Earnbase - Smart Contract Audit Report
Summary
Earnbase is launching a DeFi management platform and dashboard which will allow users to earn, save and swap tokens.
We audited Earnbase's contracts deployed at the mainnet addresses below.
Token Contract:
- The total supply of the token is 1 million and it cannot be altered.
- The ENB token can only be minted by addresses granted the minter role by the governance address.
- No address has the minter role and the governance has been transfered to address(0). This means it is no longer possible for the ENB token to be minted.
EcosystemRewardsVesting:- This contract holds tokens and unlocks them, allowing the team to claim them over time.
- 4% of the tokens in the contract can be claimed by the team every 30 days.
- Currently the token balance of the contract is 710,000 ENB.
- The recipient of the tokens is a proxy contract designated as the team's multisig treasury fund..
Governance:- The ENB token acts as a governance token and can be used to interact with proposals on the goverannce contract
- This contract allows users to stake ENB tokens and vote on proposals that impact the ecosystem. The reward system acts in a similar method to the UniLpRewards contract (discussed below).
- Any token holder with more than the minimum tokens needed can offer up governance proposals.
- Users then vote on proposals over a time period defined by the owner and if the proposal passes the proposed transaction can be executed.
- The owner can set the quorum needed for votes, the minimum number of votes to propose, and can lock in votes.
- The owner can transfer ERC20 tokens out of the contract, but the staked tokens and vote tokens cannot be transferred.
TokenVesting:- These two contracts also hold tokens and unlock them over time, allowing their intended recipients to claim them.
- The first contract vests 25,000 tokens to this address in 3,125 increments every 3 months.
- The second contract vests 100,000 tokens to this address in 12,500 increments every 3 months.
- Ownership has been renounced so vesting paramaters cannot be altered.
UniLpRewards:- This contract allows users to stake Uniswap LP tokens in order to earn rewards in ENB.
- The owner-appointed rewards distributor must manually add reward tokens to the contract and call notifyRewardAmount(). This also allows the reward rate to be set by the team. At this time there are about 9,000 tokens in the contract for rewards.
- Users can claim rewards at any time by calling getReward(). Rewards are not automatically claimed before withdrawing. When unstaking, users should call exit() to withdraw and claim rewards in the same call.
- The owner can set the rewards distributor address and update the reward period duration. The duraiton can only be updated while a reward period is not active.
- The owner can pause staking, but cannot pause withdrawls or rewards.
- The owner can transfer ERC20 tokens out of the contract, but the staked LP token cannot be transferred.
Best Practices:- Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks.
- Utilization of SafeMath to prevent overflows and ensure safe transfers.
- The token properly follows the ERC20 standard.
Audit Findings Summary:- No security issues from outside attackers were identified.
- Date: January 20th, 2021
Name | Address | Description |
| ||
| ||
| ||
| | |
|
External Threats - Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |