/>

Amnext Lottery - Audit Report

Summary

 Amnext Lottery Audit Report The Amnext has built a series of contracts to enable users to participate in lotteries.

We reviewed a series of Amnext's Lottery contracts using code provided to us by the team. For this audit, we reviewed the following contracts:

  • AMCStakingPrizePool
  • AMCStakingPrizePoolProxyFactory
  • LifeTimeLottery
  • PoolWithMultipleWinnersBuilder
  • PancakePrizePool
  • PancakePrizePoolProxyFactory
  • VenusPrizePool
  • VenusPrizePoolProxyFactory
  • VTokenInterface
  • Please note we have not reviewed other contracts from the team.

    Notes on the Contracts:
    • The Prize Pool Factory contracts (Venus, Pancake, and AMC) are designed to allow for the deployment multiple lottery pools.
    • When a new pool is created, a copy of the base PrizePool contracts is deployed
    • The PoolWithMultipleWinnersBuilder contract is a variant of the Factory contracts, with additional logic to support the deployment of lottery pools with multiple winners.
    • Users can enter into the Lifetime Lottery by depositing an ERC20 token; though they must register first.
    • After registering users can buy 'levels' in the Lifetime Lottery by paying to the contract. (This is currently commented-out for testing but ought to be re-enabled prior to deployment).
    • Users who refer other users to buy levels in the contract will receive rewards for their referrals in the form of both AMC tokens and staked AMC tokens. Two levels for referrals exist.
    • The team will set values used in the lottery upon deployment. No ownership-restricted functions are present, so once deployed the contract's key variables cannot be altered.

    • A price calculation is used to get the USDT price of the AMC token. While this method is somewhat suseptible to flash loans, the value that can be extracted will be below the cost of taking a flash loan; so this implementation is acceptable.
    • In all of the xxxxPrizePool contracts, the initialize() can be declared external instead of public to save some gas when called.
    • The _supply() and _redeem() functions in the xxxxPrizePool contracts perform redundant logic in defining assetToken. It instead could be defined globally to save some execution cost.
    • The returning of the 'diff' value in the _redeem() function in the xxxxPrizePool contracts could be streamlined to save on gas.
    • SafeMath is utilized across all contracts to prevent overflows.

    Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have notable control in the ecosystem.
    • Date: June 4th, 2021.

    External Threat Results

    Vulnerability Category Notes Result
    Arbitrary Storage Write N/A PASS
    Arbitrary Jump N/A PASS
    Delegate Call to Untrusted Contract N/A PASS
    Dependence on Predictable Variables N/A PASS
    Deprecated Opcodes N/A PASS
    Ether Thief N/A PASS
    Exceptions N/A PASS
    External Calls N/A PASS
    Integer Over/Underflow N/A PASS
    Multiple Sends N/A PASS
    Suicide N/A PASS
    State Change External Calls N/A Pass
    Unchecked Retval N/A PASS
    User Supplied Assertion N/A PASS
    Critical Solidity Compiler N/A PASS
    Overall Contract Safety   PASS

    Visualizations: Pancakeswap Lottery

    Smart Contract Graph

    Contract Inheritance


    Visualizations: Venus Lottery

    Smart Contract Graph

    Contract Inheritance


    Visualizations: AMCStakingPrizePool

    Smart Contract Graph

    Contract Inheritance


    Visualizations: LifeTimeLottery

    Smart Contract Graph

    Contract Inheritance


    Visualizations: PoolWithMultipleWinnersBuilder

    Smart Contract Graph

    Contract Inheritance