|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
Gaj Finance - Smart Contract Audit Report
Gaj Finance is a building a new yield farming platform where users can earn NFTs for staking LP tokens.We audited the project team's NFTFarming contract at commit ae3c63892ef43cfc434ffa38b825b00a3ba5e4de on the team's private Github.
Overview of the Contract:
Audit Findings Summary
- Users are able to stake the LP token specified by the owner on initialization and earn points on their staked balance which can be redeemed for NFT rewards.
- The owner is able to transfer any NFTs to the contract that users can earn as rewards; the owner will specify the quantity available and the price.
- There can be multiple copies of a single NFT, as the contract is using the ERC-1155 Multi Token Standard.
- In order to be eligible for rewards, users stake LP tokens; the LP token address is specified by the owner on initialization.
- Users who stake LP tokens earn points based on the amount they have staked every second at a rate specified by the owner on initialization.
- The user's points balance is updated every time the user interacts with the contract.
- Once a user has accrued enough points for the desired NFT at the desired quantity, the user can redeem those points and the desired quantity of the NFT will be transferred from the contract to the user's wallet address.
- Users may withdraw their deposited LP tokens at any time; the points the user has accrued will remain intact and may be redeemed at any time.
- The team must ensure the token added for staking is not malicious, and must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
- Some functions could have been declared external for gas savings.
- The contract utilizes the SafeMath library to prevent overflows along with following the ERC-1155 standard.
- No security threats from outside attackers were identified.
- Date: July 20th, 2021
($) = payable function # = non-constant function + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Int]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Int] functionStaticCall - [Int] functionStaticCall - [Int] functionDelegateCall # - [Int] functionDelegateCall # - [Prv] _verifyCallResult + [Lib] SafeERC20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + [Int] IERC165 - [Ext] supportsInterface + [Int] IERC1155 (IERC165) - [Ext] balanceOf - [Ext] balanceOfBatch - [Ext] setApprovalForAll # - [Ext] isApprovedForAll - [Ext] safeTransferFrom # - [Ext] safeBatchTransferFrom # + NFTFarming (Ownable) - [Pub] # - [Ext] addNFT # - modifiers: onlyOwner - [Ext] deposit # - [Pub] redeem # - [Pub] withdraw # - [Pub] pointsBalance - [Int] _unDebitedPoints - [Pub] nftCount - [Ext] onERC1155Received #