [Pub] #
- [Ext] poolLength
- [Ext] getPoolIdForLpToken
- [Ext] add #
- modifiers: onlyOwner,nonDuplicated
- [Ext] set #
- modifiers: onlyOwner
- [Pub] getMultiplier
- [Ext] pendingDuff
- [Pub] canHarvest
- [Pub] getHarvestUntil
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Pub] deposit #
- modifiers: nonReentrant
- [Pub] withdraw #
- modifiers: nonReentrant
- [Int] payOrLockupPendingDUFF #
- [Pub] emergencyWithdraw #
- modifiers: nonReentrant
- [Int] safeDuffTransfer #
- [Ext] setDevAddress #
- modifiers: onlyOwner
- [Ext] setFeeAddress #
- modifiers: onlyOwner
- [Ext] setVaultAddress #
- modifiers: onlyOwner
- [Ext] updateEmissionRate #
- modifiers: onlyOwner
- [Ext] setReferralAddress #
- modifiers: onlyOwner
- [Ext] setReferralCommissionRate #
- modifiers: onlyOwner
- [Int] payReferralCommission #
- [Ext] updateStartBlock #
- modifiers: onlyOwner
- [Ext] updateVaultDepositShare #
- modifiers: onlyOwner