MasterSing - Smart Contract Audit Report
Summary
MasterSing is Singular.Farm's yield-farming platform that pays users rewards in the form of the protocol's $SING token.
Notes on the Contract:Audit Findings Summary
- The owner can use the MasterSing contract to add pools for LP tokens; the team must exercise caution when adding tokens to avoid ERC777-compliant tokens (this is uncommon).
- The MasterSing staking contract should not be used with deflationary tokens. If a deflationary token is added as a staking asset, then the contract must be exempt from transfer fees.
- The owner can set the allocation points and the deposit fee for any existing pool at any time.
- Users pay a deposit fee to deposit LP tokens into a pool; all of which will go to the fee address (which is controlled by the team).
- Users will receive a minted reward amount proportional to the allocation percentage assigned to the pool on a per-second basis; staking rewards can be calculated and transferred to the user at any time.
- When the staking rewards are calculated for the pools, an additional 10% of the calculated rewards are subsequently minted to the Dev Address that is controlled by the team.
- On deposits and withdrawals, pending rewards are calculated and transferred; rewards are paid in SING tokens.
- The deposited funds are also staked in the ApeSwap masterchef (staking) contract (which was not reviewed as part of this audit).
- This functionality allows user to earn rewards in both SING, as well as ApeSwap's reward token.
- On withdrawals, the pending rewards will be calculated and transferred, and the user will receive the desired amount of LP tokens.
- The user can also trigger an emergency withdraw, which will transfer all the user's deposited LP tokens to their wallet address, without calculating rewards.
- The owner is able to set the emission rate for rewards to any value at any time.
- The owner can modify the startTime to any time in the future; doing so would effectively pause the reward functionality for the contract.
- Some functions could have been declared external and some state variables could have been declared constant for gas efficiency.
- The contracts utilize the SafeMath library to prevent overflows along with following the BEP20 standard.
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have notable control in the ecosystem.
- Further, ensure trust in the team as the reward system can be paused by the owner at any time.
- Date: August 4th, 2021
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
MasterSing Contract
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] IChef
- [Ext] deposit #
- [Ext] withdrawAndHarvest #
- [Ext] withdraw #
- [Ext] harvest #
- [Ext] pendingBanana
- [Ext] poolInfo
- [Ext] bananaPerSecond
- [Ext] totalAllocPoint
- [Ext] lpToken
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IBank
- [Ext] addRepo #
+ BEP20 (Context, IBEP20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ SingToken (Ownable, BEP20)
- [Pub] #
- modifiers: BEP20
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap,transferTaxFree
- [Prv] swapTokensForUSDC #
- [Ext] ($)
- [Pub] updateTransferTaxRate #
- modifiers: onlyOperator
- [Pub] setBank #
- modifiers: onlyOperator
- [Pub] setMasterchef #
- modifiers: onlyOperator
- [Pub] updateBurnRate #
- modifiers: onlyOperator
- [Pub] updateMinAmountToLiquify #
- modifiers: onlyOperator
- [Pub] updateSwapAndLiquifyEnabled #
- modifiers: onlyOperator
- [Pub] updateSingSwapRouter #
- modifiers: onlyOperator
- [Pub] operator
- [Pub] transferOperator #
- modifiers: onlyOperator
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId
+ ReentrancyGuard
- [Int] #
+ MasterSing (Ownable, ReentrancyGuard)
- [Pub] #
- [Ext] poolLength
- [Pub] initiate #
- modifiers: onlyOwner
- [Pub] add #
- modifiers: onlyOwner
- [Pub] set #
- modifiers: onlyOwner
- [Ext] pendingSing
- [Ext] pendingEarned
- [Pub] massUpdatePools #
- [Pub] harvestAll #
- [Pub] updatePool #
- [Pub] updateReward #
- [Int] buyBanana #
- [Pub] deposit #
- modifiers: nonReentrant
- [Pub] withdraw #
- modifiers: nonReentrant
- [Int] stratDeposit #
- [Int] stratWithdraw #
- [Pub] emergencyWithdraw #
- modifiers: nonReentrant
- [Int] safeSingTransfer #
- [Int] safeEarnTransfer #
- [Pub] dev #
- [Pub] setFeeAddress #
- [Pub] updateEmissionRate #
- modifiers: onlyOwner