LinkBased - Audit Report
Summary
LinkBased is a digital token that adjusts its supply daily via a rebase; using the market cap of Chainlink's LINK token with additional features to incentivize users to provide liquidity.
Audit Findings Summary:
- LinkBased is a fork of BASE Protocol.
- There is a 3% fee on transactions of the token. These transaction fees are used to fund rewards for USDT and ETH liquidity providers.
- The project team has the ability to whitelist addresses to avoid incurring the transfer fee.
- The team has the ability to ban users from utilizing the protocol.
- Note the rebase time for LinkBased is 6AM UTC.
- The price to determine the rebase is pulled from Chainlink's LINK/USD Price Feed for the target price and Uniswap V2's Time-Weighted Average Price (TWAP) Oracle for the latest price for the token. While Uniswap can usually be manipulated, this implementation is flash-loan resistant as the rebase is based on the average price over the last 60 minutes.
- As the mainnet contracts are behind AdminUpgradeabilityProxies, investors must ensure trust in the project team. The team could swap out these contracts and change the contracts' logic at any time.
- Note that the team is publicly known. We spoke to @KeenanOlsen to organize this audit. Binance was the funding source for contracts' deployment.
- Investing requires placing considerable trust in the project team as they have substantial power in the ecosystem.
- No security issues from outside attackers were identified.
- Date: December 22nd, 2020
|
Name |
Address |
Description |
|
LbdToken |
LinkBased's token contract. |
|
|
LbdTokenMonetaryPolicy |
Monetary Policy for LbdToken. Handles rebases called by the Orchestrator contract. |
|
|
LbdTokenOrchestrator |
Orchestrator (i.e. Controller) for the monetary policy of the token. |
|
|
Cascade |
Provides rewards for users who stake their tokens in the liquidity pool. |
|
|
Crowdsale |
Unknown/TBD |
Crowdsale contract for presale use.
|
|
Oracle |
External Oracle to fetch target price from Chainlink. |
|
|
UniswapOracle |
Unknown/TBD |
External Oracle to fetch prices from Uniswap V2's Time-Weighted Average Price (TWAP) Oracle. |
External Threats - Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | Warning |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | Prices are fetched from secure external oracles and time-weighted average price oracles which are cannot be maniuplated via flash loans. | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | Prices are fetched from the Uniswap V2 using its TWAP Oracle and from Chainlink's LINK/USDT Price Feed Oracle to determine target and current prices. |
PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |