| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Gaj Finance - Smart Contract Audit Report
Summary
Gaj Finance is a building a new yield farming platform where users can earn NFTs for staking LP tokens.
Overview of the Contract:Audit Findings Summary
- Users are able to stake the LP token specified by the owner on initialization and earn points on their staked balance which can be redeemed for NFT rewards.
- The owner is able to transfer any NFTs to the contract that users can earn as rewards; the owner will specify the quantity available and the price.
- There can be multiple copies of a single NFT, as the contract is using the ERC-1155 Multi Token Standard.
- In order to be eligible for rewards, users stake LP tokens; the LP token address is specified by the owner on initialization.
- Users who stake LP tokens earn points based on the amount they have staked every second at a rate specified by the owner on initialization.
- The user's points balance is updated every time the user interacts with the contract.
- Once a user has accrued enough points for the desired NFT at the desired quantity, the user can redeem those points and the desired quantity of the NFT will be transferred from the contract to the user's wallet address.
- Users may withdraw their deposited LP tokens at any time; the points the user has accrued will remain intact and may be redeemed at any time.
- The team must ensure the token added for staking is not malicious, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
- Some functions could have been declared external for gas savings.
- The contract utilizes the SafeMath library to prevent overflows along with following the ERC-1155 standard.
- No security threats from outside attackers were identified.
- Date: July 20th, 2021
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] IERC165
- [Ext] supportsInterface
+ [Int] IERC1155 (IERC165)
- [Ext] balanceOf
- [Ext] balanceOfBatch
- [Ext] setApprovalForAll #
- [Ext] isApprovedForAll
- [Ext] safeTransferFrom #
- [Ext] safeBatchTransferFrom #
+ NFTFarming (Ownable)
- [Pub] #
- [Ext] addNFT #
- modifiers: onlyOwner
- [Ext] deposit #
- [Pub] redeem #
- [Pub] withdraw #
- [Pub] pointsBalance
- [Int] _unDebitedPoints
- [Pub] nftCount
- [Ext] onERC1155Received #