Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Gaj NFT Farming - Smart Contract Audit Report
Summary
Gaj Finance is a building a new yield farming platform where users can earn NFTs for staking LP tokens.
We audited the project team's NFTFarming contract at commit 7873cf57a9fc2b7392ff6fbac96bbf4cbe15e71e on the team's private Github.Overview of the Contract:Audit Findings Summary
- Users are able to stake the LP token specified by the owner on initialization and earn points on their staked balance which can be redeemed for NFT rewards.
- The owner is able to transfer any NFTs to the contract that users can earn as rewards; the owner will specify the price.
- In order to be eligible for rewards, users stake LP tokens; there may be a fee incurred on deposits.
- Users who stake LP tokens earn points based on the amount they have staked every second at a rate specified by the owner on initialization.
- The user's points balance is updated every time the user interacts with the contract.
- Once a user has accrued enough points for the desired NFT, the user can redeem those points and the NFT will be transferred from the contract to the user's wallet address.
- Users may withdraw their deposited LP tokens at any time; there may be a fee incurred on withdrawals.
- The points the user has accrued will remain intact and may be redeemed at any time.
- The owner can set the deposit fee to any value up to 0.5% at any time.
- The owner can set the withdrawal fee to any value up to 5% at any time.
- The owner can set the rewards rate to any value at any time by modifying the 'pointsPerSecond' and the 'deduction' variable values.
- The team must ensure the token added for staking is not malicious, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
- There is a multiplication that occurs before division which could lead to lack of precision when calculating the user's points balance; the effects of this are minor.
- Some functions could have been declared external for gas savings.
- The contract utilizes the SafeMath library to prevent overflows along with following the ERC-721 standard.
- No security threats from outside attackers were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Date: August 3rd, 2021
- Updated: August 6th, 2021 for extra ownership controls.
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC721 (IERC165)
- [Ext] balanceOf
- [Ext] ownerOf
- [Ext] safeTransferFrom #
- [Ext] transferFrom #
- [Ext] approve #
- [Ext] getApproved
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
+ [Int] IERC721Receiver
- [Ext] onERC721Received #
+ NFTFarming (Ownable, IERC721Receiver)
- [Pub] #
- [Ext] addNFT #
- modifiers: onlyOwner
- [Ext] deposit #
- [Pub] redeem #
- [Pub] withdraw #
- [Pub] pointsBalance
- [Int] _unDebitedPoints
- [Pub] nftCount
- [Ext] updateEmission #
- [Ext] updateJoiningFee #
- [Ext] updateWithdrawalFee #
- [Pub] onERC721Received #