MoonStakeFarm Token + Airdrop - Smart Contract Audit Report


MoonStakeFarm Airdrop Audit Report MoonStakeFarm ($MSF) is a DeFi protocol that utilizes an inflation system that is said to reward the community and to encourage liquidity providers to the DEX. It also has a deflationary mechanism which burns tokens on each transaction and a taxation system to that is said to be used for liquidity, charity, rewards or whatever is vouched for by the community.

For this audit we reviewed the project's Airdrop contract deployed at 0x9d9265202c3541aa813546c901f10ff49152f484, and the project's token contract deployed at 0x80d7236b5d3f5a2af5d471bd0d0564d5bf6126a7 on the Binance Smart Chain mainnet.

Notes of the Token Contract:
  • The initial total supply of the token is 100 million.
  • No minting functions are accessible after deployment.
  • Any user may burn their own tokens to decrease the total supply.
  • There is a burn fee and tax fee on all transactions.
  • The tax fee is directed to a wallet controlled by the team; while the burn fee is burned, reducing the total supply.
  • The team can set the tax and burn fee at any time, up to a maximum of 10% for each fee.
  • The contract utilizes Solidity 0.8.1 which has built-in overflow checks.
Notes on the Airdrop Contract:
  • This contract allows MoonStakeFarm token holders to claim airdrops and allows users to stake LP tokens to earn Airdrops in the form of the project's native token.
  • Users who hold MSF tokens or deposit LP tokens will be able to claim Airdrops once per day.
  • Users must also hold some amount of the project's native token in order to claim airdrops.
  • The team can update the Airdrop's reward allocation for LP tokens and regular tokens at any time.
  • SafeMath is utilized to prevent overflow issues.
  • The team must keep the token transfer fees equal or higher to the airdrop percentage for token holders. In the scenario where fees are lower than the airdrop percentage, users could in theory call claimAirdrop(), send tokens to a new address, call the same function, and reapeat this to claim multiple rewards for only one set of tokens. The team understands this and will keep fees above the airdrop percentage accordingly.
Audit Findings Summary
  • No external security issues were identified.
  • As with any presale, ensure trust in the team prior to investing.
  • Further, ensure trust in the team as they have some control in the ecosystem.
  • Date: May 28th, 2021.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether/Token ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

ERC20 Airdrop Graph

Multi-file Airdrop

 ($) = payable function
 # = non-constant function
 Int = Internal
 Ext = External
 Pub = Public

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Airdrop 
    - [Pub]  #
    - [Pub] claimableTokens
    - [Ext] claimAirdrop #
    - [Ext] setAirdropPercentage #
    - [Pub] claimableTokensLP
    - [Ext] claimAirdropLP #
    - [Ext] stakeLP #
    - [Ext] withdrawLP #
    - [Ext] setLPTokenAmount #