Meliora Finance - Smart Contract Audit Report
Summary
Meliora Finance intends to build a multichain, trust-less, permission-less, and secure wallet & decentralized swap ecosystem.
We reviewed Meliora Finance's staking contract at commit c73681fe32bd3dd31fdddbf248bc281032957d32 on GitHub.
We also reviewed Meliora Finance's token contract at 0xb64cd4f56043f8d80691433e395d08b1bebdadf0.
Notes on the Staking Contract:
Audit Findings Summary:- Users can stake their Meliora tokens to earn additional Meliora as rewards.
- The reward rate earned on staked funds depends on the amount of tokens staked as follows:
- There are no rewards for staking under 2,000 tokens. The team should consider requiring at least this many tokens be staked.
- Staking 2000-7000 tokens earns the staker 50% APY.
- Staking 7,000-16,000 tokens earns the staker 70% APY.
- Staking more than 16,000 tokens earns the staker 90% APY.
- Staking rewards will last for 5 months. 24 hours after rewards end, anyone will be able to call BurnRemainingTokens() which burns all tokens in the contract that have yet to be allocated for rewards.
- The team intends to provide 1 million tokens to the contract upon deployment to fund these rewards.
- Defining _staker and _to as local variables is redundant when their definitions can be used in their place.
- Some gas optimizations can be achieved through marking functions external instead of public.
- Utilization of SafeMath throughout the platform to prevent overflow issues.
Notes on the Token Contract:- The total supply of the token is 5.5 million, delivered to the team upon deployment. Currently the team holds all of these tokens.
- No further tokens can be minted, though tokens can be burned.
- No ownership-related functions exist
- The contract utilizes SafeMath to prevent overflows.
- Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational.
- No security issues from external attackers were identified.
- As with any presale, ensure trust in the team prior to investing.
- KYC: Yes, by Pinpoint Capital.
- Date: March 12th, 2021
- Update Date: March 19th, 2021 - Incorporate changes and add analysis on token contract.
Combined Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: Staking Contract
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ ERC20Burnable (Context, ERC20)
- [Pub] burn #
- [Pub] burnFrom #
+ Moratoken (ERC20Burnable)
- [Pub] #
- modifiers: ERC20
+ MoraStaking
- [Pub] #
- modifiers: nonZeroAddress
- [Ext] Stake #
- [Ext] UnstakeAndClaim #
- [Ext] BurnRemainingTokens #
- [Ext] MyStakes
- [Ext] TotalActiveStakes
- [Ext] TotalActiveStakeAmount
- [Ext] TotalDistributedReward
- [Ext] RemainingTokens
Source Code
Click here to download the source code as a .sol file.
Details: Token Contract
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ ERC20Burnable (Context, ERC20)
- [Pub] burn #
- [Pub] burnFrom #
+ Mora (ERC20Burnable)
- [Pub] #
- modifiers: ERC20
Source Code
Click here to download the source code as a .sol file.