MoonStakeFarm Token + Airdrop - Smart Contract Audit Report
MoonStakeFarm ($MSF) is a DeFi protocol that utilizes an inflation system that is said to reward the community and to encourage liquidity providers to the DEX. It also has a deflationary mechanism which burns tokens on each transaction and a taxation system to that is said to be used for liquidity, charity, rewards or whatever is vouched for by the community.
For this audit we reviewed the project's Airdrop contract deployed at 0x9d9265202c3541aa813546c901f10ff49152f484, and the project's token contract deployed at 0x80d7236b5d3f5a2af5d471bd0d0564d5bf6126a7 on the Binance Smart Chain mainnet.
Notes of the Token Contract:
Notes on the Airdrop Contract:
- The initial total supply of the token is 100 million.
- No minting functions are accessible after deployment.
- Any user may burn their own tokens to decrease the total supply.
- There is a burn fee and tax fee on all transactions.
- The tax fee is directed to a wallet controlled by the team; while the burn fee is burned, reducing the total supply.
- The team can set the tax and burn fee at any time, up to a maximum of 10% for each fee.
- The contract utilizes Solidity 0.8.1 which has built-in overflow checks.
Audit Findings Summary
- This contract allows MoonStakeFarm token holders to claim airdrops and allows users to stake LP tokens to earn Airdrops in the form of the project's native token.
- Users who hold MSF tokens or deposit LP tokens will be able to claim Airdrops once per day.
- Users must also hold some amount of the project's native token in order to claim airdrops.
- The team can update the Airdrop's reward allocation for LP tokens and regular tokens at any time.
- SafeMath is utilized to prevent overflow issues.
- The team must keep the token transfer fees equal or higher to the airdrop percentage for token holders. In the scenario where fees are lower than the airdrop percentage, users could in theory call claimAirdrop(), send tokens to a new address, call the same function, and reapeat this to claim multiple rewards for only one set of tokens. The team understands this and will keep fees above the airdrop percentage accordingly.
- No external security issues were identified.
- As with any presale, ensure trust in the team prior to investing.
- Further, ensure trust in the team as they have some control in the ecosystem.
- Date: May 28th, 2021.
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + Airdrop - [Pub]
# - [Pub] claimableTokens - [Ext] claimAirdrop # - [Ext] setAirdropPercentage # - [Pub] claimableTokensLP - [Ext] claimAirdropLP # - [Ext] stakeLP # - [Ext] withdrawLP # - [Ext] setLPTokenAmount #