LinkBased - Smart Contract Audit Report
Summary
LinkBased is a digital token that adjusts its supply daily via a rebase; using the market cap of Chainlink's LINK token with additional features to incentivize users to provide liquidity.
We audited LinkBased at commit fe8d4d1b1084df32a996ab29eb280809343b8ac5 on GitHub. The contracts are deployed behind upgradeable proxies at the addresses below.Audit Findings Summary:
- LinkBased is a fork of BASE Protocol.
- There is a 3% fee on transactions of the token. These transaction fees are used to fund rewards for USDT and ETH liquidity providers.
- The project team has the ability to whitelist addresses to avoid incurring the transfer fee.
- The team has the ability to ban users from utilizing the protocol.
- Note the rebase time for LinkBased is 6AM UTC.
- The price to determine the rebase is pulled from Chainlink's LINK/USD Price Feed for the target price and Uniswap V2's Time-Weighted Average Price (TWAP) Oracle for the latest price for the token. While Uniswap can usually be manipulated, this implementation is flash-loan resistant as the rebase is based on the average price over the last 60 minutes.
- As the mainnet contracts are behind AdminUpgradeabilityProxies, investors must ensure trust in the project team. The team could swap out these contracts and change the contracts' logic at any time.
- Note that the team is publicly known. We spoke to @KeenanOlsen to organize this audit. Binance was the funding source for contracts' deployment.
- Investing requires placing considerable trust in the project team as they have substantial power in the ecosystem.
- No security issues from outside attackers were identified.
- Date: December 22nd, 2020
Name | Address | Description |
LbdToken | LinkBased's token contract. | |
LbdTokenMonetaryPolicy | Monetary Policy for LbdToken. Handles rebases called by the Orchestrator contract. | |
LbdTokenOrchestrator | Orchestrator (i.e. Controller) for the monetary policy of the token. | |
Cascade | Provides rewards for users who stake their tokens in the liquidity pool. | |
Crowdsale | Unknown/TBD | Crowdsale contract for presale use. |
Oracle | External Oracle to fetch target price from Chainlink. | |
UniswapOracle | Unknown/TBD | External Oracle to fetch prices from Uniswap V2's Time-Weighted Average Price (TWAP) Oracle. |
External Threats - Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | Warning |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | Prices are fetched from secure external oracles and time-weighted average price oracles which are cannot be maniuplated via flash loans. | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | Prices are fetched from the Uniswap V2 using its TWAP Oracle and from Chainlink's LINK/USDT Price Feed Oracle to determine target and current prices. | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |