Fastswap - Smart Contract Audit Report
Summary
Fastswap is a decentralized exchange and yield farming platform.
We reviewed Fastswap's DEX contracts and their MasterChef staking contract at the following addresses on the Binance Smart Chain mainnet:
Notes on the Fastswap AMM:The Fastswap decentralized exchange is based on the battle-tested Uniswap V2 codebase. The Factory contract will allow users to create liquidity pairs for any token, thereby enabling trading on the platform. The Router contract routes orders to the user-determined pair contract to swap assets. The liquidity provider fee for token swaps is 0.3% of the value transacted. When dealing with tokens that have a fee-on-transfer, the estimated output does not properly subtract the fee. As a result, users of fee-on-transfer tokens must set a slippage percentage prior to executing trades. SafeMath is utilized to prevent overflow issues and TransferHelper to ensure safe transfers.
Notes on the MasterChef Staking Contract:Users can stake various LP tokens into the MasterChef contract into order to earn FastSwap tokens. There is a no fee associated with making a deposit to or withdrawing from the contract. An emergencyWithdraw function exists so users can withdraw without collecting rewards. Ownership has been renounced. A migrate() funciton is present, however it can never be used.. The project team can no longer add different types of tokens for staking, update reward rates, or withdraw any tokens from the contract. Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
Audit Findings Summary
- No vulnerabilities from external attackers were identified.
- Date: May 27th, 2021
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
FastSwap Factory & Pair Contract - Details
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ [Lib] UQ112x112
- [Int] encode
- [Int] uqdiv
+ [Lib] Math
- [Int] min
- [Int] sqrt
+ [Int] IFastswapPair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IFastswapFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IFastswapERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
+ [Int] IFastswapCallee
- [Ext] fastswapCall #
+ FastswapERC20 (IFastswapERC20)
- [Pub] #
- [Int] _mint #
- [Int] _burn #
- [Prv] _approve #
- [Prv] _transfer #
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] permit #
+ FastswapPair (IFastswapPair, FastswapERC20)
- [Pub] getReserves
- [Prv] _safeTransfer #
- [Pub] #
- [Ext] initialize #
- [Prv] _update #
- [Prv] _mintFee #
- [Ext] mint #
- modifiers: lock
- [Ext] burn #
- modifiers: lock
- [Ext] swap #
- modifiers: lock
- [Ext] skim #
- modifiers: lock
- [Ext] sync #
- modifiers: lock
+ FastswapFactory (IFastswapFactory)
- [Pub] #
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter # FastSwap Router Contract - Details
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IFastswapFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Lib] TransferHelper
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferBNB #
+ [Int] IFastswapRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IFastswapRouter02 (IFastswapRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IFastswapPair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ [Lib] FastswapLibrary
- [Int] sortTokens
- [Int] pairFor
- [Int] getReserves
- [Int] quote
- [Int] getAmountOut
- [Int] getAmountIn
- [Int] getAmountsOut
- [Int] getAmountsIn
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Int] IWETH
- [Ext] deposit ($)
- [Ext] transfer #
- [Ext] withdraw #
+ FastswapRouter02 (IFastswapRouter02)
- [Pub] #
- [Ext] ($)
- [Int] _addLiquidity #
- [Ext] addLiquidity #
- modifiers: ensure
- [Ext] addLiquidityETH ($)
- modifiers: ensure
- [Pub] removeLiquidity #
- modifiers: ensure
- [Pub] removeLiquidityETH #
- modifiers: ensure
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Pub] removeLiquidityETHSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Int] _swap #
- [Ext] swapExactTokensForTokens #
- modifiers: ensure
- [Ext] swapTokensForExactTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokens ($)
- modifiers: ensure
- [Ext] swapTokensForExactETH #
- modifiers: ensure
- [Ext] swapExactTokensForETH #
- modifiers: ensure
- [Ext] swapETHForExactTokens ($)
- modifiers: ensure
- [Int] _swapSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- modifiers: ensure
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Pub] quote
- [Pub] getAmountOut
- [Pub] getAmountIn
- [Pub] getAmountsOut
- [Pub] getAmountsIn MasterChef Staking Contract - Details
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IMigratorChef
- [Ext] migrate #
+ MasterChef (Ownable)
- [Pub] #
- [Ext] poolLength
- [Ext] pendingFast
- [Pub] add #
- modifiers: onlyOwner
- [Pub] setMigrator #
- modifiers: onlyOwner
- [Pub] migrate #
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Pub] deposit #
- [Pub] withdraw #
- [Pub] emergencyWithdraw #
- [Pub] emergencyFastWithdraw #
- modifiers: onlyOwner
- [Int] safeFastTransfer #