YearnYFI Finance - Smart Contract Audit Report

Summary

YearnYFI Finance Audit Report YearnYFI is building a new yield farming platform.

For this audit, we analyzed the project's YearnYFI token contract and MasterChef staking contract. We reviewed the the token at 0xdeaa665ab71785ccf576dc76e5fcb5a2283ea0c6 on the Ethereum Mainnet and the MasterChef contract using code provided to us by the team, available in flattened form below.

Notes on the Contracts:
  • The token is designed to be a governance token where 1 token = 1 vote.
  • Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.
  • The owner of the token has the ability to mint tokens at any time. This is intended to be the MasterChef staking contract.
  • About 35% of the supply was sent to a wallet controlled by the team upon deployment. This wallet currently
  • Currently, 7.5% of the supply is in the Uniswap pool.
  • 99% of liquidity will unlock in September of this year.
  • The next largest holder has 3.6%

  • Users can stake various LP tokens into the MasterChef contract into order to earn YNI tokens.
  • There is a fee associated with making a deposit to the contract, set by the team.
  • 2% of the tokens deposited into the contract shall be sent to the project team.
  • 2% of CANDY token rewards minted for a user's rewards are burned upon unstaking.
  • The project team can add different types of tokens for staking, and can update the reward rates for each token at any time.

  • Some gas optimizations can be achieved through marking functions external instead of public.
  • The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.
  • Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
    • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have notable control over the ecosystem.
    • Futher, ensure trust in the team as they hold a large number of tokens and have distributed 1/3rd of the supply to various wallets.
    • Date: April 28th, 2021

    Combined External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details: YearnYFI Token


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  BEP20 (Context, IBEP20, Ownable)
    - [Pub]  #
    - [Ext] getOwner
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _burnFrom #

 +  Token (BEP20)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

    Source Code


    Click here to download the source code as a .sol file.



    Details: MasterChef Staking


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  BEP20 (Context, IBEP20, Ownable)
    - [Pub]  #
    - [Ext] getOwner
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _burnFrom #

 +  Token (BEP20)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 +  MasterChef (Ownable)
    - [Pub]  #
    - [Ext] poolLength
    - [Pub] add #
       - modifiers: onlyOwner
    - [Pub] set #
       - modifiers: onlyOwner
    - [Pub] getMultiplier
    - [Ext] pendingYNI
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Pub] deposit #
    - [Pub] withdraw #
    - [Pub] emergencyWithdraw #
    - [Int] safeYNITransfer #
    - [Pub] dev #
    - [Pub] setFeeAddress #
    - [Pub] updateEmissionRate #
       - modifiers: onlyOwner

    Source Code


    Click here to download the source code as a .sol file.