MasterSing - Smart Contract Audit Report

Summary

MasterSing Audit Report MasterSing is Singular.Farm's yield-farming platform that pays users rewards in the form of the protocol's $SING token.

For this audit, we reviewed the project team's 'MasterSing' contract by using code that was provided to us by the Singular Team.

Notes on the Contract:

  • The owner can use the MasterSing contract to add pools for LP tokens; the team must exercise caution when adding tokens to avoid ERC777-compliant tokens (this is uncommon).
  • The MasterSing staking contract should not be used with deflationary tokens. If a deflationary token is added as a staking asset, then the contract must be exempt from transfer fees.
  • The owner can set the allocation points and the deposit fee for any existing pool at any time.
  • Users pay a deposit fee to deposit LP tokens into a pool; all of which will go to the fee address (which is controlled by the team).
  • Users will receive a minted reward amount proportional to the allocation percentage assigned to the pool on a per-second basis; staking rewards can be calculated and transferred to the user at any time.
  • When the staking rewards are calculated for the pools, an additional 10% of the calculated rewards are subsequently minted to the Dev Address that is controlled by the team.
  • On deposits and withdrawals, pending rewards are calculated and transferred; rewards are paid in SING tokens.
  • The deposited funds are also staked in the ApeSwap masterchef (staking) contract (which was not reviewed as part of this audit).
  • This functionality allows user to earn rewards in both SING, as well as ApeSwap's reward token.
  • On withdrawals, the pending rewards will be calculated and transferred, and the user will receive the desired amount of LP tokens.
  • The user can also trigger an emergency withdraw, which will transfer all the user's deposited LP tokens to their wallet address, without calculating rewards.

  • The owner is able to set the emission rate for rewards to any value at any time.
  • The owner can modify the startTime to any time in the future; doing so would effectively pause the reward functionality for the contract.

  • Some functions could have been declared external and some state variables could have been declared constant for gas efficiency.
  • The contracts utilize the SafeMath library to prevent overflows along with following the BEP20 standard.
Audit Findings Summary
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as they have notable control in the ecosystem.
  • Further, ensure trust in the team as the reward system can be paused by the owner at any time.
  • Date: August 4th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

MasterSing Contract

ERC20 Token Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] IChef 
    - [Ext] deposit #
    - [Ext] withdrawAndHarvest #
    - [Ext] withdraw #
    - [Ext] harvest #
    - [Ext] pendingBanana
    - [Ext] poolInfo
    - [Ext] bananaPerSecond
    - [Ext] totalAllocPoint
    - [Ext] lpToken

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IBank 
    - [Ext] addRepo #

 +  BEP20 (Context, IBEP20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  SingToken (Ownable, BEP20)
    - [Pub]  #
       - modifiers: BEP20
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap,transferTaxFree
    - [Prv] swapTokensForUSDC #
    - [Ext]  ($)
    - [Pub] updateTransferTaxRate #
       - modifiers: onlyOperator
    - [Pub] setBank #
       - modifiers: onlyOperator
    - [Pub] setMasterchef #
       - modifiers: onlyOperator
    - [Pub] updateBurnRate #
       - modifiers: onlyOperator
    - [Pub] updateMinAmountToLiquify #
       - modifiers: onlyOperator
    - [Pub] updateSwapAndLiquifyEnabled #
       - modifiers: onlyOperator
    - [Pub] updateSingSwapRouter #
       - modifiers: onlyOperator
    - [Pub] operator
    - [Pub] transferOperator #
       - modifiers: onlyOperator
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 +  ReentrancyGuard 
    - [Int]  #

 +  MasterSing (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] poolLength
    - [Pub] initiate #
       - modifiers: onlyOwner
    - [Pub] add #
       - modifiers: onlyOwner
    - [Pub] set #
       - modifiers: onlyOwner
    - [Ext] pendingSing
    - [Ext] pendingEarned
    - [Pub] massUpdatePools #
    - [Pub] harvestAll #
    - [Pub] updatePool #
    - [Pub] updateReward #
    - [Int] buyBanana #
    - [Pub] deposit #
       - modifiers: nonReentrant
    - [Pub] withdraw #
       - modifiers: nonReentrant
    - [Int] stratDeposit #
    - [Int] stratWithdraw #
    - [Pub] emergencyWithdraw #
       - modifiers: nonReentrant
    - [Int] safeSingTransfer #
    - [Int] safeEarnTransfer #
    - [Pub] dev #
    - [Pub] setFeeAddress #
    - [Pub] updateEmissionRate #
       - modifiers: onlyOwner