We ran over 400,000 transactions interacting with this suite of contracts on a test blockchain to determine these results.
Date: November 17th, 2020
Vulnerability Category Notes Result Arbitrary Storage Write N/A PASS Arbitrary Jump N/A PASS Delegate Call to Untrusted Contract N/A PASS Dependence on Predictable Variables N/A PASS Deprecated Opcodes N/A PASS Ether/Token Thief The owner of the prediciton contract determines and sets the rewards for each user.
If the owner key was compromised, only 4% of each user's staked funds would be
at risk due to the implemented mitigation.Warning Exceptions N/A PASS External Calls N/A PASS Integer Over/Underflow N/A PASS Multiple Sends N/A PASS Oracle The project uses a single-source off-chain price feed from CoinGecko.
It is highly unlikely, but possible, for this to be manipulated.Warning Suicide N/A PASS State Change External Calls N/A PASS Unchecked Retval N/A PASS User Supplied Assertion N/A PASS Critical Solidity Compiler N/A PASS Overall Contract Safety -----> PASS
Bundles Finance (BUND) - Smart Contract Audit Report
Summary
CRITICAL ISSUE ALERT - December 4th, 2020 The $BUND Bundles.Finance team has introduced probable malicious code into their project after our audit was completed. This is a developing situation; updates are available here. We are advising anyone invested in the project to unstake their tokens from the platform until this matter is resolved. At the time of writing this a very small amount of value remains in the vulnerable contracts, and no malicious actions have been taken or funds lost.
UPDATE- December 7th, 2020 We have worked with the Bundles team to create new pool contracts. The audit of these new contracts and deployment details will be available at https://sourcehat.com/audits/BUNDv2/
This page is now considered deprecated.
View the updated report at the link above.
Bundles allows token holders to use their Crypto prediction skills to choose which cryptocurrencies will perform best over the following 6 days. Out of 10 popular cryptocurrencies, $BUND token holders can choose to stake their tokens on a single asset or a ‘Bundle’ of assets to achieve the highest returns during the staking period. Depending upon the performance of your $BUND tokens staked in relation to the other $BUND tokens staked over the 6 day period, you will either increase or decrease your token holdings.
Audit Findings:
- Summary: No issues from outside attackers were identified. Ensure trust in the project team.
- Date: November 20th, 2020.
- The BUND token contract is secure and cannot be minted after deployment.
- The logic that manages the ecosystem is run on an off-chain NodeJS server hosted on AWS. The owner-restricted functions of the contracts are called by this server using a privatekey stored on the server in order to determine prices and update user balances. If this AWS account of its owner were compromised, user funds would be at risk.
- Mitigation measure: We pointed out this potential issue to the team and their innovative solution (to be deployed shortly) limits the risk of a compromised key to only 4% of user's funds. We have also briefly inspected the NodeJS code and the code appears to be legitimate and serve its intended purpose.
- While there is risk associated with an owner private key having this control, the actions of the team and their willingness to mitigate this risk makes us believe the team is trustworthy. The team is also publicly known, which further reduces the probability of a malicious owner.
- The prices fed to the Oracle contract are sent directly from the contract's owner via a single source (CoinGecko). The data sent to the oracle is not used by the Bundles contract; the team explains this oracle is so users can see the prices used to decide rewards on-chain. If CoinGecko were compromised, user funds would be at risk to an unfair/manipulated outcome.
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
+ ERC20 (IERC20)
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ TokenMintERC20Token (ERC20)
- [Pub] ($)
- [Pub] burn #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
Source Code
Click here to download the source code as a .sol file.
/**
*Submitted for verification at Etherscan.io on 2019-08-02
*/
// File: contracts\open-zeppelin-contracts\token\ERC20\IERC20.sol
pragma solidity ^0.5.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP. Does not include
* the optional functions; to access them see `ERC20Detailed`.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a `Transfer` event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through `transferFrom`. This is
* zero by default.
*
* This value changes when `approve` or `transferFrom` are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* > Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an `Approval` event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a `Transfer` event.
*/
function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to `approve`. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// File: contracts\open-zeppelin-contracts\math\SafeMath.sol
pragma solidity ^0.5.0;
/**
* @dev Wrappers over Solidity's arithmetic operations with added overflow
* checks.
*
* Arithmetic operations in Solidity wrap on overflow. This can easily result
* in bugs, because programmers usually assume that an overflow raises an
* error, which is the standard behavior in high level programming languages.
* `SafeMath` restores this intuition by reverting the transaction when an
* operation overflows.
*
* Using this library instead of the unchecked operations eliminates an entire
* class of bugs, so it's recommended to use it always.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
require(b <= a, "SafeMath: subtraction overflow");
uint256 c = a - b;
return c;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522
if (a == 0) {
return 0;
}
uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");
return c;
}
/**
* @dev Returns the integer division of two unsigned integers. Reverts on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
// Solidity only automatically asserts when dividing by 0
require(b > 0, "SafeMath: division by zero");
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold
return c;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* Reverts when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
require(b != 0, "SafeMath: modulo by zero");
return a % b;
}
}
// File: contracts\open-zeppelin-contracts\token\ERC20\ERC20.sol
pragma solidity ^0.5.0;
/**
* @dev Implementation of the `IERC20` interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using `_mint`.
* For a generic mechanism see `ERC20Mintable`.
*
* *For a detailed writeup see our guide [How to implement supply
* mechanisms](https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226).*
*
* We have followed general OpenZeppelin guidelines: functions revert instead
* of returning `false` on failure. This behavior is nonetheless conventional
* and does not conflict with the expectations of ERC20 applications.
*
* Additionally, an `Approval` event is emitted on calls to `transferFrom`.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*
* Finally, the non-standard `decreaseAllowance` and `increaseAllowance`
* functions have been added to mitigate the well-known issues around setting
* allowances. See `IERC20.approve`.
*/
contract ERC20 is IERC20 {
using SafeMath for uint256;
mapping (address => uint256) private _balances;
mapping (address => mapping (address => uint256)) private _allowances;
uint256 private _totalSupply;
/**
* @dev See `IERC20.totalSupply`.
*/
function totalSupply() public view returns (uint256) {
return _totalSupply;
}
/**
* @dev See `IERC20.balanceOf`.
*/
function balanceOf(address account) public view returns (uint256) {
return _balances[account];
}
/**
* @dev See `IERC20.transfer`.
*
* Requirements:
*
* - `recipient` cannot be the zero address.
* - the caller must have a balance of at least `amount`.
*/
function transfer(address recipient, uint256 amount) public returns (bool) {
_transfer(msg.sender, recipient, amount);
return true;
}
/**
* @dev See `IERC20.allowance`.
*/
function allowance(address owner, address spender) public view returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See `IERC20.approve`.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public returns (bool) {
_approve(msg.sender, spender, value);
return true;
}
/**
* @dev See `IERC20.transferFrom`.
*
* Emits an `Approval` event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of `ERC20`;
*
* Requirements:
* - `sender` and `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `value`.
* - the caller must have allowance for `sender`'s tokens of at least
* `amount`.
*/
function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {
_transfer(sender, recipient, amount);
_approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));
return true;
}
/**
* @dev Atomically increases the allowance granted to `spender` by the caller.
*
* This is an alternative to `approve` that can be used as a mitigation for
* problems described in `IERC20.approve`.
*
* Emits an `Approval` event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));
return true;
}
/**
* @dev Atomically decreases the allowance granted to `spender` by the caller.
*
* This is an alternative to `approve` that can be used as a mitigation for
* problems described in `IERC20.approve`.
*
* Emits an `Approval` event indicating the updated allowance.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `spender` must have allowance for the caller of at least
* `subtractedValue`.
*/
function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {
_approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));
return true;
}
/**
* @dev Moves tokens `amount` from `sender` to `recipient`.
*
* This is internal function is equivalent to `transfer`, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a `Transfer` event.
*
* Requirements:
*
* - `sender` cannot be the zero address.
* - `recipient` cannot be the zero address.
* - `sender` must have a balance of at least `amount`.
*/
function _transfer(address sender, address recipient, uint256 amount) internal {
require(sender != address(0), "ERC20: transfer from the zero address");
require(recipient != address(0), "ERC20: transfer to the zero address");
_balances[sender] = _balances[sender].sub(amount);
_balances[recipient] = _balances[recipient].add(amount);
emit Transfer(sender, recipient, amount);
}
/** @dev Creates `amount` tokens and assigns them to `account`, increasing
* the total supply.
*
* Emits a `Transfer` event with `from` set to the zero address.
*
* Requirements
*
* - `to` cannot be the zero address.
*/
function _mint(address account, uint256 amount) internal {
require(account != address(0), "ERC20: mint to the zero address");
_totalSupply = _totalSupply.add(amount);
_balances[account] = _balances[account].add(amount);
emit Transfer(address(0), account, amount);
}
/**
* @dev Destroys `amount` tokens from `account`, reducing the
* total supply.
*
* Emits a `Transfer` event with `to` set to the zero address.
*
* Requirements
*
* - `account` cannot be the zero address.
* - `account` must have at least `amount` tokens.
*/
function _burn(address account, uint256 value) internal {
require(account != address(0), "ERC20: burn from the zero address");
_totalSupply = _totalSupply.sub(value);
_balances[account] = _balances[account].sub(value);
emit Transfer(account, address(0), value);
}
/**
* @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.
*
* This is internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an `Approval` event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*/
function _approve(address owner, address spender, uint256 value) internal {
require(owner != address(0), "ERC20: approve from the zero address");
require(spender != address(0), "ERC20: approve to the zero address");
_allowances[owner][spender] = value;
emit Approval(owner, spender, value);
}
/**
* @dev Destoys `amount` tokens from `account`.`amount` is then deducted
* from the caller's allowance.
*
* See `_burn` and `_approve`.
*/
function _burnFrom(address account, uint256 amount) internal {
_burn(account, amount);
_approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));
}
}
// File: contracts\ERC20\TokenMintERC20Token.sol
pragma solidity ^0.5.0;
/**
* @title TokenMintERC20Token
* @author TokenMint (visit https://tokenmint.io)
*
* @dev Standard ERC20 token with burning and optional functions implemented.
* For full specification of ERC-20 standard see:
* https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md
*/
contract TokenMintERC20Token is ERC20 {
string private _name;
string private _symbol;
uint8 private _decimals;
/**
* @dev Constructor.
* @param name name of the token
* @param symbol symbol of the token, 3-4 chars is recommended
* @param decimals number of decimal places of one token unit, 18 is widely used
* @param totalSupply total supply of tokens in lowest units (depending on decimals)
* @param tokenOwnerAddress address that gets 100% of token supply
*/
constructor(string memory name, string memory symbol, uint8 decimals, uint256 totalSupply, address payable feeReceiver, address tokenOwnerAddress) public payable {
_name = name;
_symbol = symbol;
_decimals = decimals;
// set tokenOwnerAddress as owner of all tokens
_mint(tokenOwnerAddress, totalSupply);
// pay the service fee for contract deployment
feeReceiver.transfer(msg.value);
}
/**
* @dev Burns a specific amount of tokens.
* @param value The amount of lowest token units to be burned.
*/
function burn(uint256 value) public {
_burn(msg.sender, value);
}
// optional functions from ERC20 stardard
/**
* @return the name of the token.
*/
function name() public view returns (string memory) {
return _name;
}
/**
* @return the symbol of the token.
*/
function symbol() public view returns (string memory) {
return _symbol;
}
/**
* @return the number of decimals of the token.
*/
function decimals() public view returns (uint8) {
return _decimals;
}
}
Function Graph
Functions Overview
+ Bundles
- [Pub] #
- [Pub] Register #
- [Pub] PlaceBet #
- [Pub] updatebal #
- [Pub] createBundle #
- [Pub] updateowner #
- [Pub] withdraw #
- [Pub] fetchUser
- [Pub] fetchBundle
- [Pub] fetchUserBets
Source Code
Click here to download the source code as a .sol file.
// SPDX-License-Identifier: UNLICENSED
pragma solidity <=0.7.5;
import './BUNDtoken.sol';
contract Bundles {
uint256 public bundleId = 1;
address public owner;
TokenMintERC20Token public bundle_address;
uint256 lastcreated;
struct UserBets{
uint256[10] bundles;
bool betted;
}
struct User{
uint256[] bundles;
string username;
uint256 balance;
uint256 freebal;
bool active;
}
struct Bundle{
uint256[10] prices;
uint256 startime;
uint256 stakingends;
uint256 endtime;
}
mapping(address => mapping(uint256 => UserBets)) bets;
mapping(uint256 => Bundle) bundle;
mapping(address => User) user;
constructor(address _bundle_address) public{
owner = msg.sender;
bundle_address = TokenMintERC20Token(_bundle_address);
}
function Register(string memory _username) public returns(bool){
User storage us = user[msg.sender];
require(us.active == false,'Existing User');
us.active = true;
us.username = _username;
return true;
}
function PlaceBet(uint256[10] memory _bundle,uint256 _bundleId,uint256 _amount) public returns(bool) {
require(_bundleId <= bundleId,'Invalid Bundle');
require(bundle_address.allowance(msg.sender,address(this))>=_amount,'Approval failed');
Bundle storage b = bundle[_bundleId];
require(b.endtime >= block.timestamp,'Ended');
User storage us = user[msg.sender];
require(us.active == true,'Register to participate');
UserBets storage u = bets[msg.sender][_bundleId];
require(u.betted == false, 'Already Voted');
us.bundles.push(_bundleId);
us.balance = us.balance+_amount;
u.betted = true;
u.bundles = _bundle;
bundle_address.transferFrom(msg.sender,address(this),_amount);
return true;
}
function updatebal(address _user,uint256 _newbal) public returns(bool){
require(msg.sender == owner,'Not Owner');
require(_reward <=40,'Invalid Reward Percent');
User storage us = user[_user];
require(us.active == true,'Invalid User');
us.freebal = _newbal;
us.balance = 0;
return true;
}
function createBundle(uint256[10] memory _prices) public returns(bool){
require(msg.sender == owner,'Not Owner');
require( block.timestamp > lastcreated + 7 days,'Cannot Create');
Bundle storage b = bundle[bundleId];
b.prices = _prices;
b.startime = block.timestamp;
lastcreated = block.timestamp;
b.endtime = block.timestamp + 7 days;
b.stakingends = block.timestamp + 1 days;
bundleId = bundleId + 1;
return true;
}
function updateowner(address new_owner) public returns(bool){
require(msg.sender == owner,'Not an Owner');
owner = new_owner;
return true;
}
function withdraw() public returns(bool){
User storage us = user[msg.sender];
require(us.active == true,'Invalid User');
require(us.freebal > 0,'No bal');
bundle_address.transfer(msg.sender,us.freebal);
us.freebal = 0;
return true;
}
function fetchUser(address _user) public view returns(uint256[] memory _bundles,string memory username,uint256 balance, bool active){
User storage us = user[_user];
return(us.bundles,us.username,us.balance,us.active);
}
function fetchBundle(uint256 _bundleId) public view returns(uint256[10] memory _prices,uint256 _start,uint256 _end,uint256 _staking_ends){
Bundle storage b = bundle[_bundleId];
return(b.prices,b.startime,b.endtime,b.stakingends);
}
function fetchUserBets(address _user, uint256 _bundleId) public view returns(uint256[10] memory _bundles,bool _betted){
UserBets storage u = bets[_user][_bundleId];
return(u.bundles,u.betted);
}
}
Function Graph
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Oracle
- [Pub] #
- [Pub] updateOwner #
- [Pub] updateBtc #
- [Pub] updateEth #
- [Pub] updateXrp #
- [Pub] updateDot #
- [Pub] updateLink #
- [Pub] updateYfi #
- [Pub] updateCore #
- [Pub] updateBnb #
- [Pub] updateUni #
- [Pub] updateUsdt #
Source Code
Click here to download the source code as a .sol file.
/**
*Submitted for verification at Etherscan.io on 2020-11-12
*/
// SPDX-License-Identifier: UNLICENSED
pragma solidity <=0.7.4;
contract Oracle{
uint256 public BTC;
uint256 public ETH;
uint256 public DOT;
uint256 public LINK;
uint256 public XRP;
uint256 public YFI;
uint256 public CORE;
uint256 public BNB;
uint256 public UNI;
uint256 public USDT;
address public owner;
constructor(){
owner = msg.sender;
}
function updateOwner(address new_owner) public {
require(msg.sender == owner);
owner = new_owner;
}
function updateBtc(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
BTC = price;
}
function updateEth(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
ETH = price;
}
function updateXrp(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
XRP = price;
}
function updateDot(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
DOT = price;
}
function updateLink(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
LINK = price;
}
function updateYfi(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
YFI = price;
}
function updateCore(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
CORE = price;
}
function updateBnb(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
BNB = price;
}
function updateUni(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
UNI = price;
}
function updateUsdt(uint256 price) public {
require(msg.sender==owner,'Cannot do this');
USDT = price;
}
}