Doge Dash Game - Smart Contract Audit Report


crypto_audit DogeDashGame is a new platform used to manage the DogeDash tokens of users that are interacting with the Doge Dash game.

For this audit, we reviewed the DogeDashGame contract provided to us by the team.

We previously reviewed the project team's token contract here and yield farming platform here.

Notes on the Contract:
  • Any user that is on the whitelist is able to deposit exactly 100 DogeDash tokens at a time.
  • Deposited tokens will be transferred from the user to the owner.
  • An Admin contract must request a withdrawal on the behalf of users.
  • The Admin contract was not provided in the scope of this audit, so we are unable to provide an assessment of this contract with regards to security.
  • The owner must supply the DogeDash tokens to this contract, otherwise any withdrawals will be unsuccessful.
  • Users must have deposited a minimum amount of tokens to be able to withdraw. This value defaults to 100 tokens.
  • There is a maximum amount of tokens allowed per withdrawal. This value defaults to 10,000 tokens.
  • When withdrawing, the user's balance will be set to 0 regardless of the actual amount being withdrawn. The Admin wallet is intended to enforce accuracy of these withdrawals.
  • Users on the blacklist will be unable to deposit or withdraw from the contract.
  • Players are limited to one withdraw every 5 minutes.
  • The game version will default to 0. This must be the same version as the user's version in order to interact with the contract.
  • The owner may add and remove any address from the blacklist and whitelist, as well as toggling use of the whitelist at any time.
  • The owner may set the amount of tokens per deposit to any value at any time.
  • The owner may update the minimum and maximum amount allowed to be withdrawn to any value at any time.
  • The owner may update the frequency with which players are allowed to withdraw at any time.
  • The owner may update the Admin contract address at any time.
  • The owner may pause the contract, disabling all deposit and withdrawal functionality, at any time.
  • The owner may withdraw any DogeDash and BNB within the contract at any time.
  • A secondary owner address, that is set at deployment, may claim ownership at any time.
Audit Findings Summary
  • Ensure trust in the team as they have significant control within the ecosystem.
  • Date: December 10th, 2021.
  • Updated: December 14th, 2021 to add various changes to withdrawal logic.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe team must manually provide tokens for users to be able to claim rewards.WARNING
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unbounded LoopsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

DogeDashGame Contract



 ($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub] Constructor #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #
    - [Int] _grantToSecondOwner #

 +  DogeDashGame (Ownable)
    - [Pub] Constructor #
    - [Pub] deposit #
       - modifiers: checkVersion,notBlacklist,inWhiteList,isNotPaused
    - [Pub] withdrawToPlayer #
       - modifiers: checkVersion,isNotPaused,onlyAdmin
    - [Ext] add_blacklist #
       - modifiers: onlyOwner
    - [Ext] remove_blacklist #
       - modifiers: onlyOwner
    - [Ext] add_whitelists #
       - modifiers: onlyOwner
    - [Ext] remove_whitelist #
       - modifiers: onlyOwner
    - [Ext] updateDepositAmount #
       - modifiers: onlyOwner
    - [Ext] updateMultiplier #
       - modifiers: onlyOwner
    - [Ext] updateMaxWithdrawAmount #
       - modifiers: onlyOwner
    - [Ext] updateMinWithdrawAmount #
       - modifiers: onlyOwner
    - [Ext] updatePlayerWithdrawRate #
       - modifiers: onlyOwner
    - [Ext] updateMinRequiredAmount #
       - modifiers: onlyOwner
    - [Ext] updateAdminWallet #
       - modifiers: onlyOwner
    - [Ext] updateGameVersion #
       - modifiers: onlyOwner
    - [Ext] setGamePaused #
       - modifiers: onlyOwner
    - [Ext] setWhitelistUsable #
       - modifiers: onlyOwner
    - [Ext] grantOwnerToSecondOwner #
    - [Ext] withdrawBNB #
       - modifiers: onlyOwner
    - [Prv] _widthdraw #
    - [Ext] withdrawDogeDash #
       - modifiers: onlyOwner