Bird.Money Farm V2 - Smart Contract Audit Report
Bird.Money has built an off-chain Farm, analytics, and lending platform. We previously reviewed the project's token contract here, lending platform here, and Oracle here. For this audit, we analyzed the project team's Farm contract on GitHub at commit a1b4a68996e603786f297cf149c888cff223b43c.
Notes of the Contract:
- Users can stake various LP tokens into the MasterChef contract into order to earn rewards.
- There is a fee associated with making a deposit to the contract, set by the team.
- 2% of the tokens deposited into the contract shall be sent to the project team.
- 2% of BIRD token rewards earned for a user's rewards are burned upon unstaking.
- The project team can add different types of tokens for staking, and can update the reward rates for each token at any time.
- Some gas optimizations can be achieved through marking functions external instead of public and declaring some variables constant. As this contract is already deployed, this is informational.
- The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.
- Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
- No security vulnerabilities from external actors were identified.
- Ensure trust in the team as they have the ability to migrate user's staked funds.
- Date: April 17th, 2021
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||Pass|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + Context - [Int] _msgSender - [Int] _msgData + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + ERC20 (Context, IERC20) - [Pub]
# - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _setupDecimals # - [Int] _beforeTokenTransfer # + Ownable (Context) - [Int] # - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + MasterChef (Ownable) - [Pub] # - [Pub] add # - modifiers: onlyOwner - [Pub] set # - modifiers: onlyOwner - [Int] getMultiplier - [Ext] pendingRewardToken - [Int] massUpdatePools # - [Int] updatePool # - [Pub] deposit # - [Pub] withdraw # - [Pub] emergencyWithdraw # - [Int] savePendingReward # - [Pub] harvestPendingReward # - [Pub] addRewardTokensToContract # - modifiers: onlyOwner - [Pub] getRewardTokensFromContract # - modifiers: onlyOwner - [Pub] getReward - [Ext] poolLength - [Pub] setAll # - modifiers: onlyOwner - [Pub] setRewardToken # - modifiers: onlyOwner - [Pub] setUnstakeFrozenTime # - modifiers: onlyOwner - [Pub] setRewardFrozenTime # - modifiers: onlyOwner - [Pub] setRewardTokenPerBlock # - modifiers: onlyOwner - [Pub] setStartRewardBlock # - modifiers: onlyOwner - [Pub] setEndRewardBlock # - modifiers: onlyOwner - [Pub] setMigrator # - modifiers: onlyOwner + [Int] IMigratorChef - [Ext] migrate #