ReaperFarm Token & Farm - Smart Contract Audit Report
Summary
ReaperFarm intends to build a yield aggregator on Fantom's Opera network.
For this audit we reviewed the project's Vault contract Auto-Compounding contract, and Treasury contract. We reviewed the contracts at commit 4b2af85b83f17984cf43b7d7ef51e0b25a57b339 on Github.
Notes of the Contracts:Audit Findings Summary
- Users can stake various tokens into the Vault contract in order to earn rewards in the project's native token.
- User's deposited tokens will be forwarded to Strategy contract to earn yield while the user earns rewards.
- There are a 0.1% fee associated with making a deposit to or withdrawing from the contract.
- Funds held in the Strategy contract will then be forwarded for deposit into Pancakeswap farms for yield.
- Yield from deposits will be denominated in the deposit asset and is additional to a user's earned native token rewards.
- 4.5% of yield earned will be provided to the project's Treasury vault.
- The team will have access to the funds deposited into the treasury vault.
- The owner has the ability to pause deposits into the contract; withdrawal cannot be paused.
- The owner can initiate an upgrade of the strategy in use by the vault at any time. The delay to upgrade to a new strategy is set by the team upon deployment.
- In addition, the owner can update fees up to a maximum of 5%.
- The owner can also recover tokens erroneously sent to the contract. Staken tokens cannot be moved.
- Some functions could be declared external instead of public, and some variables could be set constant.
- ReentrancyGuard is used in relevant locations to prevent reentrancy attacks.
- Utilization of SafeMath (or similarily safe functions) to prevent overflow issues.
- No issues from external attackers were identified.
- Ensure trust in the team as they have some control in the ecosystem.
- Date: May 28th, 2021.
External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Details: ReaperFarm Vault Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ReentrancyGuard
- [Int] #
+ [Int] IStrategy
- [Ext] deposit #
- [Ext] withdraw #
- [Ext] balanceOf
- [Ext] harvest #
- [Ext] retireStrat #
- [Ext] panic #
- [Ext] pause #
- [Ext] unpause #
- [Ext] updateTotalFee #
- [Ext] updateCallFee #
- [Ext] updateTreasuryFee #
+ ReaperVault (ERC20, Ownable, ReentrancyGuard)
- [Pub] #
- modifiers: ERC20
- [Pub] initialize #
- modifiers: onlyOwner
- [Pub] agreeToTerms #
- [Pub] balance
- [Pub] available
- [Pub] getPricePerFullShare
- [Ext] depositAll #
- [Pub] deposit #
- modifiers: nonReentrant
- [Pub] earn #
- [Ext] withdrawAll #
- [Pub] withdraw #
- modifiers: nonReentrant
- [Pub] proposeStrat #
- modifiers: onlyOwner
- [Pub] upgradeStrat #
- modifiers: onlyOwner
- [Int] incrementDeposits #
- [Int] incrementWithdrawals #
- [Ext] inCaseTokensGetStuck #
- modifiers: onlyOwner
Details: ReaperFarm AutoCompound Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Pausable (Context)
- [Int] #
- [Pub] paused
- [Int] _pause #
- modifiers: whenNotPaused
- [Int] _unpause #
- modifiers: whenPaused
+ [Int] IUniswapRouterETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] swapExactTokensForTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapExactTokensForETH #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
+ [Int] IUniswapV2Pair
- [Ext] token0
- [Ext] token1
+ [Int] IMasterChef
- [Ext] poolLength
- [Ext] setBooPerSecond #
- [Ext] getMultiplier
- [Ext] pendingBOO
- [Ext] massUpdatePools #
- [Ext] updatePool #
- [Ext] deposit #
- [Ext] withdraw #
- [Ext] userInfo
- [Ext] emergencyWithdraw #
+ ReaperAutoCompoundBoo (Ownable, Pausable)
- [Pub] #
- [Pub] deposit #
- modifiers: whenNotPaused
- [Ext] withdraw #
- [Ext] harvest #
- modifiers: whenNotPaused
- [Int] chargeFees #
- [Int] addLiquidity #
- [Pub] balanceOf
- [Pub] balanceOfLpPair
- [Pub] balanceOfPool
- [Ext] retireStrat #
- [Pub] panic #
- modifiers: onlyOwner
- [Pub] pause #
- modifiers: onlyOwner
- [Ext] unpause #
- modifiers: onlyOwner
- [Int] giveAllowances #
- [Int] removeAllowances #
- [Ext] updateTotalFee #
- modifiers: onlyOwner
- [Ext] updateCallFee #
- modifiers: onlyOwner
- [Ext] updateTreasury #
- modifiers: onlyOwner
Details: ReaperFarm Treasury Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ ReaperTreasury (Ownable)
- [Pub] viewWithdrawal
- [Pub] markReviewed #
- [Ext] withdrawTokens #
- modifiers: onlyOwner
- [Ext] withdrawFTM #
- modifiers: onlyOwner
- [Pub] setAccountant #
- modifiers: onlyOwner
- [Ext] ($)