Mega Token Staking - Smart Contract Audit Report
Summary
Mega Token Staking is a new staking contract that allows users to stake tokens in multiple different time intervals.
Notes on the Staking Contract:
- This contract allows users to stake tokens for 3 months, 6 months, or 1 year.
- If staking multiple times, tokens will be stored in distinct groups with their own release date.
- Users must manually release tokens after the staking period. An amount to release is specified, up to the total amount staked.
- When releasing tokens, all staked token groups that have reached their release date and have sufficient token balance will be released. There is no way to specify a specific set of locked tokens to release.
- There is no limit on the amount of tokens that may be staked at once.
- The team must exercise caution when deciding the staking token to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
- This contract is intended to be used with a proxy contract. As a result, this contract may be upgraded to another logic contract at any time.
- As anyone may call the initialize function, the team should ensure they call the initialize function as soon as possible after deployment and prior to setting the proxy contract to use the contract as its implementation.
- Although the contract inherits the Ownable library, no ownership-restricted functions are present.
Audit Findings Summary
- Utilization of SafeMath to prevent overflows.
- No external threats were identified.
- Ensure trust in the team as they may change the implementation logic at anytime.
- Date: November 18th, 2021.
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
+ [Lib] SafeMathUpgradeable
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Initializable
+ ContextUpgradeable (Initializable)
- [Int] __Context_init #
- modifiers: initializer
- [Int] __Context_init_unchained #
- modifiers: initializer
- [Int] _msgSender
- [Int] _msgData
+ OwnableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Ownable_init #
- modifiers: initializer
- [Int] __Ownable_init_unchained #
- modifiers: initializer
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Int] IBeaconUpgradeable
- [Ext] implementation
+ [Lib] AddressUpgradeable
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] verifyCallResult
+ [Lib] StorageSlotUpgradeable
- [Int] getAddressSlot
- [Int] getBooleanSlot
- [Int] getBytes32Slot
- [Int] getUint256Slot
+ ERC1967UpgradeUpgradeable (Initializable)
- [Int] __ERC1967Upgrade_init #
- modifiers: initializer
- [Int] __ERC1967Upgrade_init_unchained #
- modifiers: initializer
- [Int] _getImplementation
- [Prv] _setImplementation #
- [Int] _upgradeTo #
- [Int] _upgradeToAndCall #
- [Int] _upgradeToAndCallSecure #
- [Int] _getAdmin
- [Prv] _setAdmin #
- [Int] _changeAdmin #
- [Int] _getBeacon
- [Prv] _setBeacon #
- [Int] _upgradeBeaconToAndCall #
- [Prv] _functionDelegateCall #
+ UUPSUpgradeable (Initializable, ERC1967UpgradeUpgradeable)
- [Int] __UUPSUpgradeable_init #
- modifiers: initializer
- [Int] __UUPSUpgradeable_init_unchained #
- modifiers: initializer
- [Ext] upgradeTo #
- modifiers: onlyProxy
- [Ext] upgradeToAndCall ($)
- modifiers: onlyProxy
- [Int] _authorizeUpgrade #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Staking (Initializable, UUPSUpgradeable, OwnableUpgradeable)
- [Pub] initialize #
- modifiers: initializer
- [Ext] threeMonthStaking #
- [Ext] sixMonthStaking #
- [Ext] oneYearStaking #
- [Ext] releaseStake #
- [Int] _authorizeUpgrade #
- modifiers: onlyOwner