Memex Staking - Smart Contract Audit Report
Memex intends to build a dex and coin tracker for meme tokens.For this audit, we analyzed the project's MasterChef staking contract. We reviewed the contract using code provided to us by the team, available below.
Notes on the Contract:
Users can stake tokens into the MasterChef staking contract into order to earn MEMEX tokens. The project team can add different types of tokens for staking, and can update the reward rates for each token at any time. There is a fee associated with making a deposit to the contract, set by the team at the time of adding each asset pool. Users will accrue rewards over the length of their stake. Upon withdrawing from the contract, user's rewards will be claimed. The team has the ability to remove MEMEX tokens from the contract at any time. If MEMEX can be staked, this would allow the team to move user's MEMEX tokens without permission. We advise not having MEMEX be staked in this contract, or the two relevant functions be removed. Some public functions may be declared external to save a small amount of gas on each transaction. The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens. Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks. Utilization of SafeMath to prevent overflow issues.Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have some control over the ecosystem.
- Date: May 7th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + Context - [Int]
# - [Int] _msgSender - [Int] _msgData + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + [Int] IBEP20 - [Ext] totalSupply - [Ext] decimals - [Ext] symbol - [Ext] name - [Ext] getOwner - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + Ownable (Context) - [Int] # - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + BEP20 (Context, IBEP20, Ownable) - [Pub] # - [Ext] getOwner - [Pub] name - [Pub] decimals - [Pub] symbol - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Pub] mint # - modifiers: onlyOwner - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _burnFrom # + [Lib] SafeBEP20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + MasterChef (Ownable) - [Pub] # - [Ext] poolLength - [Pub] add # - modifiers: onlyOwner - [Pub] set # - modifiers: onlyOwner - [Pub] getMultiplier - [Ext] pendingMemex - [Pub] massUpdatePools # - [Pub] updatePool # - [Pub] deposit # - [Pub] withdraw # - [Pub] emergencyWithdraw # - [Pub] getMemexBalance - [Pub] getMemexRewardBalance - [Pub] approveMemexToOwner # - modifiers: onlyOwner - [Pub] withdrawMemexToOwner # - modifiers: onlyOwner - [Int] safeMemexTransfer # - [Pub] dev # - [Pub] setFeeAddress # - [Pub] updateEmissionRate # - modifiers: onlyOwner