Eagon Swap - Smart Contract Audit Report
Summary
Eagon Swap is building a new decentralized exchange primarily and initially based on polygon network and releasing new tokens on the Polygon, Binance Smart Chain and Ethereum networks.
For this audit, we analyzed Eagon Swap's Eagonswap, EagonFactory, EagonPair, EagonRouter, and IdoMaster contracts at the following addresses on the Polygon Mainnet:
- Eagonswap -
- EagonFactory - 0xdbc781b6da48e14ac6b34aff1e16da2ac55b1358
- EagonRouter - 0xa274258b2d68dca40955a2d5e7bb67756d30db3e
- IdoMaster - 0xc83c45d7d2c5da637551d60f18d4d754d5272e06
Notes on Individual Contracts:
EagonSwap Contract:EagonFactory Contract:
- The Eagonswap is a token contract that is deployed to the Polygon mainnet, Binance Smart Chain mainnet, and Ethereum mainnet.
- The total supply of the token on the Polygon mainnet is 150 million (150,000,000).
- The total supply of the token on the Binance Smart Chain is 100 million (100,000,000).
- The total supply of the token on the Ethereum mainnet is 50 million (50,000,000).
- As of the date of this report, all tokens are held by the owner.
- Users can burn their own tokens to reduce the total supply.
- No minting functionalities are present after deployment.
- This contract complies with the BEP20 standard.
- The owner is able to withdraw any tokens erroneously sent to the contract.
- Solidity 0.8.x and SafeMath are utilized to prevent overflows.
EagonPair Contract:
- The EagonFactory contract is responsible for the creation of liquidity pairs for the token, thereby enabling trading on the platform.
- At the time of deployment, the initiliaze() function is called from the EagonPair contract which allows the factory to specify the two ERC20 tokens that this pair will exchange.
- Once the pool is created, its address is stored with a double mapping that takes both token addresses as input.
EagonRouter Contract:
- The EagonPair contract is the core EagonSwap functionality that implements the liquidity pool that exchanges tokens.
- This contract is responsible for tracking balances of the reserves, as well as mints and burns of the liquidity token.
- If a 'feeTo' address is defined, an additional fee is taken when liquidity is added.
IdoMaster Contract:
- The EagonRouter contract is used to interact with the liquidity pool that was created in the EagonFactory contract.
- EagonRouter routes orders to the user-determined pair contract to swap assets.
- This contract performs requirement checks needed for swapping tokens, adding liquidity, and removing liquidity.
- This contract provides functionality for users to participate in various IDOs by providing MATIC.
- The owner can add new IDOs at any time, specifying a whitelist (if any), referral percentage, supply, rate, min and max user deposit amounts, and a start and end block for which the IDO is active.
- When depositing, a user can specify a referrer who will be given an additional percentage of claimable tokens for an IDO. This percentage is determined by the IDO.
- The amount that a user has contributed as well as token amounts are kept track of for each IDO.
- If an IDO has a whitelist, users must whitelist themselves (unless they are the owner) before the IDO's start block have the ability to make a deposit.
- In order for users to claim their tokens for a specific IDO, the owner must start a claim period which they can begin and end at any time.
- The owner has the ability to start and stop a refund period for an IDO in which users can call the refund function and receive back their deposits on an IDO.
- Once the claiming period has started, the owner can transfer the deposited MATIC to their own address.
- The owner has the ability to withdraw any ERC20 tokens from the contract at any time.
- If there are no funds raised for all IDOs in the contract, the owner has the ability to wirthdraw any leftover MATIC funds in the contract.
- The owner can add or remove users from an IDO's whitelist at any time.
- The owner has the ability to change an IDO's start and end block, min and max user deposit amounts, referral percentage, supply, and rate at any time.
Audit Findings Summary:
- No external threats were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Date: October 12th, 2021
Combined External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Reentrancy | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: EagonSwap
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ Eagonswap (IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mintOnce #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
- [Pub] burn #
- [Pub] burnFrom #
- [Ext] ($)
- [Ext] withdrawToken #
- modifiers: onlyOwner Details: EagonFactory
($) = payable function
# = non-constant function
+ [Int] IEagonFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IEagonPair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IEagonERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ EagonERC20 (IEagonERC20)
- [Pub] #
- [Int] _mint #
- [Int] _burn #
- [Prv] _approve #
- [Prv] _transfer #
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] permit #
+ [Lib] Math
- [Int] min
- [Int] sqrt
+ [Lib] UQ112x112
- [Int] encode
- [Int] uqdiv
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Int] IEagonCallee
- [Ext] eagonCall #
+ EagonPair (IEagonPair, EagonERC20)
- [Pub] getReserves
- [Prv] _safeTransfer #
- [Pub] #
- [Ext] initialize #
- [Prv] _update #
- [Prv] _mintFee #
- [Ext] mint #
- modifiers: lock
- [Ext] burn #
- modifiers: lock
- [Ext] swap #
- modifiers: lock
- [Ext] skim #
- modifiers: lock
- [Ext] sync #
- modifiers: lock
+ EagonFactory (IEagonFactory)
- [Pub] #
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
Details: IdoMaster
($) = payable function
# = non-constant function
+ [Lib] Math
- [Int] max
- [Int] min
- [Int] average
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
- [Int] min
- [Int] sqrt
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Pub] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] PriceFeedRouter
- [Ext] WETH
- [Ext] getAmountsOut
+ IdoMaster (Ownable)
- [Pub] #
- [Ext] ($)
- [Ext] idoLength
- [Pub] add #
- modifiers: onlyOwner
- [Pub] inIdo
- [Pub] isActive
- [Ext] setStartBlock #
- modifiers: onlyOwner
- [Ext] setEndBlock #
- modifiers: onlyOwner
- [Ext] setRate #
- modifiers: onlyOwner
- [Ext] setMin #
- modifiers: onlyOwner
- [Ext] setMax #
- modifiers: onlyOwner
- [Ext] setSupply #
- modifiers: onlyOwner
- [Ext] setReferralPercent #
- modifiers: onlyOwner
- [Ext] setWhitelist #
- modifiers: onlyOwner
- [Ext] startRefund #
- modifiers: onlyOwner
- [Ext] stopRefund #
- modifiers: onlyOwner
- [Ext] startClaim #
- modifiers: onlyOwner
- [Ext] stopClaim #
- modifiers: onlyOwner
- [Ext] takeWei #
- modifiers: onlyOwner
- [Ext] takeDustWei #
- modifiers: onlyOwner
- [Pub] withdrawToken #
- modifiers: onlyOwner
- [Ext] whitelistMe #
- [Int] giveReferralBonus #
- [Pub] deposit ($)
- [Ext] claim #
- [Ext] claimReferralBonus #
- [Ext] refund #