Gaj NFT Farming - Smart Contract Audit Report

Summary

Gaj Finance Audit Report Gaj Finance is a building a new yield farming platform where users can earn NFTs for staking LP tokens.

We audited the project team's NFTFarming contract at commit 7873cf57a9fc2b7392ff6fbac96bbf4cbe15e71e on the team's private Github.

Overview of the Contract:
  • Users are able to stake the LP token specified by the owner on initialization and earn points on their staked balance which can be redeemed for NFT rewards.
  • The owner is able to transfer any NFTs to the contract that users can earn as rewards; the owner will specify the price.
  • In order to be eligible for rewards, users stake LP tokens; there may be a fee incurred on deposits.
  • Users who stake LP tokens earn points based on the amount they have staked every second at a rate specified by the owner on initialization.
  • The user's points balance is updated every time the user interacts with the contract.
  • Once a user has accrued enough points for the desired NFT, the user can redeem those points and the NFT will be transferred from the contract to the user's wallet address.
  • Users may withdraw their deposited LP tokens at any time; there may be a fee incurred on withdrawals.
  • The points the user has accrued will remain intact and may be redeemed at any time.
  • The owner can set the deposit fee to any value up to 0.5% at any time.
  • The owner can set the withdrawal fee to any value up to 5% at any time.
  • The owner can set the rewards rate to any value at any time by modifying the 'pointsPerSecond' and the 'deduction' variable values.
  • The team must ensure the token added for staking is not malicious, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
  • There is a multiplication that occurs before division which could lead to lack of precision when calculating the user's points balance; the effects of this are minor.
  • Some functions could have been declared external for gas savings.
  • The contract utilizes the SafeMath library to prevent overflows along with following the ERC-721 standard.

Audit Findings Summary
  • No security threats from outside attackers were identified.
  • Ensure trust in the team as they have substantial control in the ecosystem.
  • Date: August 3rd, 2021
  • Updated: August 6th, 2021 for extra ownership controls.

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Smart Contract Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC721 (IERC165)
    - [Ext] balanceOf
    - [Ext] ownerOf
    - [Ext] safeTransferFrom #
    - [Ext] transferFrom #
    - [Ext] approve #
    - [Ext] getApproved
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #

 + [Int] IERC721Receiver 
    - [Ext] onERC721Received #

 +  NFTFarming (Ownable, IERC721Receiver)
    - [Pub]  #
    - [Ext] addNFT #
       - modifiers: onlyOwner
    - [Ext] deposit #
    - [Pub] redeem #
    - [Pub] withdraw #
    - [Pub] pointsBalance
    - [Int] _unDebitedPoints
    - [Pub] nftCount
	- [Ext] updateEmission #
    - [Ext] updateJoiningFee #
    - [Ext] updateWithdrawalFee #
    - [Pub] onERC721Received #