Dopex - Smart Contract Audit Report

Summary

Dopex Farm Audit Report Dopex is a decentralized option protocol which aims to maximize liquidity, minimize losses for option writers and maximize gains for option buyers - all in a passive manner for liquidity contributing participants.

For this audit, we reviewed Dopex's upcoming staking/farming platform. We reviewed the contracts at commit d5f9c3e1d28f71fb899d7de96c1b47b7c136e124 on the team's private GitHub.

    Notes on the Contract:
  • Users can stake their HTG tokens in this contract to earn NFTs as rewards.
  • Users will be able to claim an NFT after a certian number of blocks. The number of blocks one must wait decreases as one stakes a larger amount of tokens.
  • Users will not forfeit any tokens when redeeming the NFT.
  • Staking a second time will push back the user's redemption time.
  • Upon unstaking, users will receive all of the HTG tokens they deposited earlier.
  • The only ownership-restriction function allows the Owner to update the metadata URI.
  • SafeMath is utilized to prevent overflow issues.

Audit Findings Summary:
  • No security issues from external attackers were identified.
  • Date: May 6th, 2021

Combined Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview



 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  ReentrancyGuard 
    - [Int]  #

 + [Lib] Math 
    - [Int] max
    - [Int] min
    - [Int] average

 + [Int] IStakingRewards 
    - [Ext] lastTimeRewardApplicable
    - [Ext] rewardPerToken
    - [Ext] earned
    - [Ext] getRewardForDuration
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] stake ($)
    - [Ext] withdraw #
    - [Ext] getReward #
    - [Ext] exit #

 +  RewardsDistributionRecipient 
    - [Ext] notifyRewardAmount #

 +  StakingRewards (RewardsDistributionRecipient, ReentrancyGuard, Ownable)
    - [Pub]  #
       - modifiers: Ownable
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Pub] lastTimeRewardApplicable
    - [Pub] rewardPerToken
    - [Pub] earned
    - [Ext] stakeWithPermit ($)
       - modifiers: nonReentrant,updateReward
    - [Ext] stake ($)
       - modifiers: nonReentrant,updateReward
    - [Pub] withdraw #
       - modifiers: nonReentrant,updateReward
    - [Pub] withdrawRewardTokens #
       - modifiers: onlyOwner
    - [Pub] compound #
       - modifiers: nonReentrant,updateReward
    - [Pub] getReward #
       - modifiers: nonReentrant,updateReward
    - [Ext] exit #
    - [Ext] notifyRewardAmount #
       - modifiers: onlyRewardsDistribution,setReward

 + [Int] IUniswapV2ERC20 
    - [Ext] permit #

 +  StakingRewardsFactory (Ownable, ReentrancyGuard)
    - [Pub]  #
       - modifiers: Ownable
    - [Pub] deploy #
       - modifiers: onlyOwner
    - [Pub] withdrawRewardToken #
       - modifiers: onlyOwner
    - [Pub] withdrawRewardTokensFromContract #
       - modifiers: onlyOwner
    - [Pub] notifyRewardAmount #
    - [Pub] notifyRewardAmounts #