Bees Finance - Smart Contract Audit Report

Summary

Bees Finance Audit Report Bees Finance is building a new yield farming platform on the Binance Smart Chain.

For this audit, we analyzed Bees Finance' token contract and their MasterChef staking contract. We reviewed the team's code at the following addresses on the Binance Smart Chain mainnet:
  • Bees FinanceSwap Token: 0x99fdb84d876ef165da47760120b4e53932a3eed7
  • MasterChef Staking: 0x84bdc51804905b9bcbd4cb4eeb4265c2f4764f29
  • Notes on the Contracts:
  • The initial total supply of the BZZZ token is 30,000.
  • As of the date of this report, the team holds 100% of the supply.
  • More tokens can be minted by the owner of the token contract.
  • The owner of the token contract has been transferred to the BZZZChef staking contract for the provision of staking rewards.

  • Users can stake various LP tokens into the BZZZChef contract into order to earn Bees FinanceSwap tokens.
  • There is a no fee associated with making a deposit to or withdrawing from the contract.
  • 10% of token rewards minted for a user's rewards are burned upon unstaking.
  • An emergencyWithdraw function exists so users can withdraw without collecting rewards.
  • The project team can add different types of tokens for staking, and can update the reward rates for each pool at any time.
  • The team must be careful not to add the same token twice, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens for rewards (this is uncommon).
  • Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • As with any presale, ensure trust in the team prior to investing.
    • Further, ensure trust in the team as they have some control in the ecosystem.
    • Date: May 18th, 2021
    • Update Date: May 19th, 2021 - Redeployment of BZZZChef contract with a minor logic fix.

    Combined External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details: Bees Finance Token


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     +  ERC20 (Context, IERC20, Ownable)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _setupDecimals #
        - [Int] _beforeTokenTransfer #
        - [Pub] setMinter #
           - modifiers: onlyOwner
        - [Pub] mint #
           - modifiers: canMint,onlyOwner
        - [Pub] finishMinting #
           - modifiers: canMint,onlyOwner
        - [Pub] mintingFinished
    
     +  BzzzJar (Ownable, ERC20)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner
    
     +  BZZZChef (Ownable)
        - [Pub]  #
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner
        - [Pub] set #
           - modifiers: onlyOwner
        - [Pub] getMultiplier
        - [Pub] getRewardPerBlock
        - [Ext] pendingBZZZ
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
        - [Pub] withdraw #
        - [Pub] emergencyWithdraw #
        - [Int] safeBZZZTransfer #
        - [Pub] dev #


    Details: BZZZChef Staking


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     +  ERC20 (Context, IERC20, Ownable)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _setupDecimals #
        - [Int] _beforeTokenTransfer #
        - [Pub] setMinter #
           - modifiers: onlyOwner
        - [Pub] mint #
           - modifiers: canMint,onlyOwner
        - [Pub] finishMinting #
           - modifiers: canMint,onlyOwner
        - [Pub] mintingFinished
    
     +  BzzzJar (Ownable, ERC20)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner
    
     +  BZZZChef (Ownable)
        - [Pub]  #
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner
        - [Pub] set #
           - modifiers: onlyOwner
        - [Pub] getMultiplier
        - [Pub] getRewardPerBlock
        - [Ext] pendingBZZZ
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
        - [Pub] withdraw #
        - [Pub] emergencyWithdraw #
        - [Int] safeBZZZTransfer #
        - [Pub] dev #