Brainiac Bonding - Smart Contract Audit Report

Audit Summary

BrainiacBondingAudit Report Brainiac is building a new token bond contract for users to deposit tokens and earn yield over time.

For this audit, we reviewed the BRAINBondingCalculator and BondDepo contracts provided to us by the project team.

We previously reviewed the project team's token and staking contracts here.

Audit Findings

Please ensure trust in the team prior to investing as they have some control in the ecosystem.
Date: February 17th, 2022.

Finding #1 - BondDepo - Informational

Description: The adjustment struct's properties are not set and cannot be set in the contract. Since the first condition within the adjust() function requires the adjustment rate to be set, this is a contradiction and renders the code in the functiona as dead code.
Recommendation: We recommend removing this extra logic to reduce contract size and in turn enjoy additional gas savings on deployment and reduce gas usage on each call to the function.

Finding #2 - BondDepo - Informational

Description: The following functions are declared public, but are never called internally.
setMaxPayout, fund
Recommendation: We recommend declaring these functions external for additional gas savings on each call.

Contracts Overview

  • The BondDepo contract allows users to purchase bonds by depositing a designated token into the contract in order to earn a reward amount, in the form of a reward token determined by the team, over a set amount of time.
  • On deposits, the users' specified maximum bond purchase price must be at least the contract's minimum bond price. Additionally, the calculated reward amount from the bond must be within the valid payout range; the minimum and maximum payout limits are set by the team.
  • The bond price is determined by the bonds' control variable and the current debt ratio.
  • The control variable is set upon deployment and can be increased or decreased by the adjustment rate after every deposit if the adjustment rate is set and the adjustment buffer time has elapsed. The control variable can be adjusted until it reaches the adjustment target value.
  • The adjustment struct properties are not set and cannot be set; therefore, the control variable will never be adjusted.
  • The debt ratio is the ratio of the contract's current reward token debt to both the contract's total reward token balance and reward token debt.
  • Once the contract's total debt limit is reached or the contract's available debt is depleted, no further deposits can be made.

  • Users' rewards are based on the bonds vesting term and max payout at the time of creation; the bonds' terms are determined by the project team.
  • Users can redeem a portion of their rewards based on the percentage of time that has elapsed in relation to the total vesting duration. When a portion of the reward amount is claimed, the corresponding duration of time is deducted from the users' remaining vesting duration.
  • The owner must deposit the designated reward token using the fund() function for them to be properly added to the available debt amount; otherwise, any reward tokens transferred to the contract would be locked.

  • The owner can transfer ownership to another address at any time.
  • The owner can update the bond terms to be used at any time.
  • The owner can transfer any token in the contract to the Treasury address at any time.
  • The owner can update the Treasury address at any time.
  • The owner can update the max payout at any time.
  • These contracts utilize SafeMath to prevent any underflow/overflow attacks.
  • The team must exercise caution when setting the staking/reward token and must avoid using any fee-on-transfer tokens; if a fee-on-transfer token is used as the staking token then this contract should be excluded from the staking/reward token's fee mechanism.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesThe team cannot update any properties of the adjust struct.WARNING
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BondDepo Contract

 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

+ [Int] IBondingCalculator 
    - [Ext] valuation
    - [Ext] markdown

 + [Int] IOwnable 
    - [Ext] owner
    - [Ext] renounceManagement #
    - [Ext] pushManagement #
    - [Ext] pullManagement #

 +  Ownable (IOwnable)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceManagement #
       - modifiers: onlyOwner
    - [Pub] pushManagement #
       - modifiers: onlyOwner
    - [Pub] pullManagement #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] sqrrt

 + [Lib] Math 
    - [Int] max
    - [Int] min
    - [Int] average

 + [Lib] FullMath 
    - [Prv] fullMul
    - [Prv] fullDiv
    - [Int] mulDiv

 + [Lib] BitMath 
    - [Int] mostSignificantBit

 + [Lib] Babylonian 
    - [Int] sqrt

 + [Lib] FixedPoint 
    - [Int] decode
    - [Int] decode112with18
    - [Int] fraction
    - [Int] sqrt

 + [Int] IERC20 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #

 + [Int] IERC20Mintable 
    - [Ext] mint #
    - [Ext] mint #

 + [Lib] Counters 
    - [Int] current
    - [Int] increment #
    - [Int] decrement #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult
    - [Int] addressToString

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  BondDepo (Ownable)
    - [Pub]  #
    - [Ext] updateTreasury #
       - modifiers: onlyOwner
    - [Pub] valueOfToken
    - [Ext] updateBondTerms #
       - modifiers: onlyOwner
    - [Pub] setMaxPayout #
       - modifiers: onlyOwner
    - [Pub] fund #
       - modifiers: onlyOwner
    - [Ext] deposit #
    - [Ext] redeem #
    - [Int] sendPayout #
    - [Int] adjust #
    - [Int] decayDebt #
    - [Pub] maxPayout
    - [Pub] payoutFor
    - [Pub] bondPrice
    - [Int] _bondPrice #
    - [Pub] bondPriceInUSD
    - [Pub] debtRatio
    - [Ext] standardizedDebtRatio
    - [Pub] currentDebt
    - [Pub] debtDecay
    - [Pub] percentVestedFor
    - [Ext] pendingPayoutFor
    - [Ext] recoverLostToken #
       - modifiers: onlyOwner

BondCal Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function
 
 
 + [Lib] FullMath 
    - [Prv] fullMul
    - [Prv] fullDiv
    - [Int] mulDiv

 + [Lib] Babylonian 
    - [Int] sqrt

 + [Lib] BitMath 
    - [Int] mostSignificantBit

 + [Lib] FixedPoint 
    - [Int] decode
    - [Int] decode112with18
    - [Int] fraction
    - [Int] sqrt

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] sqrrt

 + [Int] IERC20 
    - [Ext] decimals

 + [Int] IUniswapV2ERC20 
    - [Ext] totalSupply

 + [Int] IUniswapV2Pair (IUniswapV2ERC20)
    - [Ext] getReserves
    - [Ext] token0
    - [Ext] token1

 + [Int] IBondingCalculator 
    - [Ext] valuation

 +  BRAINBondingCalculator (IBondingCalculator)
    - [Pub]  #
    - [Pub] getKValue
    - [Pub] getTotalValue
    - [Ext] valuation
    - [Ext] markdown