CumRocket Farm Token & Staking Contracts - Smart Contract Audit Report
CumRocket is building an NFT marketplace on the Binance Smart Chain.
For this audit, we reviewed the project's upcoming farm contract at 0xfdcf8223691a619ad7398d05158bc751b6bf7fb9 on the Binance Smart Chain mainnet.
Notes on the Contract:
Audit Findings Summary:
- Users can stake CUMMIES/BNB LP tokens from Pancakeswap in order to earn rewards in CumRocket's CUMMIES token.
- There is a fee associated with making a deposit to the contract, set by the team for each staked asset.
- There is no fee associated with making a withdraw from the contract.
- Users can claim their pending rewards at any time. In addition, if a user has pending rewards and stakes additional tokens, their rewards will be claimed automatically.
- In case of an error or missing rewards, users can use an emergency withdraw function to recover their staked funds.
- The team has the ability to add other assets for staking, and other tokens to be used for rewards.
- The team also has the ability to recover any ERC20 tokens which are not staked.
- The team can withdraw the rewards from the contract at any time.
- The percPrecision variable could have be constant to save gas both on deployment and each reference.
- Utilization of SafeMath and SafeERC20 to prevent overflows and ensure safe token transfers.
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have some control in the ecosystem.
- Date: June 17th, 2021.
- Update June 23rd, 2021 - The contract is now deployed to 0xD31E1eD22d862a191008f8585026D7376758A999
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||Pass|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Lib] Math - [Int] max - [Int] min - [Int] average + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Int] functionStaticCall - [Int] functionStaticCall - [Int] functionDelegateCall # - [Int] functionDelegateCall # - [Prv] _verifyCallResult + [Lib] SafeERC20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] callOptionalReturn # + Context - [Int]
# - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Int] # - [Pub] owner - [Pub] isOwner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Int] _transferOwnership # - [Pub] getUnlockTime - [Pub] lock # - modifiers: onlyOwner - [Pub] unlock # + CumFarm (Ownable) - [Pub] # - [Ext] getContractStakingBalance - [Ext] balanceOf - [Ext] getContractRewardBalance - [Prv] updateUserRewardBlock # - [Pub] getUserCurrentRewards - [Ext] updateStakingToken # - modifiers: onlyOwner - [Ext] addRewardToken # - modifiers: onlyOwner - [Ext] updateRewardToken # - modifiers: onlyOwner - [Prv] setHolderStrength # - [Ext] calculateHolderStrength - [Ext] getHolderStrength - [Ext] getTotalStrength - [Pub] getHolderPercentage - [Ext] stake # - [Pub] withdraw # - [Pub] withdrawAllRewards # - [Int] updateContractRewardBalance # - [Pub] withdrawReward # - [Ext] emergencyExit # - [Prv] getRewardsAmount - [Int] updateRewards # - [Int] updateUsersReward # - [Ext] recoverERC20 # - modifiers: onlyOwner - [Ext] emergencyRewardTokensWithdrawal # - modifiers: onlyOwner - [Ext] refreshRewards # - modifiers: onlyOwner