CryptoCurrent Crowdsale Platform - Smart Contract Audit Report
Summary
CryptoCurrent Crowdsale is a launchpad for projects to launch in a safe, trusted, and decentralized manner.
For this audit, we reviewed CryptoCurrent Crowdsale's contracts at commit 87760ed76378f5792f5c23de9fedb1d16d47dede on GitHub.Notes on the Contracts:Any team member can call the deployIDO() function to generate a presale, passing in variables around the presale when doing so. Up to six tiers exist, including the main sale, allowing for presale prices to change over time and for different users. Each tier in the sale will last for 30 minutes, and then the main sale for 24 hours. The contract which deploys these presales will hold information on user's tier levels, which are based on the amount of LP tokens staked in the contract. The team can update teh address of the token being staked at any time - we advise removing this ability. While the sale is active, users can deposit BNB to purchase tokens in a presale. The team can pause or end the presale at any time. If paused or ended, users will be able to claim a refund and the team can claim back the tokens put up for sale. After the presale has been finalized, users can withdraw their purchased tokens and the team can claim their share of the raised funds, split among all team members. The CryptoCurrent team has the ability to update token allocations and take over presales via their ability to set managers of any presale. Proper structuring of logic around base layer token transfers to prevent reentrancy issues. The contracts utilize SafeMath to prevent overflow issues.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the CryptoCurrent team as they have substantial power in presales.
- The developer has completed KYC with our firm.
- Date: April 30th, 2021.
- Update Date: April 30th, 2021 - Resolution of some logicic issues.
External Threats
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | Pass |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IToken
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] burn #
+ [Int] IIDOCrowdsale
- [Ext] setSetting #
- [Ext] setDist #
- [Ext] setManager #
- [Ext] addTeam #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _verifyCallResult
+ ReentrancyGuard
- [Pub] #
+ [Int] IRouter
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidityETH #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Prv] _callOptionalReturn #
+ IDOCrowdsale (IIDOCrowdsale, Ownable, ReentrancyGuard)
- [Pub] #
- [Ext] ($)
- modifiers: allowDeposit
- [Pub] purchase ($)
- modifiers: nonReentrant,allowDeposit
- [Pub] maximumTokensForSale
- [Int] _computeTokenShareForPreSale #
- [Int] _computeTokenShareForSale #
- [Pub] startSale #
- modifiers: onlyManagers
- [Int] setSchedule #
- [Pub] preSaleStarted
- [Pub] mainSaleStarted
- [Pub] setBaseAllocation #
- modifiers: onlyManagers
- [Pub] getMaxTierAllocation
- [Pub] getMaxBNBSend
- [Pub] getIDOContractTokenBalance
- [Pub] getCurrentTier
- [Pub] availableAllocationLeft
- [Pub] availableAllocationLeftinBNB
- [Pub] pauseSale #
- modifiers: onlyManagers
- [Pub] unPauseSale #
- modifiers: onlyManagers
- [Pub] shutOffSale #
- modifiers: onlyManagers
- [Pub] finalizeSale #
- modifiers: onlyManagers
- [Pub] computeDistribution #
- modifiers: onlyManagers
- [Pub] claim #
- modifiers: nonReentrant,allowClaim
- [Pub] withdraw #
- modifiers: nonReentrant,allowRefund
- [Pub] teamWithdraw #
- modifiers: nonReentrant,allowClaim
- [Pub] addTeam #
- modifiers: onlyOwner
- [Pub] setManager #
- modifiers: onlyOwner
- [Pub] setDist #
- modifiers: onlyManagers
- [Pub] setSetting #
- modifiers: onlyOwner
- [Pub] setIDOToken #
- modifiers: onlyManagers
- [Pub] createPair #
- modifiers: onlyManagers
- [Pub] sendLP #
- modifiers: onlyManagers
- [Pub] issuerDeposit #
- modifiers: onlyIssuer
- [Pub] issuerTokenRefund #
- modifiers: onlyIssuer
- [Pub] issuerWithdraw #
- modifiers: onlyIssuer
- [Pub] issuerBurn #
- modifiers: onlyManagers
- [Int] _sendValue #
+ IDOManager (Ownable)
- [Pub] #
- [Pub] deployIDO #
- modifiers: onlyTeam
- [Pub] setIDOSetting #
- modifiers: onlyOwner
- [Pub] setTokensAndLp #
- modifiers: onlyTeam
- [Pub] setDistribution #
- modifiers: onlyOwner
- [Pub] setManager #
- modifiers: onlyOwner
- [Pub] addManager #
- modifiers: onlyOwner
- [Pub] setTeam #
- modifiers: onlyOwner
- [Pub] getTeam
- [Pub] setMinimumLPVLTLockTime #
- modifiers: onlyTeam
- [Pub] setMinimumLP #
- modifiers: onlyTeam
- [Pub] depositLP #
- [Pub] withdrawLP #
- [Pub] doesUserHaveLPStaked
- [Pub] depositVLT #
- [Pub] withdrawVLT #
- [Pub] userTierLevel
- [Pub] userDepositTierLevel
- [Pub] isTeamMember