DBook - Smart Contract Audit Report

Summary

DBook Token Audit Report DBook intends to build a community-owned DAO with numerous projects under its advisement.

For this audit, we analyzed the project's base controller contract, staking and whitelisted-staking contracts, and their team contract. We reviewed the team's code at commit cc4d51839e84ac7b7b755f6f92e901298bae69bc and again at commit fc4fea2b6843a0f9404e73329cce247fc622d387 on GitHub

Notes on the Staking Contracts:
  • Users can stake tokens into the DBKStake contract into order to earn DBook tokens.
  • The Whitelisted variant of the DBKStake contract allows only whitelisted users to use the contract. The whitelist is controlled by the team.
  • User's deposits will be subject to a multiplier for longer staking periods. A longer stake will provide for an increased reward rate.
  • When a user withdraws from the contract, their rewards will automaticlaly be claimed.
  • The project team can pause deposits and withdraws on the staking contracts at any time.
  • The project team can replenish reward tokens, and withdraw unallocated reward tokens and other tokens in the contract as well.
  • The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.
  • All of the contracts are to be deployed behind upgradable proxies; allowing the team to swap out these contracts with new ones at any time.

  • Notes on the Base Contract:
  • The base contract allows the project to withdraw funds gradually over time.
  • The project can only withdraw every so often, and can only claim a certian amount of tokens each period, and only when the platform is operating at a loss.
  • A call to an external DBook API contract is used to obtain Chainlink data in order to make the determination that the platform is operating at a loss.
  • The team can update the number of days between withdraws and the amount of tokens per withdraw.

  • Notes on the Team Contract:
  • This contract will hold DBK tokens allocated to the team.
  • The team will perform the initial funding of the contract, along with defining the total lock time, and the duration of each vesting period.
  • The team will be able to claim a certian amount of tokens each vesting period.
  • Once the full lock time has elapsed, the team will be able to claim the full DBK balance of the contract.
  • The team can add other team members to enable them to claim tokens.

  • General notes on the Contracts:
  • ReentrancyGuard is used on applicable functions to prevent reentrancy issues.
  • Utilization of SafeMath and SafeERC20 across contracts to prevent overflows and ensure safe transfers.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have notable control in the ecosystem.
    • Date: June 17th, 2021

    Combined External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details: DBKBaseContract


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] AddressUpgradeable 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     +  Initializable 
        - [Prv] _isConstructor
    
     +  ContextUpgradeable (Initializable)
        - [Int] __Context_init #
           - modifiers: initializer
        - [Int] __Context_init_unchained #
           - modifiers: initializer
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Lib] SafeMathUpgradeable 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Int] IERC20Upgradeable 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  ReentrancyGuardUpgradeable (Initializable)
        - [Int] __ReentrancyGuard_init #
           - modifiers: initializer
        - [Int] __ReentrancyGuard_init_unchained #
           - modifiers: initializer
    
     + [Lib] EnumerableSetUpgradeable 
        - [Prv] _add #
        - [Prv] _remove #
        - [Prv] _contains
        - [Prv] _length
        - [Prv] _at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
    
     +  AccessControlUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __AccessControl_init #
           - modifiers: initializer
        - [Int] __AccessControl_init_unchained #
           - modifiers: initializer
        - [Pub] hasRole
        - [Pub] getRoleMemberCount
        - [Pub] getRoleMember
        - [Pub] getRoleAdmin
        - [Pub] grantRole #
        - [Pub] revokeRole #
        - [Pub] renounceRole #
        - [Int] _setupRole #
        - [Int] _setRoleAdmin #
        - [Prv] _grantRole #
        - [Prv] _revokeRole #
    
     +  PausableUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __Pausable_init #
           - modifiers: initializer
        - [Int] __Pausable_init_unchained #
           - modifiers: initializer
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     + [Int] IDBKAPI 
        - [Ext] checkUpdateTime
        - [Ext] checkLoss
    
     +  DBKBaseContract (Initializable, ReentrancyGuardUpgradeable, AccessControlUpgradeable)
        - [Pub] initialize #
           - modifiers: initializer
        - [Pub] withdrawFunds #
           - modifiers: onlyBaseAdmin
        - [Int] checkLoss
        - [Pub] changePercentageCap #
           - modifiers: onlyController
        - [Pub] changeWithdrawLength #
           - modifiers: onlyController
        - [Ext] setDBKAPIConsumer #
           - modifiers: onlyBaseAdmin
        - [Pub] addController #
           - modifiers: onlyDefaultAdmin
        - [Pub] addBaseAdmin #
           - modifiers: onlyDefaultAdmin


    Details: MasterChef Staking


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] SafeMath 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Prv] _verifyCallResult
    
     + [Lib] SafeBEP20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     +  ReentrancyGuard 
        - [Int]  #
    
     +  BEP20 (Context, IBEP20, Ownable)
        - [Pub]  #
        - [Ext] getOwner
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _burnFrom #
    
     +  DBookToken (BEP20)
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Ext] delegates
        - [Ext] delegate #
        - [Ext] delegateBySig #
        - [Ext] getCurrentVotes
        - [Ext] getPriorVotes
        - [Int] _delegate #
        - [Int] _moveDelegates #
        - [Int] _writeCheckpoint #
        - [Int] safe32
        - [Int] getChainId
    
     +  MasterChefV2 (Ownable, ReentrancyGuard)
        - [Pub]  #
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner,nonDuplicated
        - [Pub] set #
           - modifiers: onlyOwner,poolExists
        - [Pub] getMultiplier
        - [Ext] pendingDBook
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
           - modifiers: nonReentrant,poolExists
        - [Pub] withdraw #
           - modifiers: nonReentrant,poolExists
        - [Pub] enterStaking #
        - [Pub] leaveStaking #
        - [Pub] emergencyWithdraw #
           - modifiers: nonReentrant,poolExists
        - [Int] safeDBookTransfer #
        - [Pub] dev #
        - [Pub] setFeeAddressBb #
        - [Pub] setFeeAddressSt #
    							


    Details: DBKStake


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] AddressUpgradeable 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     +  Initializable 
        - [Prv] _isConstructor
    
     +  ContextUpgradeable (Initializable)
        - [Int] __Context_init #
           - modifiers: initializer
        - [Int] __Context_init_unchained #
           - modifiers: initializer
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20Upgradeable 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] MathUpgradeable 
        - [Int] max
        - [Int] min
        - [Int] average
    
     + [Lib] SafeMathUpgradeable 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Lib] SafeERC20Upgradeable 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  ReentrancyGuardUpgradeable (Initializable)
        - [Int] __ReentrancyGuard_init #
           - modifiers: initializer
        - [Int] __ReentrancyGuard_init_unchained #
           - modifiers: initializer
    
     + [Lib] EnumerableSetUpgradeable 
        - [Prv] _add #
        - [Prv] _remove #
        - [Prv] _contains
        - [Prv] _length
        - [Prv] _at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
    
     +  AccessControlUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __AccessControl_init #
           - modifiers: initializer
        - [Int] __AccessControl_init_unchained #
           - modifiers: initializer
        - [Pub] hasRole
        - [Pub] getRoleMemberCount
        - [Pub] getRoleMember
        - [Pub] getRoleAdmin
        - [Pub] grantRole #
        - [Pub] revokeRole #
        - [Pub] renounceRole #
        - [Int] _setupRole #
        - [Int] _setRoleAdmin #
        - [Prv] _grantRole #
        - [Prv] _revokeRole #
    
     +  PausableUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __Pausable_init #
           - modifiers: initializer
        - [Int] __Pausable_init_unchained #
           - modifiers: initializer
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     +  DBKStake (ReentrancyGuardUpgradeable, PausableUpgradeable, AccessControlUpgradeable)
        - [Pub] initialize #
           - modifiers: initializer
        - [Pub] seedFirstPool #
           - modifiers: onlyAdmin
        - [Pub] stake #
           - modifiers: nonReentrant,whenNotPaused
        - [Pub] unstake #
           - modifiers: nonReentrant,whenNotPaused
        - [Pub] adminDepositForNextPool #
           - modifiers: onlyAdmin
        - [Pub] addAdmin #
           - modifiers: onlyAdmin
        - [Pub] adminRescueTokens #
           - modifiers: onlyAdmin
        - [Int] _userStakedRequirements
        - [Int] _calculateReward
        - [Int] _calculateMultiplier
        - [Int] _updateTime #
        - [Int] totalStakingSupplyOnCylce
        - [Pub] earnedOnCycle
        - [Pub] durationStaked
        - [Pub] isAdmin
        - [Pub] multiplier


    Details: DBKStakeWhitelist.sol


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] AddressUpgradeable 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     +  Initializable 
        - [Prv] _isConstructor
    
     +  ContextUpgradeable (Initializable)
        - [Int] __Context_init #
           - modifiers: initializer
        - [Int] __Context_init_unchained #
           - modifiers: initializer
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20Upgradeable 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] MathUpgradeable 
        - [Int] max
        - [Int] min
        - [Int] average
    
     + [Lib] SafeMathUpgradeable 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Lib] SafeERC20Upgradeable 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  ReentrancyGuardUpgradeable (Initializable)
        - [Int] __ReentrancyGuard_init #
           - modifiers: initializer
        - [Int] __ReentrancyGuard_init_unchained #
           - modifiers: initializer
    
     + [Lib] EnumerableSetUpgradeable 
        - [Prv] _add #
        - [Prv] _remove #
        - [Prv] _contains
        - [Prv] _length
        - [Prv] _at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
    
     +  AccessControlUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __AccessControl_init #
           - modifiers: initializer
        - [Int] __AccessControl_init_unchained #
           - modifiers: initializer
        - [Pub] hasRole
        - [Pub] getRoleMemberCount
        - [Pub] getRoleMember
        - [Pub] getRoleAdmin
        - [Pub] grantRole #
        - [Pub] revokeRole #
        - [Pub] renounceRole #
        - [Int] _setupRole #
        - [Int] _setRoleAdmin #
        - [Prv] _grantRole #
        - [Prv] _revokeRole #
    
     +  PausableUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __Pausable_init #
           - modifiers: initializer
        - [Int] __Pausable_init_unchained #
           - modifiers: initializer
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     +  DBKStake (ReentrancyGuardUpgradeable, PausableUpgradeable, AccessControlUpgradeable)
        - [Pub] initialize #
           - modifiers: initializer
        - [Pub] seedFirstPool #
           - modifiers: onlyAdmin
        - [Pub] stake #
           - modifiers: nonReentrant,whenNotPaused
        - [Pub] unstake #
           - modifiers: nonReentrant,whenNotPaused
        - [Pub] adminDepositForNextPool #
           - modifiers: onlyAdmin
        - [Pub] addAdmin #
           - modifiers: onlyAdmin
        - [Pub] updateWhitelist #
           - modifiers: onlyAdmin
        - [Pub] adminRescueTokens #
           - modifiers: onlyAdmin
        - [Int] _userStakedRequirements
        - [Int] _calculateReward
        - [Int] _calculateMultiplier
        - [Int] _updateTime #
        - [Int] totalStakingSupplyOnCylce
        - [Pub] earnedOnCycle
        - [Pub] durationStaked
        - [Pub] isAdmin
        - [Pub] multiplier


    Details: DBKTeamContract


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] AddressUpgradeable 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     +  Initializable 
        - [Prv] _isConstructor
    
     +  ContextUpgradeable (Initializable)
        - [Int] __Context_init #
           - modifiers: initializer
        - [Int] __Context_init_unchained #
           - modifiers: initializer
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20Upgradeable 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  ReentrancyGuardUpgradeable (Initializable)
        - [Int] __ReentrancyGuard_init #
           - modifiers: initializer
        - [Int] __ReentrancyGuard_init_unchained #
           - modifiers: initializer
    
     + [Lib] EnumerableSetUpgradeable 
        - [Prv] _add #
        - [Prv] _remove #
        - [Prv] _contains
        - [Prv] _length
        - [Prv] _at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
        - [Int] add #
        - [Int] remove #
        - [Int] contains
        - [Int] length
        - [Int] at
    
     +  AccessControlUpgradeable (Initializable, ContextUpgradeable)
        - [Int] __AccessControl_init #
           - modifiers: initializer
        - [Int] __AccessControl_init_unchained #
           - modifiers: initializer
        - [Pub] hasRole
        - [Pub] getRoleMemberCount
        - [Pub] getRoleMember
        - [Pub] getRoleAdmin
        - [Pub] grantRole #
        - [Pub] revokeRole #
        - [Pub] renounceRole #
        - [Int] _setupRole #
        - [Int] _setRoleAdmin #
        - [Prv] _grantRole #
        - [Prv] _revokeRole #
    
     + [Lib] SafeMathUpgradeable 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Lib] SafeERC20Upgradeable 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  DBKTeamContract (Initializable, ReentrancyGuardUpgradeable, AccessControlUpgradeable)
        - [Pub] initialize #
           - modifiers: initializer
        - [Pub] addTeamFund #
           - modifiers: onlyTeamAdmin
        - [Pub] addTeamMember #
           - modifiers: onlyTeamAdmin
        - [Ext] addTeamAdmin #
           - modifiers: onlyTeamAdmin
        - [Int] addTeamMember #
           - modifiers: onlyTeamAdmin
        - [Ext] claimTokens #
           - modifiers: onlyTeamMember,nonReentrant
        - [Pub] calculateReward
        - [Pub] memberAllocation
        - [Pub] memberStartTime
        - [Pub] isTeamAdmin
        - [Pub] isTeamMember