Barns Finance - Smart Contract Audit Report

Summary

Barns Finance Audit Report Barns Finance is building a new DeFi ecosystem on Polygon.

For this audit, we analyzed Barns Finance's MasterChef staking contract. We reviewed the team's code at the following address on the Polygon mainnet: 0xA46b3A6aaA8FC78f641E0D7C2969Ae06120764d8

Notes on the Contracts:
  • Users can stake various tokens into the MasterChef contract into order to earn Farm tokens.
  • The only time Farm Tokens can be minted is through generated rewards for stakeholders, where an additional 10% of minted Farm Tokens are minted to a dev address.
  • The owner of the token contract has been properly set to the MasterChef staking contract for the provision of staking rewards. This also does not allow the team to exercise the function to burn user's tokens.
  • Users can stake various tokens in the MasterChef contract to earn rewards in the form of the project's native Farm token.
  • There is a fee associated with making a deposit to the contract, set by the team upon adding the pool. The fee is directed to the team and its percentage can be updated at any time.
  • Both the deposit fee of a pool and its share of rewards generated can be changed by the owner at any time.
  • The MasterChef staking contract should not be used with deflationary tokens or ERC-777 tokens. If a deflationary token is added as a staking asset, then the contract must be exempt from transfer fees.
  • The team must also be careful not to add the same token twice for staking.
  • Two lines perform a multiplication on the result of a division, leading to less accurate results. It is advisable to always do all multiplication prior to division. Applicable lines can be viewed here.
  • The MAX_FEE and MAX_SUPPLY variables could be declared constant to save gas on both storage and each reference.
  • A number of functions could be declared external instead of public to save some gas on each call. Applicable functions can be viewed here.
  • Utilization of SafeMath (or similarily safe functions) to prevent overflows.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have control over the reward multiplier for any given pool
    • Date: August 20th, 2021

    Combined External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
      + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
        - [Int] min
        - [Int] sqrt
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     + [Lib] SafeBEP20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     +  BEP20 (Context, IBEP20, Ownable)
        - [Pub]  #
        - [Ext] getOwner
        - [Pub] name
        - [Pub] decimals
        - [Pub] symbol
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _burnFrom #
    
     +  FarmToken (BEP20)
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Ext] delegates
        - [Ext] delegate #
        - [Ext] delegateBySig #
        - [Ext] getCurrentVotes
        - [Ext] getPriorVotes
        - [Int] _delegate #
        - [Int] _moveDelegates #
        - [Int] _writeCheckpoint #
        - [Int] safe32
        - [Int] getChainId
    
     +  SyrupBar (BEP20)
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Pub] burn #
           - modifiers: onlyOwner
        - [Pub]  #
        - [Pub] safeFarmTransfer #
           - modifiers: onlyOwner
        - [Ext] delegates
        - [Ext] delegate #
        - [Ext] delegateBySig #
        - [Ext] getCurrentVotes
        - [Ext] getPriorVotes
        - [Int] _delegate #
        - [Int] _moveDelegates #
        - [Int] _writeCheckpoint #
        - [Int] safe32
        - [Int] getChainId
    
     +  MasterChef (Ownable)
        - [Pub]  #
        - [Pub] updateMultiplier #
           - modifiers: onlyOwner
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner
        - [Pub] set #
           - modifiers: onlyOwner
        - [Int] updateStakingPool #
        - [Pub] getMultiplier
        - [Ext] pendingFarm
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
        - [Pub] withdraw #
        - [Pub] enterStaking #
        - [Pub] leaveStaking #
        - [Pub] emergencyWithdraw #
        - [Int] safeFarmTransfer #
        - [Pub] dev #