Unite Finance - Smart Contract Audit Report

Audit Summary

Unite Finance is releasing a new token pegged to 1 $ONE token to facilitate high levels of liquidity on the Harmony chain with multiple additional methods to earn rewards.

For this audit, we reviewed the following contracts on the Harmony Mainnet:

• Unite contract at 0xb4441013ea8aa3a9e35c5aca2b037e577948c59e.
• UShare contract at 0xd0105cff72a89f6ff0bd47e1209bf4bdfb9dea8a.
• UBond contract at 0x1d8a836a204228051e7e24e86469ca067dc052c5.
• UShareRewardPool contract at 0xe3f4e2936f0ac4104bd6a58bebd29e49437710fe.
• TaxOracle contract at 0x655020dfa0e30054cf47ccb7f7e4088e92c05b07.
• Treasury contract at 0xb5024ff84046459dd8474077e6072a05e34e82cd.
• Boardroom contract at 0x68beec29183464e2c80aa9b362db8b0c0eb826bd.
• Oracle contract at 0xb5bfd75e33e207738a62e6b6d6e8ab997edb51c6.

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: January 24th, 2022.

Contracts Overview

Unite Contract:

• $UNITE tokens are the native token of the Unite Finance platform.
• $UNITE tokens are intended to be pegged to the price of 1 $ONE token.
• Tokens are minted via the Treasury contract.
• Users may elect to burn their $UNITE tokens; the circulating supply can also be reduced by sending tokens to the 0x..dead address, if desired.
• There is an initial distribution of 40,000 tokens designated for a launch address and 20,000 tokens designated for an airdrop address.
• The contract deployer is given the Operator role and minted 1 token upon deployment.
• The Operator may distribute the designated token amounts to the launch and airdrop address only once after deployment.
• The Operator can withdraw any tokens from the contract at any time.

UShare Contract:

• USHARE tokens are used to help lower the $UNITE price when it is higher than the price of 1 $ONE token.
• Users may elect to burn their $USHARE tokens; the circulating supply can also be reduced by sending tokens to the 0x..dead address, if desired.
• $USHARE tokens are allocated to a Dev, Team, and Community fund and vest over the course of one year.
• A maximum of 10,000 tokens can be allocated to the Community fund, and 2,100 tokens each can be allocated to the Dev and Team fund.
• Claiming rewards will distribute all vested tokens to all 3 addresses at once.
• Additionally, 59,500 tokens are allocated to a Farming pool as rewards for stakers.
• The contract deployer is given the Operator role and minted 1 token upon deployment.
• The Operator may distribute those tokens to the Farming pool address only once after deployment.
• The Operator can withdraw any tokens from the contract at any time.

UBond Contract:

• $UBOND tokens are used to help raise the price of $UNITE tokens when it is lower than the price of 1 $ONE token.
• Users may elect to burn their $UBOND tokens; the circulating supply can also be reduced by sending tokens to the 0x..dead address, if desired.
• The contract deployer is given the Operator role upon deployment.
• The Operator may mint any number of tokens to any recipient at any time.

Treasury Contract:

• The Treasury is used to incentivize users and maintain $UNITE's value to be within a tolerance of 1 $ONE token's value.
• The Treasury also serves as a valid Operator for all other contracts.
• During expansionary periods (when $UNITE is worth more than 1 ONE token), the treasury will mint $UNITE tokens to increase the circulating supply and lower the price.
• A DAO, Dev, and Team percentage are taken from the minted $UNITE and transferred to a corresponding wallet controlled by the team.
• The remaining $UNITE is sent to the BoardRoom contract to be distributed as rewards to $USHARE stakers.
• During contractionary periods (when $UNITE is worth less than 1 ONE token), $UBONDS are used to raise the price.
• Users may buy $UBONDS from the Treasury during any contractionary period with a potential discount.
• The discount is based on the "discount" percentage and the ratio of the $UNITE price and the $ONE price.
• Users' $UNITE tokens are burned when purchasing bonds to lower the circulating supply and increase the price.
• Once the $UNITE price has risen to a value that is at least the price of 1 $ONE token, users may redeem the $UBONDS back for the original $UNITE value with an added reward to incentivize the purchase of $UBONDs during contractionary periods.
• The $UNITE reward is similarly based upon a "premium" percentage and the difference between the $UNITE price and the $ONE price.
• When redeeming $UBONDs, the $UBONDs will be burned and the user will be minted the relative amount of $UNITE tokens in return.
• The contract deployer is given the Operator role upon deployment.
• The Operator may update the BoardRoom, Pricing Oracle, and its own address at any time.
• The Operator may adjust the Dev, DAO, and Team fee distribution percentages up to 30%, 5%, and 5% respectively, at any time.
• The owner may update the maximum discount and premium percentage at any time.
• The Operator may withdraw any token that is not a $UNITE, $UBOND, or $USHARE token at any time.
• The Operator may set the $UNITE price ceiling up to 120% of the $ONE price at any time.

BoardRoom Contract:

• Any user may use this contract to stake their $USHARE tokens in order to receive rewards in $UNITE tokens.
• Users will receive a reward amount during each emissions period proportional to the amount staked.
• Emissions are sent from the Treasury contract when the $UNITE token value is higher than that of 1 $ONE token's value.
• Users' staked tokens are locked and may not be withdrawn for a period of 36 hours and rewards are locked for a period of 18 hours.
• The lock duration is reset for both staked tokens and rewards after each new deposit and rewards claim.
• The project team should exercise caution when adding fee-on-transfer or ERC777-compliant tokens (this is uncommon).
• The contract deployer is given the Operator role upon deployment.
• The Operator can withdraw any tokens from the contract at any time
• The Operator may update the lock durations for staked tokens and rewards to any value, up to two weeks, at any time; the rewards lock duration must be greater than or equal to the staked token's lock duration.
• The Operator may update its own address at any time.

UShareRewardPool Contract:

• Any user may use this contract to stake designated LP tokens to earn rewards in $USHARE tokens.
• Users will receive a reward amount on each block based on the amount staked, the amount of "points" allocated to the pool, and the rewards rate.
• The total rewards period is 370 days from the start of staking.
• Staking rewards are calculated and transferred to the user during deposits and withdrawals.
• Users may also elect to emergency withdraw, which will withdraw all tokens from the specified pool without calculating and distributing rewards.
• Rewards tokens must be supplied to the contract, otherwise users will be unable to claim their rewards.
• The project team should exercise caution when adding fee-on-transfer or ERC777-compliant tokens (this is uncommon).
• The contract deployer is given the Operator role upon deployment.
• The Operator may add a staking pool to the contract at any time; there may only be one pool per designated token.
• The Operator may update a pool's allocated points at any time.
• During the rewards period and 90 days after, the Operator may withdraw any non-designated staking token from the contract at any time.
• 90 days after the rewards period, the Operator may withdraw any token in the contract at any time.

Oracle Contract:

• This contract implements a Time Weighted Average Price (TWAP) Oracle to deter price manipulation of a designated LP token and its underlying token pair.
• When the Oracle is updated, the time-weighted average of the current price and the price at the time of the last update is taken. This is stored and used to return price estimates.
• Users may "consult" the Oracle to get a price estimate for a specified amount of either underlying token in the pair.
• The team must ensure that the Oracle is updated often enough to prevent price manipulation. We recommend having functions within the other contracts update the Oracle if enough time has passed since the last update. Alternatively, Chainlink is a secure method to source pricing from off-chain.

TaxOracle Contract:

• This contract serves as an oracle for the relative price between for an LP token where UNITE is one of the tokens in the underlying pair.
• Users may "consult" the oracle to get the ratio of the value of the two tokens in the pair multiplied by an amount of tokens for an estimated price.

External Threat Results

Contract Source Summary and Visualizations

• Go Home