FrogDAO - Smart Contract Audit Report

Summary

FrogDAO FrogDAO is building a decentralized incubator that helps promising projects achieve their full potential by leveraging the investment power and buzz making potential of the community.

We reviewed FrogDAO's contracts at the addresses below:

  • FrogDAO Dime Token: 0x14cfc7aeaa468e8c789785c39e0b753915aeb426 (Mainnet)
  • FrogDAO Governance Token: 0x33aae69789ae11d0d69f9a1bede68fc3814df3cc (Mainnet)
  • FrogDAO Governance Rewards: 0x53b2fe11ad7852609869b94639ad80ad7065cdee (Mainnet)
    • Notes on the FrogDAO Dime Token:
    • The total supply of the token is 1 million, delivered to the team upon deployment. Currently the team holds all of these tokens.
    • No further tokens can be minted, though tokens can be burned.
    • No ownership-related functions exist.
    • Utilization of SafeMath throughout the platform to prevent overflow issues.
    • Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational.


    • Notes on the FrogDAO Governance Token:
      • The initial supply of the token is intended to be 106 thousand, 105k of which will minted by the rewards contract. The development team has been allocated 1k after deployment, intended to be used for liquidity provision.
      • The token can be minted by any address given the minter role by the "governance". By default the governance address is the deployer. Update: The ecosystem has been properly set up where only the Rewards contract can mint the token.
      • The token is designed to be a governance token where 1 token = 1 vote.
      • Another contract will be needed to collect votes and execute transactions on behalf of the DAO.
      • Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.
      • No owner-restricted functions exist.
      • The contract utilizes math operations that check for and revert on overflows.
      • Some gas optimizations can be achieved through marking functions external instead of public.


      • Notes on the FrogDAO Governance Rewards Contract:
      • Users can stake their ETH/FDD LP tokens in this contract to earn rewards in FrogDAO Governance tokens.
      • The team can add additional pools at any time. The team must be careful not to add the same pool twice; or implement a check to prevent this.
      • The team will set the reward rate upon deployment and can update it at any time until they renounce the 'devaddress'.
      • The team has indicated they intend to renounce this control shortly after deployment.
      • The team must provide the initial reward tokens to the contract using the notifyReward() function. The initial provided amount is intended to be 100,000, with developers being allocated an additional 5% of tokens provided as initial rewards (5,000 tokens to the dev team; 105,000 token total).
      • Rewards decrease over time with 'halvings' which occur every 14 days. After the first halving, developers shall no longer receive rewards.
      • Rewards (paid out in governance tokens) are minted by the staking contract and are claimed upon withdrawing.
      • After the initial reward period has concluded, any call to a function with the checkhalve() modifier will mint tokens to the staking contract and update the reward rate. This shall be updated after each halving period ends to add rewards at a 50% reduced rate.
      • These developer funds are intended to be vested to the team over the course of one year; but the function releasing them can be called multiple times to extract some tokens earlier than intended. We advise adding a requirement that this can only be called once every few days.
      • Some gas optimizations can be achieved through marking functions external instead of public.
      • Utilization of SafeMath to prevent overflow issues.


      Audit Findings Summary
      • No issues from external attackers were identified.
      • As with any presale, ensure trust in the project team prior to investing. Trust will be necessecary until the ecosystem is set .
      • KYC: No.
      • Date: March 19th, 2021
      • Update Date: March 27th, 2021 - Updates for deployment to mainnet.
      • Update Date: March 30th, 2021 - Acknowledge renunciation of ownership of token contract.

    External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Details: FrogDAO Dime Token

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
      
     +  ERC20Interface 
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] allowance
        - [Pub] transfer #
        - [Pub] approve #
        - [Pub] transferFrom #
    
     +  SafeMath 
        - [Pub] safeAdd
        - [Pub] safeSub
        - [Pub] safeMul
        - [Pub] safeDiv
    
     +  FrogDAO (ERC20Interface, SafeMath)
        - [Pub]  #
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transfer #
        - [Pub] transferFrom #
    							


    Details: FrogDAO Governance Token

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
    
     +  ERC20 (Context, IERC20)
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
    
     +  ERC20Detailed (IERC20)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
    
     + [Lib] Address 
        - [Int] isContract
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Prv] callOptionalReturn #
    
     +  FrogDAOGovernance (ERC20, ERC20Detailed)
        - [Pub]  #
           - modifiers: ERC20Detailed
        - [Pub] mint #
        - [Pub] burn #
        - [Pub] setGovernance #
        - [Pub] addMinter #
        - [Pub] removeMinter #
    
    							


    Details: FrogDAO Governance Rewards

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] Math 
        - [Int] max
        - [Int] min
        - [Int] average
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] isOwner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] mint #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] toPayable
        - [Int] sendValue #
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] callOptionalReturn #
    
     +  LPTokenWrapper 
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] stake #
        - [Pub] withdraw #
    
     +  FrogDAOGovernanceRewards (LPTokenWrapper, Ownable)
        - [Pub]  #
        - [Pub] transferDevAddr #
        - [Pub] renounceDevAddr #
        - [Pub] lastTimeRewardApplicable
        - [Pub] rewardPerToken
        - [Pub] earned
        - [Pub] stake #
           - modifiers: updateReward,checkhalve,checkStart
        - [Pub] withdraw #
           - modifiers: updateReward
        - [Ext] exit #
        - [Pub] getReward #
           - modifiers: updateReward,checkhalve
        - [Ext] notifyRewardAmount #
           - modifiers: onlyOwner,updateReward
        - [Pub] devFundAvailable
        - [Ext] withdrawDevFund #