FridgeFinance Token & Presale Platform - Smart Contract Audit Report

Summary

Fridge Audit Report FridgeFinance is building a launchpad for projects on the Binance Smart Chain to launch in a safe, trusted, and decentralized manner.

For this audit, we reviewed contracts provided us by the FridgeFinance team at the following testnet links:

  • Fridge Token: 0x1211293a2d099A56516d1552AB6C6c399357AB66
  • Presale Factory: 0x87F850cbC2cFfac086F20d0d7307E12d06fA2127
  • Fridge/BNB LP Staking Pool: 0xE5EEf538887c33B75785996955801Db004405c1E
  • Notes on the Token Contract:
  • The total supply of the token is 1 million. No minting functions exist.
  • After deployment, the owner can call initialize() to issue all tokens and deliver them to the deployer's address.
  • The contract utilizes SafeMath to prevent overflow issues.

  • Notes on the Presale Factory Contract:
  • The Factory contract exists to deploy Presale and LiquidityLock contracts.
  • Any user can call the createCampaign() function to generate a presale, passing in variables around the presale duration, cost, liquidity lock time & percentage, etc.
  • While the sale is active, users can deposit BNB to purchase tokens in a presale.
  • If the soft-cap for the presale is not met, it is determined a failure; allowing users to claim their deposited funds.
  • The owner has the power to update: The fee for creating a vault, where that fee goes, and the minimum token balance required to create a vault.
  • Upon adding liquidity to PancakeSwap, the amount of liquidity set by the team running the presale will be sent to and locked in the LiquidityLock contract.
  • When liquidity is added, the platform fee, determined as a percentage of the BNB raised, will be partially sent to the project team and partially sent to the staking contract to provide for rewards. 1% of tokens will also be sent to the team.
  • After liquidity has been added to PancakeSwap, users who bought into the presale can claim their tokens.
  • Also after liquidity has been added, the owner can withdraw the BNB raised. Remaining tokens will be burned.
  • LP tokens added to Pancakeswap cannot be reclaimed by the team.
  • The contract utilizes SafeMath and SafeERC20 to prevent overflow issues and sensure safe transfers.

  • While the code of the presale contracts is the same, they are by default not verified on explorers. The team should deploy an instance of just the campaign contract and verify that to hopefully have the explorers recognize the matching bytecode and thereby verify all instances of campaigns.
  • The percentage of tokens allocated to the team when adding liquidity is not considered in the calculations determining user balances - this could lead to users not being able to claim the amount they are due.
  • The platform should not be used with ERC-777 tokens to prevent re-entrancy issues. This is uncommon.

  • Notes on the Staking Contract:
  • This contract allows users to stake their FRIDGE/BNB LP tokens to earn rewards in BNB.
  • The presale contract sends 60% of the platform fee from presales into this contract. The team can also provide additional rewards manually.
  • The reward Rate will be determined by the team or based upon the first time BNB is sent to the contract.
  • The duration of rewards depends on the amount of BNB sent to the contract. As more BNB is provided, the reward period shall extend.
  • Users can claim rewards and/or withdraw their stake at any time.
  • The contract utilizes SafeMath and SafeERC20 to prevent overflow issues and sensure safe transfers.
  • Proper structuing of logic to prevent reentrancy issues.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • As with any presale, users must ensure trust in the project team prior to investing.
    • KYC Conducted: Yes. The developer is the owner of codezeros.com, the firm who wrote the code for this project.
    • Date: March 18th, 2021.

    External Threats

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    Re-EntrancyN/APASS
    SuicideN/APASS
    State Change External CallsN/APass
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details - Fridge Token Contract


    Smart Contract Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Int] TOKEN_DEP 
        - [Ext] createCampaign #
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] toPayable
        - [Int] sendValue #
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] callOptionalReturn #
    
     +  BEPTokenModal (Context, IBEP20)
        - [Pub]  #
        - [Pub] initialize #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] getOwner
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _approve #
    							


    Details - Presale Factory


    Smart Contract Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     + [Int] IBEP20 
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     + [Int] IPancakeRouter02 
        - [Ext] addLiquidityETH ($)
    
     + [Int] IPancakeFactory 
        - [Ext] getPair
    
     + [Int] IPool 
        - [Ext] notifyReward ($)
    
     + [Int] ICakeVaultFactory 
        - [Ext] fee
        - [Ext] pancake_router
        - [Ext] toFee
    
     +  FridgeVault 
        - [Pub]  #
        - [Ext] initilaize #
        - [Pub] buyTokens ($)
        - [Pub] withdrawTokens #
        - [Pub] unlock #
        - [Pub] fridgeVAULT #
        - [Int] addLiquidity #
        - [Pub] failed
        - [Pub] withdrawFunds #
        - [Pub] isLive
        - [Pub] withDrawRemainingAssets #
        - [Pub] calculateAmount
        - [Pub] getRemaining
        - [Pub] getGivenAmount
    
     +  FridgeVaultFactory 
        - [Pub]  #
        - [Pub] createCampaign #
        - [Int] transferToCampaign #
        - [Int] ApproveTransferTo #
        - [Pub] changeConfig #
           - modifiers: only_factory_Owner
    							


    Details - Staking Pool


    Smart Contract Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     + [Lib] Math 
        - [Int] max
        - [Int] min
        - [Int] average
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] isOwner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] toPayable
        - [Int] sendValue #
    
     + [Int] IPool 
        - [Ext] notifyReward ($)
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] callOptionalReturn #
    
     +  LPTokenWrapper (Ownable)
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] stake #
        - [Pub] withdraw #
    
     +  FridgeBnbLpPool (LPTokenWrapper, IPool)
        - [Pub] lastTimeRewardApplicable
        - [Pub] rewardPerToken
        - [Pub] stake #
           - modifiers: updateReward,checkStart
        - [Pub] withdraw #
           - modifiers: updateReward
        - [Ext] exit #
        - [Pub] earned
        - [Pub] getReward #
           - modifiers: updateReward
        - [Ext] notifyReward ($)