Doge Dash Game - Smart Contract Audit Report
Summary
DogeDashGame is a new platform used to manage the DogeDash tokens of users that are interacting with the Doge Dash game.
For this audit, we reviewed the DogeDashGame contract provided to us by the team.
We previously reviewed the project team's token contract here and yield farming platform here.
Notes on the Contract:Audit Findings Summary
- Any user that is on the whitelist is able to deposit exactly 100 DogeDash tokens at a time.
- Deposited tokens will be transferred from the user to the owner.
- An Admin contract must request a withdrawal on the behalf of users.
- The Admin contract was not provided in the scope of this audit, so we are unable to provide an assessment of this contract with regards to security.
- The owner must supply the DogeDash tokens to this contract, otherwise any withdrawals will be unsuccessful.
- Users must have deposited a minimum amount of tokens to be able to withdraw. This value defaults to 100 tokens.
- There is a maximum amount of tokens allowed per withdrawal. This value defaults to 10,000 tokens.
- When withdrawing, the user's balance will be set to 0 regardless of the actual amount being withdrawn. The Admin wallet is intended to enforce accuracy of these withdrawals.
- Users on the blacklist will be unable to deposit or withdraw from the contract.
- Players are limited to one withdraw every 5 minutes.
- The game version will default to 0. This must be the same version as the user's version in order to interact with the contract.
- The owner may add and remove any address from the blacklist and whitelist, as well as toggling use of the whitelist at any time.
- The owner may set the amount of tokens per deposit to any value at any time.
- The owner may update the minimum and maximum amount allowed to be withdrawn to any value at any time.
- The owner may update the frequency with which players are allowed to withdraw at any time.
- The owner may update the Admin contract address at any time.
- The owner may pause the contract, disabling all deposit and withdrawal functionality, at any time.
- The owner may withdraw any DogeDash and BNB within the contract at any time.
- A secondary owner address, that is set at deployment, may claim ownership at any time.
- Ensure trust in the team as they have significant control within the ecosystem.
- Date: December 10th, 2021.
- Updated: December 14th, 2021 to add various changes to withdrawal logic.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | The team must manually provide tokens for users to be able to claim rewards. | WARNING |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unbounded Loops | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
DogeDashGame Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
- [Int] _grantToSecondOwner #
+ DogeDashGame (Ownable)
- [Pub] Constructor #
- [Pub] deposit #
- modifiers: checkVersion,notBlacklist,inWhiteList,isNotPaused
- [Pub] withdrawToPlayer #
- modifiers: checkVersion,isNotPaused,onlyAdmin
- [Ext] add_blacklist #
- modifiers: onlyOwner
- [Ext] remove_blacklist #
- modifiers: onlyOwner
- [Ext] add_whitelists #
- modifiers: onlyOwner
- [Ext] remove_whitelist #
- modifiers: onlyOwner
- [Ext] updateDepositAmount #
- modifiers: onlyOwner
- [Ext] updateMultiplier #
- modifiers: onlyOwner
- [Ext] updateMaxWithdrawAmount #
- modifiers: onlyOwner
- [Ext] updateMinWithdrawAmount #
- modifiers: onlyOwner
- [Ext] updatePlayerWithdrawRate #
- modifiers: onlyOwner
- [Ext] updateMinRequiredAmount #
- modifiers: onlyOwner
- [Ext] updateAdminWallet #
- modifiers: onlyOwner
- [Ext] updateGameVersion #
- modifiers: onlyOwner
- [Ext] setGamePaused #
- modifiers: onlyOwner
- [Ext] setWhitelistUsable #
- modifiers: onlyOwner
- [Ext] grantOwnerToSecondOwner #
- [Ext] withdrawBNB #
- modifiers: onlyOwner
- [Prv] _widthdraw #
- [Ext] withdrawDogeDash #
- modifiers: onlyOwner