LinkBased - Smart Contract Audit Report

Summary

LinkBased Audit Report LinkBased is a digital token that adjusts its supply daily via a rebase; using the market cap of Chainlink's LINK token with additional features to incentivize users to provide liquidity.

We audited LinkBased at commit fe8d4d1b1084df32a996ab29eb280809343b8ac5 on GitHub. The contracts are deployed behind upgradeable proxies at the addresses below.

Audit Findings Summary:
  • LinkBased is a fork of BASE Protocol.

  • There is a 3% fee on transactions of the token. These transaction fees are used to fund rewards for USDT and ETH liquidity providers.
  • The project team has the ability to whitelist addresses to avoid incurring the transfer fee.
  • The team has the ability to ban users from utilizing the protocol.
  • Note the rebase time for LinkBased is 6AM UTC.

  • The price to determine the rebase is pulled from Chainlink's LINK/USD Price Feed for the target price and Uniswap V2's Time-Weighted Average Price (TWAP) Oracle for the latest price for the token. While Uniswap can usually be manipulated, this implementation is flash-loan resistant as the rebase is based on the average price over the last 60 minutes.

  • As the mainnet contracts are behind AdminUpgradeabilityProxies, investors must ensure trust in the project team. The team could swap out these contracts and change the contracts' logic at any time.
  • Note that the team is publicly known. We spoke to @KeenanOlsen to organize this audit. Binance was the funding source for contracts' deployment.


  • Investing requires placing considerable trust in the project team as they have substantial power in the ecosystem.
  • No security issues from outside attackers were identified.
  • Date: December 22nd, 2020

Name

Address

Description

LbdToken

0x4Dc724737e6dB6F3e9ad289606dEE5cAbe19ff80

LinkBased's token contract.
Function Graph.   Inheritance Chart.

LbdTokenMonetaryPolicy

0x6697Bb0f01fcEF0F502705b10a77246a9b5eAB87

Monetary Policy for LbdToken. Handles rebases called by the Orchestrator contract.
Function Graph.   Inheritance Chart.

LbdTokenOrchestrator

0x98e65Ff33FE0476bCC073Ff296989A156E587869

Orchestrator (i.e. Controller) for the monetary policy of the token.
Function Graph.   Inheritance Chart.

Cascade

0x0832dB20A327223602c84B760D2F6A50bF8C654d

Provides rewards for users who stake their tokens in the liquidity pool.
Function Graph.   Inheritance Chart.

Crowdsale

Unknown/TBD

Crowdsale contract for presale use.
Function Graph.   Inheritance Chart.

Oracle

0x3F53F4A0c0624b37C98dA620b0d0C0eb67e47bcD

External Oracle to fetch target price from Chainlink.
Provider: 0x2c1d072e956AFFC0D435Cb7AC38EF18d24d9127c
Function Graph.   Inheritance Chart.

UniswapOracle

Unknown/TBD

External Oracle to fetch prices from Uniswap V2's Time-Weighted Average Price (TWAP) Oracle.
Function Graph.   Inheritance Chart.


External Threats - Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/AWarning
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansPrices are fetched from secure external oracles and time-weighted average price oracles which are cannot be maniuplated via flash loans.PASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesPrices are fetched from the Uniswap V2 using its TWAP Oracle and from Chainlink's
LINK/USDT Price Feed Oracle to determine target and current prices.
PASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Fixes & Improvements

Fixes reccomended and implemented during the audit:
  • Upgrade of the price-fetching mechanism from Uniswap to Uniswap's TWAP Oracle for flash-loan prevention.