Dopex - Smart Contract Audit Report
Summary
Dopex is a decentralized option protocol which aims to maximize liquidity, minimize losses for option writers and maximize gains for option buyers - all in a passive manner for liquidity contributing participants.
For this audit, we reviewed Dopex's upcoming staking/farming platform. We reviewed the contracts at commit d5f9c3e1d28f71fb899d7de96c1b47b7c136e124 on the team's private GitHub.Notes on the Contract:
Audit Findings Summary:- Users can stake their HTG tokens in this contract to earn NFTs as rewards.
- Users will be able to claim an NFT after a certian number of blocks. The number of blocks one must wait decreases as one stakes a larger amount of tokens.
- Users will not forfeit any tokens when redeeming the NFT.
- Staking a second time will push back the user's redemption time.
- Upon unstaking, users will receive all of the HTG tokens they deposited earlier.
- The only ownership-restriction function allows the Owner to update the metadata URI.
- SafeMath is utilized to prevent overflow issues.
- No security issues from external attackers were identified.
- Date: May 6th, 2021
Combined Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ReentrancyGuard
- [Int] #
+ [Lib] Math
- [Int] max
- [Int] min
- [Int] average
+ [Int] IStakingRewards
- [Ext] lastTimeRewardApplicable
- [Ext] rewardPerToken
- [Ext] earned
- [Ext] getRewardForDuration
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] stake ($)
- [Ext] withdraw #
- [Ext] getReward #
- [Ext] exit #
+ RewardsDistributionRecipient
- [Ext] notifyRewardAmount #
+ StakingRewards (RewardsDistributionRecipient, ReentrancyGuard, Ownable)
- [Pub] #
- modifiers: Ownable
- [Ext] totalSupply
- [Ext] balanceOf
- [Pub] lastTimeRewardApplicable
- [Pub] rewardPerToken
- [Pub] earned
- [Ext] stakeWithPermit ($)
- modifiers: nonReentrant,updateReward
- [Ext] stake ($)
- modifiers: nonReentrant,updateReward
- [Pub] withdraw #
- modifiers: nonReentrant,updateReward
- [Pub] withdrawRewardTokens #
- modifiers: onlyOwner
- [Pub] compound #
- modifiers: nonReentrant,updateReward
- [Pub] getReward #
- modifiers: nonReentrant,updateReward
- [Ext] exit #
- [Ext] notifyRewardAmount #
- modifiers: onlyRewardsDistribution,setReward
+ [Int] IUniswapV2ERC20
- [Ext] permit #
+ StakingRewardsFactory (Ownable, ReentrancyGuard)
- [Pub] #
- modifiers: Ownable
- [Pub] deploy #
- modifiers: onlyOwner
- [Pub] withdrawRewardToken #
- modifiers: onlyOwner
- [Pub] withdrawRewardTokensFromContract #
- modifiers: onlyOwner
- [Pub] notifyRewardAmount #
- [Pub] notifyRewardAmounts #