Ninance - Smart Contract Audit Report
Audit Summary
Ninance is building an NFT all-in-one solution platform that provides art lovers with a convenient and threshold-free channel to create, sell and discover art NFTs.
We reviewed the NinanceERC20, NinanceFactory, NinancePair and NinanceRouter contracts at commit 6842dc1c72cd774f6b9055c2bbf87990689090dc on the team's Github repository.
Audit Findings
No external threats were identified.
Date: January 26th, 2022.
Contracts Overview
NinanceERC20 Contract:NinanceFactory Contract:
- The NinanceERC20 contract implements the ERC-20 standard for use as an LP token.
- This contract utilizes a 'permit' mechanism which allows the owner of the LP tokens to sign a transaction that enables another user to withdraw tokens and send them to the recipient. The recipient then submits the permit on behalf of the owner.
NinancePair Contract:
- The NinanceFactory contract is responsible for the creation of liquidity pairs for the token, thereby enabling trading on the platform.
- At the time of deployment, the initialize() function is called from the NinancePair contract which allows the factory to specify the two ERC-20 tokens that this pair will exchange.
- Once the pool is created, its address is stored with a double mapping that takes both token addresses as input.
NinanceRouter Contract:
- The NinancePair contract is the core Ninanceswap functionality.
- Each Ninanceswap Pair manages a liquidity pool made up of reserves of two ERC-20 tokens.
- This contract is responsible for tracking the balance of both tokens in the pair, as well as mints and burns of the LP token.
- Users can add liquidity by providing an equivalent value of each token and are minted an LP token in return. The LP tokens may be burned to receive the underlying assets at any time.
- Users may also exchange one token for an equivalent amount of the other token based on the current market value.
General Notes on all Contracts:
- The NinanceRouter contract is used to interact with the liquidity pool that was created in the NinanceFactory contract.
- NinanceRouter routes orders to the user-determined pair contract to swap assets.
- This contract performs requirement checks needed for swapping tokens, adding liquidity, and removing liquidity.
- The SafeMath library is utilized to prevent overflow/underflow attacks.
- The lock modifier is utilized to prevent re-entrancy where appropriate.
External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Centralization of Control | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Logical Issues | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
NinanceERC20, NinanceFactory, and NinancePair Contracts
($) = payable function
# = non-constant function
+ [Int] INinanceFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] INinancePair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] INinanceERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ NinanceERC20 (INinanceERC20)
- [Pub] #
- [Int] _mint #
- [Int] _burn #
- [Prv] _approve #
- [Prv] _transfer #
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] permit #
+ [Lib] Math
- [Int] min
- [Int] sqrt
+ [Lib] UQ112x112
- [Int] encode
- [Int] uqdiv
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Int] INinanceCallee
- [Ext] ninanceCall #
+ NinancePair (INinancePair, NinanceERC20)
- [Pub] getReserves
- [Prv] _safeTransfer #
- [Pub] #
- [Ext] initialize #
- [Prv] _update #
- [Prv] _mintFee #
- [Ext] mint #
- modifiers: lock
- [Ext] burn #
- modifiers: lock
- [Ext] swap #
- modifiers: lock
- [Ext] skim #
- modifiers: lock
- [Ext] sync #
- modifiers: lock
+ NinanceFactory (INinanceFactory)
- [Pub] #
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
NinanceRouter Contract
($) = payable function
# = non-constant function
+ [Lib] TransferHelper
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferETH #
+ [Int] INinanceRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] INinanceRouter02 (INinanceRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] INinanceFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
- [Ext] INIT_CODE_PAIR_HASH
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ [Int] INinancePair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Lib] NinanceLibrary
- [Int] sortTokens
- [Int] pairFor
- [Int] getReserves
- [Int] quote
- [Int] getAmountOut
- [Int] getAmountIn
- [Int] getAmountsOut
- [Int] getAmountsIn
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Int] IWETH
- [Ext] deposit ($)
- [Ext] transfer #
- [Ext] withdraw #
+ NinanceRouter (INinanceRouter02)
- [Pub] #
- [Ext] ($)
- [Int] _addLiquidity #
- [Ext] addLiquidity #
- modifiers: ensure
- [Ext] addLiquidityETH ($)
- modifiers: ensure
- [Pub] removeLiquidity #
- modifiers: ensure
- [Pub] removeLiquidityETH #
- modifiers: ensure
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Pub] removeLiquidityETHSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Int] _swap #
- [Ext] swapExactTokensForTokens #
- modifiers: ensure
- [Ext] swapTokensForExactTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokens ($)
- modifiers: ensure
- [Ext] swapTokensForExactETH #
- modifiers: ensure
- [Ext] swapExactTokensForETH #
- modifiers: ensure
- [Ext] swapETHForExactTokens ($)
- modifiers: ensure
- [Int] _swapSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- modifiers: ensure
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Pub] quote
- [Pub] getAmountOut
- [Pub] getAmountIn
- [Pub] getAmountsOut
- [Pub] getAmountsIn