BakeryTools - Smart Contract Audit Report

Summary

BakeryTools Audit Report BakeryTools is building a central hub and trading tool for Binance chain pairs, pool explorer, and a platform for Private and pre-sale listings.

For this audit, we analyzed BakeryTools' MasterChef staking contract. We reviewed the team's code at commit eebd868a534caa6b4b8d298fa81d573c1be71a52 on GitHub.
We previously reviewed the project team's TBAKE Token Contract here.

Notes on the Contract:
  • Users can stake various tokens into the MasterChef contract into order to earn TBAKE tokens.
  • There is a deposit fee set by the team for each asset that a user can stake.
  • User's rewards are claimed when withdrawing from the contract. There are no fees associated with this action.
  • An emergencyWithdraw function exists so users can withdraw without collecting rewards.
  • The team can update the global reward rate at any time via the updateEmissionRate function.
  • The project team can add different types of tokens for staking, and can update the reward rates for each pool at any time.
  • The team must be careful not to add the same token twice, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
  • Some functions can be declared external instead of public to save gas on each call: add, set, deposit, withdraw, emergencyWithdraw, dev, setFeeAddress, updateEmissionRate.
  • Function getMultiplier should be restricted to pure instead of view.
  • Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have some control in the ecosystem.
    • Date: June 21st, 2021

    Combined External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Lib] SafeBEP20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  BEP20 (Context, IBEP20, Ownable)
        - [Pub]  #
        - [Ext] getOwner
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _mintOnce #
        - [Int] _beforeTokenTransfer #
        - [Int] _burnFrom #
    
     +  HasForeignAsset (Ownable)
        - [Ext] assetBalance
        - [Ext] getAsset #
           - modifiers: onlyOwner
    
     +  TBAKE (BEP20, HasForeignAsset)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Ext] delegates
        - [Ext] delegate #
        - [Ext] delegateBySig #
        - [Ext] getCurrentVotes
        - [Ext] getPriorVotes
        - [Int] _delegate #
        - [Int] _moveDelegates #
        - [Int] _writeCheckpoint #
        - [Int] safe32
        - [Int] getChainId
    
     +  MasterChef (Ownable)
        - [Pub]  #
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner
        - [Pub] set #
           - modifiers: onlyOwner
        - [Pub] getMultiplier
        - [Ext] pendingTBAKE
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
        - [Pub] withdraw #
        - [Pub] emergencyWithdraw #
        - [Int] safeTBAKETransfer #
        - [Pub] dev #
        - [Pub] setFeeAddress #
        - [Pub] updateEmissionRate #
           - modifiers: onlyOwner