Doge Dash Farm - Smart Contract Audit Report

Summary

 DogeDash Audit Report Doge Dash is building a new yield farming platform with a referral system and a token locker.

We reviewed the project team's DogeDashFarm, TokenReferral, TokenLocker, and Timelock contracts using code provided to us by the project team.

We previously reviewed the project team's token contract here.

Notes on Individual Contracts:
DogeDashFarm Contract:
  • Anyone can use this contract to deposit tokens into various staking pools configured by the project team.
  • Each pool has its own staking token, allocation weight, deposit fee of up to 4%, and harvest interval time up to 90 days determined by the project team.
  • Users who participate in the staking pools will receive a reward amount proportional to the allocation weight assigned to the pool on each block; staking rewards are calculated and harvested on deposits and withdrawals.
  • Staking rewards will not accrue after the end block number has passed.
  • Staking rewards are locked in the contract until the harvest interval period has passed. Each time rewards are harvested, the harvest interval timer is reset.
  • On deposits, users can specify a referrer address which can earn up an additional 10% on top of the user's staking rewards.
  • Referral rewards are distributed along with staking rewards.
  • Users can also trigger an emergency withdraw, which will transfer all the user's deposited staked tokens to their wallet address, without calculating rewards.
  • The owner must use the addBalance() function to transfer reward tokens to the contract and specify the end block for these rewards. This is required in order to determine the amount of available tokens. Otherwise, rewards will be discontinued.
  • The owner can set the reward emission rate and the end block number at any time.
  • The owner can set the dev address, the fee address, and the Token Referral contract address at any time.
  • The owner can set the referral commission rate to any value up to 10% at any time.
  • The owner can set the allocation points, the deposit fee, and the harvest interval time for any existing pool at any time.
  • The owner can add pools for various tokens.
  • The owner can withdraw any tokens erroneously sent to the contract at any time.
TokenReferral Contract:
  • This contract is used by approved Operators to keep track of referrals and their earned commission over time.
  • The owner is able grant or revoke Operator status to any address at any time.
  • The owner is able to withdraw any BEP20 tokens erroneously sent to the contract at any time.
TokenLocker Contract:
  • This contract contains a single function that allows only the owner to withdraw any tokens from the contract at any time.
Timelock Contract:
  • This contract is used to enforce a delay period before a transaction is executed.
  • The contract Admin and delay time are set upon deployment.
  • The delay can be between 6 hours and 30 days.
  • The Admin is able to queue a transaction which they cannot execute until the delay period has passed.
  • After the delay period, the Admin must manually execute the transaction before the grace period of 14 days has passed.
  • Ensure trust in the Admin as the Timelock contract will execute any arbitrary code the Admin desires.
  • The Admin may cancel the transaction at any time.
  • The Admin may set a new pending Admin address at any time. This address must then accept the Admin role.
  • The Admin may set the delay to any value within the accepted range.
  • We advise users who have invested in the project to set up email alerts for the Timelock contract's activity using Etherscan to stay up to date on any proposed admin activity.
General Notes Across All Contracts:
  • Excellent structuring of logic to allow for fee-on-transfer tokens to be used as staking tokens in the DogeDash Farm.
  • The contracts utilize ReentrancyGuard to prevent against re-entrancy attacks in applicable functions.
  • The team worked with us to implement changes related to gas optimization.
  • The contracts utilize the SafeMath library to prevent overflows.

Audit Findings Summary:
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as they have notable control in the ecosystem.
  • Date: November 20th, 2021.
  • Updated: November 22th, 2021 to cover logic related to an end block number for the staking contract.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

DogeDash Farm Contract

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] ITokenReferral 
    - [Ext] recordReferral #
    - [Ext] recordReferralCommission #
    - [Ext] getReferrer

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  ReentrancyGuard 
    - [Int]  #

 +  DogeDashFarm (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] poolLength
    - [Pub] add #
       - modifiers: onlyOwner
    - [Pub] set #
       - modifiers: onlyOwner
    - [Pub] getMultiplier
    - [Ext] pendingToken
    - [Pub] canHarvest
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Pub] deposit #
       - modifiers: nonReentrant
    - [Pub] withdraw #
       - modifiers: nonReentrant
    - [Pub] emergencyWithdraw #
       - modifiers: nonReentrant
    - [Int] payOrLockupPendingToken #
    - [Pub] setDevAddress #
    - [Pub] setFeeAddress #
    - [Pub] updateEmissionRate #
       - modifiers: onlyOwner
    - [Pub] setTokenReferral #
       - modifiers: onlyOwner
    - [Pub] setReferralCommissionRate #
       - modifiers: onlyOwner
    - [Int] payReferralCommission #
    - [Pub] addBalance #
       - modifiers: onlyOwner
    - [Int] mint #
    - [Int] safeTokenTransfer #
    - [Pub] getBlock

Token Referral Contract

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] ITokenReferral 
    - [Ext] recordReferral #
    - [Ext] recordReferralCommission #
    - [Ext] getReferrer

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  TokenReferral (ITokenReferral, Ownable)
    - [Pub] recordReferral #
       - modifiers: onlyOperator
    - [Pub] recordReferralCommission #
       - modifiers: onlyOperator
    - [Pub] getReferrer
    - [Ext] updateOperator #
       - modifiers: onlyOwner
    - [Ext] drainBEP20Token #
       - modifiers: onlyOwner

Token Locker Contract

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  TokenLocker (Ownable)
    - [Pub] unlock #
       - modifiers: onlyOwner

TimeLock Contract

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Timelock 
    - [Pub]  #
    - [Ext]  ($)
    - [Pub] setDelay #
    - [Pub] acceptAdmin #
    - [Pub] setPendingAdmin #
    - [Pub] queueTransaction #
    - [Pub] cancelTransaction #
    - [Pub] executeTransaction ($)
    - [Int] getBlockTimestamp