Mega Token Staking - Smart Contract Audit Report

Summary

Mega Token Staking is a new staking contract that allows users to stake tokens in multiple different time intervals.

For this audit, we reviewed the Staking Contract provided to us by the team.

Notes on the Staking Contract:
  • This contract allows users to stake tokens for 3 months, 6 months, or 1 year.
  • If staking multiple times, tokens will be stored in distinct groups with their own release date.
  • Users must manually release tokens after the staking period. An amount to release is specified, up to the total amount staked.
  • When releasing tokens, all staked token groups that have reached their release date and have sufficient token balance will be released. There is no way to specify a specific set of locked tokens to release.
  • There is no limit on the amount of tokens that may be staked at once.
  • The team must exercise caution when deciding the staking token to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).

  • This contract is intended to be used with a proxy contract. As a result, this contract may be upgraded to another logic contract at any time.
  • As anyone may call the initialize function, the team should ensure they call the initialize function as soon as possible after deployment and prior to setting the proxy contract to use the contract as its implementation.
  • Although the contract inherits the Ownable library, no ownership-restricted functions are present.
  • Utilization of SafeMath to prevent overflows.
Audit Findings Summary
  • No external threats were identified.
  • Ensure trust in the team as they may change the implementation logic at anytime.
  • Date: November 18th, 2021.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Staking Graph

Staking


 ($) = payable function
 # = non-constant function

 + [Lib] SafeMathUpgradeable 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Initializable 

 +  ContextUpgradeable (Initializable)
    - [Int] __Context_init #
       - modifiers: initializer
    - [Int] __Context_init_unchained #
       - modifiers: initializer
    - [Int] _msgSender
    - [Int] _msgData

 +  OwnableUpgradeable (Initializable, ContextUpgradeable)
    - [Int] __Ownable_init #
       - modifiers: initializer
    - [Int] __Ownable_init_unchained #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 + [Int] IBeaconUpgradeable 
    - [Ext] implementation

 + [Lib] AddressUpgradeable 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] verifyCallResult

 + [Lib] StorageSlotUpgradeable 
    - [Int] getAddressSlot
    - [Int] getBooleanSlot
    - [Int] getBytes32Slot
    - [Int] getUint256Slot

 +  ERC1967UpgradeUpgradeable (Initializable)
    - [Int] __ERC1967Upgrade_init #
       - modifiers: initializer
    - [Int] __ERC1967Upgrade_init_unchained #
       - modifiers: initializer
    - [Int] _getImplementation
    - [Prv] _setImplementation #
    - [Int] _upgradeTo #
    - [Int] _upgradeToAndCall #
    - [Int] _upgradeToAndCallSecure #
    - [Int] _getAdmin
    - [Prv] _setAdmin #
    - [Int] _changeAdmin #
    - [Int] _getBeacon
    - [Prv] _setBeacon #
    - [Int] _upgradeBeaconToAndCall #
    - [Prv] _functionDelegateCall #

 +  UUPSUpgradeable (Initializable, ERC1967UpgradeUpgradeable)
    - [Int] __UUPSUpgradeable_init #
       - modifiers: initializer
    - [Int] __UUPSUpgradeable_init_unchained #
       - modifiers: initializer
    - [Ext] upgradeTo #
       - modifiers: onlyProxy
    - [Ext] upgradeToAndCall ($)
       - modifiers: onlyProxy
    - [Int] _authorizeUpgrade #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Staking (Initializable, UUPSUpgradeable, OwnableUpgradeable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Ext] threeMonthStaking #
    - [Ext] sixMonthStaking #
    - [Ext] oneYearStaking #
    - [Ext] releaseStake #
    - [Int] _authorizeUpgrade #
       - modifiers: onlyOwner