CakeCrypt Token & Farm - Smart Contract Audit Report

Summary

TAO Audit Report CakeCrypt intends to build a yield aggregator on the Binance Smart Chain.

For this audit we reviewed the project's Farm contract and StratX strategy contract. We reviewed the contracts at the following addresses on the Binance Smart Chain mainnet:

  • Farm: 0xf3d5217d144201a7198a312dd08b6f9eb58b0403
  • StratX: 0x19E34B8eE8b6D41edee57Cb79089EF3D75fc86eF
  • Notes of the Contracts:
    • Users can stake various tokens into the Farm contract in order to earn rewards in the project's native token.
    • User's deposited tokens will be forwarded to Strategy contract to earn yield while the user earns rewards.
    • There are a 0.1% fee associated with making a deposit to or withdrawing from the contract.
    • Funds held in the Strategy contract will then be forwarded for deposit into Pancakeswap farms for yield.
    • Yield from deposits will be denominated in the deposit asset and is additional to a user's earned native token rewards.
    • Rewards are generated via minting of the project's native token. 5.5% of rewards will be minted to the team.
    • An emergency withdraw function is present, allowing users to withdraw their tokens while ignoring rewards in case of an issue.
    • The project team can add different types of tokens for staking, and can update the reward rates for each token.
    • The team can pause deposits to the contract, but not withdrawals.
    • The team can also remove any token except the reward token from the Farm contract; and any token from the Strategy contract.
    • Utilization of SafeMath (or similarily safe functions) to prevent overflow issues.
    Audit Findings Summary
    • No issues from external attackers were identified.
    • Ensure trust in the team as they have some control in the ecosystem.
    • Date: May 27th, 2021.

    External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details: CakeCyrpt Farm Contract


    ERC20 Token Graph

    Multi-file Token

    
    ($) = payable function
    # = non-constant function
    
    Int = Internal
    Ext = External
    Pub = Public
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  ERC20 (Context, IERC20)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _setupDecimals #
        - [Int] _beforeTokenTransfer #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Prv] _verifyCallResult
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     + [Lib] EnumerableSet 
        - [Prv] _add #
        - [Prv] _remove #
        - [Prv] _contains
        - [Prv] _length
        - [Prv] _at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     +  ReentrancyGuard 
        - [Int]  #
    
     +  CakeCryptToken (ERC20)
        - [Pub] mint #
    
     + [Int] IStrategy 
        - [Ext] wantLockedTotal
        - [Ext] sharesTotal
        - [Ext] earn #
        - [Ext] deposit #
        - [Ext] withdraw #
        - [Ext] inCaseTokensGetStuck #
    
     +  CakeCryptFarm (Ownable, ReentrancyGuard)
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner
        - [Pub] set #
           - modifiers: onlyOwner
        - [Pub] getMultiplier
        - [Ext] pendingCCRYPT
        - [Ext] stakedWantTokens
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
           - modifiers: nonReentrant
        - [Pub] withdraw #
           - modifiers: nonReentrant
        - [Pub] withdrawAll #
           - modifiers: nonReentrant
        - [Pub] emergencyWithdraw #
           - modifiers: nonReentrant
        - [Int] safeCCRYPTTransfer #
        - [Pub] setCakeCryptPerBlock #
           - modifiers: onlyOwner
        - [Pub] inCaseTokensGetStuck #
           - modifiers: onlyOwner


    Details: StratX Stategy Contract


    ERC20 Token Graph

    Multi-file Token

    
    ($) = payable function
    # = non-constant function
    
    Int = Internal
    Ext = External
    Pub = Public
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  ERC20 (Context, IERC20)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _setupDecimals #
        - [Int] _beforeTokenTransfer #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Prv] _verifyCallResult
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     + [Lib] EnumerableSet 
        - [Prv] _add #
        - [Prv] _remove #
        - [Prv] _contains
        - [Prv] _length
        - [Prv] _at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     + [Int] IPancakeswapFarm 
        - [Ext] poolLength
        - [Ext] userInfo
        - [Ext] getMultiplier
        - [Ext] pendingCake
        - [Ext] deposit #
        - [Ext] withdraw #
        - [Ext] enterStaking #
        - [Ext] leaveStaking #
        - [Ext] emergencyWithdraw #
    
     + [Int] IPancakeRouter01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
    
     + [Int] IPancakeRouter02 (IPancakeRouter01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     +  ReentrancyGuard 
        - [Int]  #
    
     +  Pausable (Context)
        - [Int]  #
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     +  StratX (Ownable, ReentrancyGuard, Pausable)
        - [Pub]  #
        - [Pub] deposit #
           - modifiers: onlyOwner,whenNotPaused
        - [Pub] farm #
           - modifiers: nonReentrant
        - [Int] _farm #
        - [Pub] withdraw #
           - modifiers: onlyOwner,nonReentrant
        - [Pub] earn #
           - modifiers: whenNotPaused
        - [Int] buyBack #
        - [Int] distributeFees #
        - [Pub] convertDustToEarned #
           - modifiers: whenNotPaused
        - [Pub] pause #
        - [Ext] unpause #
        - [Pub] setEntranceFeeFactor #
        - [Pub] setControllerFee #
        - [Pub] setbuyBackRate #
        - [Pub] setGov #
        - [Pub] setOnlyGov #
        - [Pub] inCaseTokensGetStuck #