Dracula Protocol - Audit Report

Summary

Dracula Audit Report Dracula Protocol is a suite of smart contracts which aggregate major DeFi yield farms and liquidity mining platforms through a single smart-contract and unified web interface.

We reviewed Dracula's contracts at commit aee008291587cddca18035a30033d234b958a820, and later commit 2c10049f51203350d86674c4672fc5271d52031b on GitHub.

    Token Contract:
  • The token is mintable by the owner of the contract.
  • After deployment of MasterVampire, that contract will be set as owner and will be the only minter of DRC token, for the purpose of providing rewards.
  • The token is designed to be a governance token as well where 1 token = 1 vote.

  • DrainController:
  • The contract enables the team to perform liquidity drains; collecting assets to fund user rewards.
  • The team can add any address to the whitelist, which allows them to perform liquidity drains.
  • Chi Gas Token can be used when performing drains; reducing the gas fees associated with collecting the funds. The caller also recieves a gas stipend in ETH for performing the call.
  • The team can also update the address of MasterVampire, the minimum ETH threshold to drain a pool, and the max gas price eligible for gas refunds.

  • DrainDistributor:
  • This contract distributes ETH rewards collected among reward pools, sends some of this ETH to the DrainController for gas refunds, and sends a share to the developers as well.
  • The owner has the ability to update the distribution of the ETH at any time.
  • The owner can also change the address of the addresses set to receive the ETH as described above.

  • Reward Pool:
  • This contract allows users to stake various assets as determined by the team in order to earn rewards in DRC tokens.
  • DRC tokens used for rewards must be sent to the pool by the team manually - the owner can set the addresses which are allowed to fund rewards.
  • The reward rate for users staking tokens in these pools is determined by the amount of tokens provided and the staking period.
  • The period (duration for rewards) shall be set by the team upon deployment.
  • The DRC reward pool contract contains additional logic to burn 1% of tokens upon withdrawal. The owner can update this rate up to 10% maximum.

  • Adapters & Related Interfaces:
  • IVampireAdapter is an interface used by the MasterVampire contract to interact with 'victim' pools on targeted protocols.
  • In additon, each protocol intended to be a victim has its own adapter and interface in order to interact with each specific protocol.
  • The interface also has view functions which will be used for calculating rewards and Governance.
  • VampireAdapter holds functions for performing delegate calls to external victim platforms from the MasterVampire contract.

  • MasterVampire:
  • This contract allows users to deposit their assets into the protocol, and specifically into their specified victim pool.
  • This contract contains the logic to convert ibETH (Interest-bearing ETH used in order to earn further rewards in ETH for depositers) into their real ETH value.
  • The logic for draining pools (from the DrainController) is also contained in this contract.
  • The owner can add additional victims and pools through this contract.
  • The owner can also update a variety of variables critical to the platform, such as the addresses of victims and other contracts in the ecosystem.
  • The owner can recover ERC20 tokens accidentally sent to the contract.

  • Timelock:
  • This contract is used to adminster parts of the protocol while introducing a time-delay.
  • The minimum delay is 6 hours, though the actual delay can be set by the admin of the contract.

  • Best Practices / General Notes:
  • Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks.
  • Utilization of SafeMath to prevent overflows and ensure safe transfers.
  • The token properly follows the ERC20 standard.
  • There is one wallet, not controlled by the team, that has more tokens than is in Uniswap's liquidity. This poses a small risk to the liquidity pool; but no risk to the core platform itself.
  • The protocol interacts with numerous external platforms. If one of these external protocls are exploited, it could have a negative impact on Dracula.


  • Audit Findings Summary:
  • No security issues from external attackers were identified.
  • Ensure trust in the team as they have notable power in the ecosystem. The lead developer appears extremely committed to the development of the platform and the GitHub commits reflect this.
  • Date: March 13th, 2021


External Threats - Audit Results

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
Flash Loans N/A PASS
Integer Over/Underflow N/A PASS
Multiple Sends N/A PASS
Oracles N/A PASS
Suicide N/A PASS
State Change External Calls N/A PASS
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS


Name

Address

Graphics


DraculaToken


0xb78B3320493a4EFaa1028130C5Ba26f0B6085Ef8


Function Graph.   Inheritance Chart.


DrainController


0x1C5D3785Ac5A03be0505421fD36E38862635FD54


Function Graph.   Inheritance Chart.


DrainDistributor


0xE4CE241D367b48c4C70719E0A634F1fD16b77b6E


Function Graph.   Inheritance Chart.


DRCRewardPool


0xC8DFD57E82657f1e7EdEc5A9aA4906230C29A62A


Function Graph.   Inheritance Chart.


UniRewardPool


0xB6e02FF600d8f7a6C057Dc262B84CFEf6010D99d


Function Graph.   Inheritance Chart.


YFLRewardPool


0x49351Fa7C3d50f6ddbad146f93081BcAA38B41b0


Function Graph.   Inheritance Chart.


MasterVampire


0x12B7b9e21Ad9D7E8992e0c129ED0bccEaC185c3E


Function Graph.   Inheritance Chart.


StrategyRari


0xc2a1B9D197e1e93DFd628876eE01fDDBcD7b947b


Timelock


0x25E61615719f1f36AedB03A615076B3e5AAcF0E4


Function Graph.   Inheritance Chart.


VampireAdapter


0xC22C12d1a327c1BFE5782BcA429a3F7828bc068a


Function Graph.   Inheritance Chart.