HedgeTech Vault - Smart Contract Audit Report

Summary

HedgeTech Lottery Audit Report The HedgeTech Vault is a new project where transaction fees are meant to fund a BNB vault where users can redeem their tokens for BNB; effectively acting as insurance for the protocol. The project will be deployed on the Binance Smart Chain.


For this audit, we reviewed the team's code on GitHub at commit 26fefeb503c20a41916270c08b063202c721866b and 3481d154b72d271bceb5459b5d3f8ed441c923d6. Once deployed, we will verify the code and add the mainnet addresses to this report.

Notes on the Token Contract:
  • The VLT token includes a fee charged on transfers of the token.
  • The tax rate is ~3% and it cannot be changed.
  • The tokens from the fee are intended to be sent directly to the team. The team can update the destination for the fees at any time.
  • The total supply of the token is 100,000, sent to the deployer's address upon deployment.
  • The token implements the (not adopted) EIP223 standard for token fallback functions. This allows for arbitrary code execution (which may be dangerous) any time a user sends tokens directly to the Vault address. In this case, the implementation with the Vault is secure.
  • The owner can choose to enable or disable the transfer tax at any time.
  • Utilization of SafeMath to prevent overflows.

  • Notes on the Vault Contract:
  • The Vault contract is designed to allow users to swap out their VLT tokens for BNB, based on the proportion of the VTL token's circulating supply and the amount of BNB that has been sent to the vault.
  • The team must manually sell the tokens collected from the tax fee and send the proceeds to the vault in order to fund it.
  • Users can take advantage of this feature by sending their tokens to the vault contract; triggering the tokenFallback() function initializing the swap. This will only work using the transfer() function; transferFrom() will not work for this purpose as tokenFallback() is not called.
  • The EIP223 tokenFallback function is properly protected from misuse by requiring that only the VLT token contract can call it. The VLT token address is set during deployment and can never be updated.
  • While reentrancy may be possible in sendBackEth(), .transfer is utilized thereby limiting gas to 2300, which is insufficient for meaningful arbitrary code execution.

  • Notes on the TokenLocker Contract:
  • This contract allows project teams to lock their treasury tokens for any period of time, determined by the user depositing tokens.
  • The owner/team has no control over tokens locked into the contract.

  • Gas Optimizations: (Not Critical)
  • Line 104 of the VLT token checks if at least one of three conditions are met; but the prior if would guarentee at least one of these conditions (recipient == vaultContractAddress) is met. Line 104 and lines 109-117 can therefore be safely removed.
  • Line 145 of the VLT token checks if math operations have been performed correctly, but the operations being checked are already using SafeMath. This line can be safely removed to save gas on transfers.
  • Public functions may be declared external to save a small amount of gas on each transaction.

  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • The team must manually sell the tokens collected from fees and send the BNB collected to provide rewards. Therefore, ensure trust in the team prior to investing.
    • Date: February 21st, 2021.
    • Update Date: February 23rd, 2021. Review updated code with limitations on ownership functions per audit recommendations.
    • Date: March 4th, 2021. Inclusion of analysis on TokenLocker contract.

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    ReentrancytokenFallback allows for arbitray code execution, though only to
    an addressed provided by the team and when tokens are sent to the vault.
    Warning
    SuicideN/APASS
    State Change External CallsN/APass
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Token Contract


    Smart Contract Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     + [Int] IVLTRecipient 
        - [Ext] tokenFallback #
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     +  VLT (Context, IERC20, Ownable)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Prv] _approve #
        - [Pub] transfer #
        - [Int] _transfer #
        - [Ext] setTaxReceiveAddress #
           - modifiers: onlyOwner
        - [Ext] setAddressTax #
           - modifiers: onlyOwner
        - [Ext] setTaxFraction #
           - modifiers: onlyOwner
        - [Ext] setVaultContractAddress #
           - modifiers: onlyOwner
    							

    Vault Contract


    Smart Contract Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Prv] _verifyCallResult
    
     + [Int] IVLTRecipient 
        - [Ext] tokenFallback #
    
     +  Vault (IVLTRecipient)
        - [Ext]  ($)
        - [Pub]  #
        - [Pub] getVaultETHBalance
        - [Pub] getVaultVLTBalance
        - [Pub] getCirculatingSupply
        - [Pub] tokenFallback #
        - [Int] sendBackEth #
    							

    TokenLocker Contract


    Smart Contract Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     +  TokenLocker 
        - [Pub]  #
        - [Ext] lockTokens #
        - [Pub] getLock
        - [Ext] getNumLocks
        - [Ext] getEmergencyUnlock
        - [Ext] unlockTokens #
        - [Ext] emergencyUnlock #
           - modifiers: onlyOwner
        - [Ext] emergencyLock #
           - modifiers: onlyOwner
        - [Ext] changeOwner #