Defi Kingdoms - Smart Contract Audit Report
Summary
The Defi Kingdoms is a new DeFi platform for yield farming. The platforms also contains airdrop functionality and an additional way to earn rewards through the team's Bank contract.
For this audit we reviewed Defi Kingdoms's JewelToken, MasterGardener, Profile, AirDrop, AirdropClaim, Bank, Banker, and supporting contracts at commit aa0e6387ea18aa600e205a8d1a1b232b2295ce2f on GitHub.
Notes on the Contracts:
JewelToken:
- The JewelToken contract contains features to enable governance/voting.
- The token contains anti-whale logic during transfers, which limits the amount of tokens that can be transferred at once. Certain addresses can bypass this restriction if they are excluded by the owner.
- In order to transfer JewelTokens, the recipient must have a profile created through the Profile contract and reach a certain time of profile existence. Excluded recipients are not subject to the profile age requirement.
- There is a cap on the number of Jeweltokens that can be minted, however authorized users can update this cap at any time.
- Authorized users have the ability to mint tokens at any time up to a once-defined limit that is separate from the cap limit.
- Authorized users have the ability to lock a specified amount of any users JewelTokens. Upon locking, tokens are transferred from the holder to the JewelToken address until an authorized user specified unlock block, where a user can subsequently unlock their funds and have their tokens transferred back to them. Authorized users change the block at which funds are unlocked, however this will only update already locked funds.
- The owner can mint additional JewelTokens at any time.
- The owner can add or remove authorized access from any address at any time.
- The owner can change the max transfer amount used in the anti-whale logic at any time.
- The profile age requirement can be adjusted by the owner at any time.
- Authorized addresses can change the Profile contract used, which could change or erase existing profile data.
- The owner of this contract is the MasterGardener contract.
- Ownership of this contract can be transferred at any time.
MasterGardener:General Notes on Other Contracts:
- Users can stake various LP tokens into the MasterGardener contract in order to earn JewelTokens.
- The contract owner can add new token pools for users to stake at any time.
- There is a percentage based deposit fee which can be changed by the owner to any amount at any time. This deposit fee is global accross all pools.
- When withdrawing LP tokens from the contract, users are intended to be charged decreasing dev fees based on the time between their most recent withdrawal and their current one. These fee percentages and time windows will established when the contract is deployed, but can be changed by authorized users to any amount at any time.
- A dev fee, liquidity pool fee, community fund fee, and a founder's fee are all taken out of generated rewards. These rewards are percentage based and can be changed by the owner to any amount at any time.
- A pool's share of rewards generated can be changed by the owner at any time.
- Authorized users can update any fee address at any time.
- Authorized users can transfer ownership of the JewelToken contract at any time.
- Some gas optimizations could be achieved through marking functions external and variables constant.
- The contract utilizes SafeMath for overflow checks and ReentrancyGuard is also used to prevent any potential reentrancy issues.
Audit Findings Summary:
- The Airdrop contract allows the owner to distribute a defined amount of governance tokens to a list of addresses.
- The AirdropClaim contract allows the owner to set governance token balances for a list of addresses which can then be claimed by them if a claiming toggle is enabled. The contract also allows the owner to transfer an amount of tokens from the contract to a specified address.
- The Bank contract enables users to deposit governance tokens in enchange for minted shares of the bank's token. When withdrawing, the bank tokens are burned and the user will receive the equivalent amount back in governance tokens.
- The Bank contract is intended to receive fees for the governance token, in turn increasing the value of bank token shares over time.
- The Banker contract is intended to have ownership of the Bank contract and funds deposited to it. The contract removes liquidity earned from MasterGardener and converts it to governance tokens, which are then transferred to the bank.
- No security issues from outside attackers were identified.
- Ensure trust in the project team as they have substantial power in the ecosystem.
- Date: September 24th, 2021.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: MasterGardener
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ReentrancyGuard
- [Int] #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ Authorizable (Ownable)
- [Pub] addAuthorized #
- modifiers: onlyOwner
- [Pub] removeAuthorized #
- modifiers: onlyOwner
+ [Int] IProfiles
- [Ext] DEFAULT_ADMIN_ROLE
- [Ext] MODERATOR_ROLE
- [Ext] POINTS_ROLE
- [Ext] addPoints #
- [Ext] addressToIndex
- [Ext] addresses
- [Ext] changeHeroPic #
- [Ext] changeName #
- [Ext] changePic #
- [Ext] createProfile #
- [Ext] getAddressByName
- [Ext] getProfileByAddress
- [Ext] getProfileByName
- [Ext] getProfileCount
- [Ext] getRoleAdmin
- [Ext] grantRole #
- [Ext] hasRole
- [Ext] heroesNftContract
- [Ext] initialize #
- [Ext] nameTaken
- [Ext] nameToIndex
- [Ext] points
- [Ext] profileExists
- [Ext] profiles
- [Ext] renounceRole #
- [Ext] revokeRole #
- [Ext] setHeroes #
- [Ext] setNameLengths #
- [Ext] setPicMax #
- [Ext] supportsInterface
+ JewelToken (ERC20, Ownable, Authorizable)
- [Pub] #
- modifiers: ERC20
- [Pub] cap
- [Pub] capUpdate #
- modifiers: onlyAuthorized
- [Pub] setProfiles #
- modifiers: onlyAuthorized
- [Pub] setProfileAgeReq #
- modifiers: onlyAuthorized
- [Pub] lockFromUpdate #
- modifiers: onlyAuthorized
- [Pub] lockToUpdate #
- modifiers: onlyAuthorized
- [Pub] unlockedSupply
- [Pub] lockedSupply
- [Pub] circulatingSupply
- [Pub] totalLock
- [Int] _beforeTokenTransfer #
- [Int] _transfer #
- modifiers: antiWhale,onlyProfile
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] manualMint #
- modifiers: onlyAuthorized
- [Pub] totalBalanceOf
- [Pub] lockOf
- [Pub] lastUnlockBlock
- [Pub] lock #
- modifiers: onlyAuthorized
- [Pub] canUnlockAmount
- [Pub] unlockForUser #
- modifiers: onlyAuthorized
- [Pub] unlock #
- [Int] _unlock #
- [Pub] transferAll #
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId
- [Pub] updateMaxTransferAmountRate #
- modifiers: onlyAuthorized
- [Pub] maxTransferAmount
- [Pub] setExcludedFromAntiWhale #
- modifiers: onlyAuthorized
+ MasterGardener (Ownable, Authorizable, ReentrancyGuard)
- [Pub] #
- [Ext] poolLength
- [Pub] add #
- modifiers: onlyOwner,nonDuplicated
- [Pub] set #
- modifiers: onlyOwner
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Pub] getMultiplier
- [Pub] getLockPercentage
- [Pub] getPoolReward
- [Ext] pendingReward
- [Pub] claimRewards #
- [Pub] claimReward #
- [Int] _harvest #
- [Pub] getGlobalAmount
- [Pub] getGlobalRefAmount
- [Pub] getTotalRefs
- [Pub] getRefValueOf
- [Pub] deposit #
- modifiers: nonReentrant
- [Pub] withdraw #
- modifiers: nonReentrant
- [Pub] emergencyWithdraw #
- modifiers: nonReentrant
- [Int] safeGovTokenTransfer #
- [Pub] dev #
- modifiers: onlyAuthorized
- [Pub] bonusFinishUpdate #
- modifiers: onlyAuthorized
- [Pub] halvingUpdate #
- modifiers: onlyAuthorized
- [Pub] lpUpdate #
- modifiers: onlyAuthorized
- [Pub] comUpdate #
- modifiers: onlyAuthorized
- [Pub] founderUpdate #
- modifiers: onlyAuthorized
- [Pub] rewardUpdate #
- modifiers: onlyAuthorized
- [Pub] rewardMulUpdate #
- modifiers: onlyAuthorized
- [Pub] lockUpdate #
- modifiers: onlyAuthorized
- [Pub] lockdevUpdate #
- modifiers: onlyAuthorized
- [Pub] locklpUpdate #
- modifiers: onlyAuthorized
- [Pub] lockcomUpdate #
- modifiers: onlyAuthorized
- [Pub] lockfounderUpdate #
- modifiers: onlyAuthorized
- [Pub] starblockUpdate #
- modifiers: onlyAuthorized
- [Pub] getNewRewardPerBlock
- [Pub] userDelta
- [Pub] reviseWithdraw #
- modifiers: onlyAuthorized
- [Pub] reviseDeposit #
- modifiers: onlyAuthorized
- [Pub] setStageStarts #
- modifiers: onlyAuthorized
- [Pub] setStageEnds #
- modifiers: onlyAuthorized
- [Pub] setUserFeeStage #
- modifiers: onlyAuthorized
- [Pub] setDevFeeStage #
- modifiers: onlyAuthorized
- [Pub] setDevDepFee #
- modifiers: onlyAuthorized
- [Pub] setUserDepFee #
- modifiers: onlyAuthorized
- [Pub] reclaimTokenOwnership #
- modifiers: onlyAuthorized
Details: Profiles
($) = payable function
# = non-constant function
+ [Int] IAccessControlUpgradeable
- [Ext] hasRole
- [Ext] getRoleAdmin
- [Ext] grantRole #
- [Ext] revokeRole #
- [Ext] renounceRole #
+ Initializable
+ ContextUpgradeable (Initializable)
- [Int] __Context_init #
- modifiers: initializer
- [Int] __Context_init_unchained #
- modifiers: initializer
- [Int] _msgSender
- [Int] _msgData
+ [Lib] StringsUpgradeable
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ [Int] IERC165Upgradeable
- [Ext] supportsInterface
+ ERC165Upgradeable (Initializable, IERC165Upgradeable)
- [Int] __ERC165_init #
- modifiers: initializer
- [Int] __ERC165_init_unchained #
- modifiers: initializer
- [Pub] supportsInterface
+ AccessControlUpgradeable (Initializable, ContextUpgradeable, IAccessControlUpgradeable, ERC165Upgradeable)
- [Int] __AccessControl_init #
- modifiers: initializer
- [Int] __AccessControl_init_unchained #
- modifiers: initializer
- [Pub] supportsInterface
- [Pub] hasRole
- [Int] _checkRole
- [Pub] getRoleAdmin
- [Pub] grantRole #
- modifiers: onlyRole
- [Pub] revokeRole #
- modifiers: onlyRole
- [Pub] renounceRole #
- [Int] _setupRole #
- [Int] _setRoleAdmin #
- [Prv] _grantRole #
- [Prv] _revokeRole #
+ [Int] IHeroCore
- [Ext] heroIndexToOwner
- [Ext] ceoAddress
+ Profiles (AccessControlUpgradeable)
- [Pub] initialize #
- modifiers: initializer
- [Pub] profileExists
- [Pub] nameTaken
- [Pub] createProfile #
- [Pub] setHeroes #
- [Pub] setNameLengths #
- [Pub] setPicMax #
- [Pub] changeName #
- [Pub] changePic #
- [Pub] changeHeroPic #
- [Pub] getProfileCount
- [Pub] getProfileByAddress
- [Pub] getProfileByName
- [Pub] getAddressByName
- [Pub] addPoints #Details: Airdrop
($) = payable function
# = non-constant function
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Airdrop (Ownable)
- [Pub] #
- [Pub] sendBatch #
- modifiers: onlyOwner
Details: AirdropClaim
($) = payable function
# = non-constant function
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ AirdropClaim (Ownable)
- [Pub] #
- [Pub] setAirdrops #
- modifiers: onlyOwner
- [Pub] toggleEnabled #
- modifiers: onlyOwner
- [Pub] claimAirdrop #
- modifiers: isEnabled
- [Pub] transferTokens #
- modifiers: onlyOwner Details: Bank
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ Bank (ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] enter #
- [Pub] leave # Details: Banker
($) = payable function
# = non-constant function
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2ERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ Banker (Ownable)
- [Pub] #
- [Pub] bridgeFor
- [Ext] setBridge #
- modifiers: onlyOwner
- [Ext] convert #
- modifiers: onlyEOA
- [Ext] convertMultiple #
- modifiers: onlyEOA
- [Int] _convert #
- [Int] _convertStep #
- [Int] _swap #
- [Int] _toGovToken #