MoonFarm Token - Smart Contract Audit Report

Summary

MoonFarm Audit Report MoonFarm is building a new yield farming platform.

We reviewed the project team's smart contracts at the following links on the Moonriver mainnet:


  • MoonFarm Token Contract - 0xB497c3E9D27Ba6b1fea9F1b941d8C79E66cfC9d6
  • MoonSwap Token Contract - 0xB3FB48bF090bEDFF4f6F93FFb40221742E107db7
  • MoonMaster Contract - 0x78Aa55Ce0b0DC7488d2C38BD92769f4d0C8196Ff
  • Notes on the individual Contracts

    MoonFarm Token Contract:
    • The owner has the ability to mint any amount of $MOON tokens to any address at any time.
    • MoonFarm tokens can be minted by the MoonMaster contract, as it is specified as the owner of the MoonFarm contract.
    • No burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
    • As the project is implemented with Solidity v0.8.x, it is protected from overflows.
    • The token contract complies with the ERC20 standard.

    • MoonSwap Token Contract:
    • The total supply of the token is set to 100,000,000 $mSwap.
    • No mint functions are present beyond deployment.
    • Any holder can burn their tokens to reduce the total supply.
    • As the project is implemented with Solidity v0.8.x, it is protected from overflows.
    • The token contract complies with the ERC20 standard.

    • MoonMaster Contract:
    • Users can stake various tokens into the MasterChef contract in order to earn MoonFarm tokens as rewards.
    • There is a deposit fee set by the team for each asset that a user can stake.
    • User's rewards are claimed when withdrawing from the contract. There are no fees associated with this action.
    • An emergencyWithdraw function exists so users can withdraw without collecting rewards.
    • The owner can update the global reward rate at any time via the updateEmissionRate function.
    • The owner can add different types of tokens for staking, and can update the reward rates for each pool at any time.
    • We recommend that the owner exercises caution when adding tokens to avoid fee-on-transfer (unless the proper exemptions are made), and ERC777-compliant tokens.
    • Some functions can be declared external instead of public to save gas on each call.
    • Function getMultiplier should be restricted to pure instead of view.
    • Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.

    Audit Findings Summary
    • No external threats were identified.
    • Please ensure trust in the team prior to investing as they have some control in the ecosystem.
    • Date: September 21st, 2021

    Audit Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Details: MoonFarm Token Contract

    ERC20 Token Graph

    Multi-file Token

    
     ($) = payable function
     # = non-constant function
     
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _beforeTokenTransfer #
        - [Int] _afterTokenTransfer #
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     +  MoonFarmToken (Ownable, ERC20)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner							


    Details: MoonSwap Token Contract


    ERC20 Token Graph

    Multi-file Token

    
     ($) = payable function
     # = non-constant function
     
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _beforeTokenTransfer #
        - [Int] _afterTokenTransfer #
    
     +  ERC20Burnable (Context, ERC20)
        - [Pub] burn #
        - [Pub] burnFrom #
    
     +  ERC20PresetFixedSupply (ERC20Burnable)
        - [Pub]  #
           - modifiers: ERC20
    
     +  MoonSwapToken (ERC20PresetFixedSupply)
        - [Pub]  #
           - modifiers: ERC20PresetFixedSupply
    					



    Details: MoonMaster Contract


    ERC20 Token Graph

    Multi-file Token

    
     ($) = payable function
     # = non-constant function
     
     + [Lib] SafeMath 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Int] verifyCallResult
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Prv] _setOwner #
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _beforeTokenTransfer #
        - [Int] _afterTokenTransfer #
    
     +  MoonFarmToken (Ownable, ERC20)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner
    
     +  MoonMaster (Ownable)
        - [Pub]  #
        - [Ext] poolLength
        - [Pub] add #
           - modifiers: onlyOwner,nonDuplicated
        - [Pub] set #
           - modifiers: onlyOwner
        - [Pub] getMultiplier
        - [Ext] pendingmoonfarm
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
        - [Pub] deposit #
        - [Pub] withdraw #
        - [Pub] emergencyWithdraw #
        - [Int] safemoonfarmTransfer #
        - [Pub] dev #
        - [Pub] setFeeAddress #
        - [Pub] updateEmissionRate #
           - modifiers: onlyOwner
        - [Pub] updateStartBlock #
           - modifiers: onlyOwner