Gaj Finance - Smart Contract Audit Report


Gaj Finance Audit Report Gaj Finance is a building a new yield farming platform where users can earn NFTs for staking LP tokens.

We audited the project team's NFTFarming contract at commit ae3c63892ef43cfc434ffa38b825b00a3ba5e4de on the team's private Github.

Overview of the Contract:
  • Users are able to stake the LP token specified by the owner on initialization and earn points on their staked balance which can be redeemed for NFT rewards.
  • The owner is able to transfer any NFTs to the contract that users can earn as rewards; the owner will specify the quantity available and the price.
  • There can be multiple copies of a single NFT, as the contract is using the ERC-1155 Multi Token Standard.
  • In order to be eligible for rewards, users stake LP tokens; the LP token address is specified by the owner on initialization.
  • Users who stake LP tokens earn points based on the amount they have staked every second at a rate specified by the owner on initialization.
  • The user's points balance is updated every time the user interacts with the contract.
  • Once a user has accrued enough points for the desired NFT at the desired quantity, the user can redeem those points and the desired quantity of the NFT will be transferred from the contract to the user's wallet address.
  • Users may withdraw their deposited LP tokens at any time; the points the user has accrued will remain intact and may be redeemed at any time.
  • The team must ensure the token added for staking is not malicious, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
  • Some functions could have been declared external for gas savings.
  • The contract utilizes the SafeMath library to prevent overflows along with following the ERC-1155 standard.

Audit Findings Summary
  • No security threats from outside attackers were identified.
  • Date: July 20th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Smart Contract Graph

Multi-file Token

($) = payable function
 # = non-constant function

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] IERC165 
    - [Ext] supportsInterface

 + [Int] IERC1155 (IERC165)
    - [Ext] balanceOf
    - [Ext] balanceOfBatch
    - [Ext] setApprovalForAll #
    - [Ext] isApprovedForAll
    - [Ext] safeTransferFrom #
    - [Ext] safeBatchTransferFrom #

 +  NFTFarming (Ownable)
    - [Pub]  #
    - [Ext] addNFT #
       - modifiers: onlyOwner
    - [Ext] deposit #
    - [Pub] redeem #
    - [Pub] withdraw #
    - [Pub] pointsBalance
    - [Int] _unDebitedPoints
    - [Pub] nftCount
    - [Ext] onERC1155Received #