Earnbase - Audit Report

Summary

Earnbase Audit Report Earnbase is launching a DeFi management platform and dashboard which will allow users to earn, save and swap tokens.

We audited Earnbase's contracts deployed at the mainnet addresses below.

    Token Contract:
  • The total supply of the token is 1 million and it cannot be altered.
  • The ENB token can only be minted by addresses granted the minter role by the governance address.
  • No address has the minter role and the governance has been transfered to address(0). This means it is no longer possible for the ENB token to be minted.

  • EcosystemRewardsVesting:
  • This contract holds tokens and unlocks them, allowing the team to claim them over time.
  • 4% of the tokens in the contract can be claimed by the team every 30 days.
  • Currently the token balance of the contract is 710,000 ENB.
  • The recipient of the tokens is a proxy contract designated as the team's multisig treasury fund..

  • Governance:
  • The ENB token acts as a governance token and can be used to interact with proposals on the goverannce contract
  • This contract allows users to stake ENB tokens and vote on proposals that impact the ecosystem. The reward system acts in a similar method to the UniLpRewards contract (discussed below).
  • Any token holder with more than the minimum tokens needed can offer up governance proposals.
  • Users then vote on proposals over a time period defined by the owner and if the proposal passes the proposed transaction can be executed.
  • The owner can set the quorum needed for votes, the minimum number of votes to propose, and can lock in votes.
  • The owner can transfer ERC20 tokens out of the contract, but the staked tokens and vote tokens cannot be transferred.

  • TokenVesting:
  • These two contracts also hold tokens and unlock them over time, allowing their intended recipients to claim them.
  • The first contract vests 25,000 tokens to this address in 3,125 increments every 3 months.
  • The second contract vests 100,000 tokens to this address in 12,500 increments every 3 months.
  • Ownership has been renounced so vesting paramaters cannot be altered.

  • UniLpRewards:
  • This contract allows users to stake Uniswap LP tokens in order to earn rewards in ENB.
  • The owner-appointed rewards distributor must manually add reward tokens to the contract and call notifyRewardAmount(). This also allows the reward rate to be set by the team. At this time there are about 9,000 tokens in the contract for rewards.
  • Users can claim rewards at any time by calling getReward(). Rewards are not automatically claimed before withdrawing. When unstaking, users should call exit() to withdraw and claim rewards in the same call.
  • The owner can set the rewards distributor address and update the reward period duration. The duraiton can only be updated while a reward period is not active.
  • The owner can pause staking, but cannot pause withdrawls or rewards.
  • The owner can transfer ERC20 tokens out of the contract, but the staked LP token cannot be transferred.

  • Best Practices:
  • Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks.
  • Utilization of SafeMath to prevent overflows and ensure safe transfers.
  • The token properly follows the ERC20 standard.


  • Audit Findings Summary:
  • No security issues from outside attackers were identified.
  • Date: January 20th, 2021

Name

Address

Description


ENB (Token)


0xa6fb1df483b24eeab569e19447e0e107003b9e15


Function Graph.   Inheritance Chart.


EcosystemRewardsVesting


0xc89dc40fd7d308763ec1e7a8df13a8d00676e547


Function Graph.   Inheritance Chart.


ENBGovernance


0x2a941559be456cf42a95c459a31765a2bfadc16d


Function Graph.   Inheritance Chart.


TokenVesting


0x4cD26a54D007b14Df6fBd8F6eA73217154400f60
0xd5141A7F18584B3cd33808501e3811de673DEA62


Function Graph.   Inheritance Chart.


UniLpRewards


0xb7918f5808257e4b7e5e303c33f7bb0364b620aa


Function Graph.   Inheritance Chart.


External Threats - Audit Results

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
Flash Loans N/A PASS
Integer Over/Underflow N/A PASS
Multiple Sends N/A PASS
Oracles N/A PASS
Suicide N/A PASS
State Change External Calls N/A PASS
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS