Ninance - Smart Contract Audit Report

Audit Summary

Ninance Audit Report Ninance is building an NFT all-in-one solution platform that provides art lovers with a convenient and threshold-free channel to create, sell and discover art NFTs.

We reviewed the NinanceERC20, NinanceFactory, NinancePair and NinanceRouter contracts at commit 6842dc1c72cd774f6b9055c2bbf87990689090dc on the team's Github repository.

Audit Findings

No external threats were identified.
Date: January 26th, 2022.

Contracts Overview

NinanceERC20 Contract:
The NinanceERC20 contract implements the ERC-20 standard for use as an LP token.
This contract utilizes a 'permit' mechanism which allows the owner of the LP tokens to sign a transaction that enables another user to withdraw tokens and send them to the recipient. The recipient then submits the permit on behalf of the owner.
NinanceFactory Contract:
The NinanceFactory contract is responsible for the creation of liquidity pairs for the token, thereby enabling trading on the platform.
At the time of deployment, the initialize() function is called from the NinancePair contract which allows the factory to specify the two ERC-20 tokens that this pair will exchange.
Once the pool is created, its address is stored with a double mapping that takes both token addresses as input.
NinancePair Contract:
The NinancePair contract is the core Ninanceswap functionality.
Each Ninanceswap Pair manages a liquidity pool made up of reserves of two ERC-20 tokens.
This contract is responsible for tracking the balance of both tokens in the pair, as well as mints and burns of the LP token.
Users can add liquidity by providing an equivalent value of each token and are minted an LP token in return. The LP tokens may be burned to receive the underlying assets at any time.
Users may also exchange one token for an equivalent amount of the other token based on the current market value.
NinanceRouter Contract:
The NinanceRouter contract is used to interact with the liquidity pool that was created in the NinanceFactory contract.
NinanceRouter routes orders to the user-determined pair contract to swap assets.
This contract performs requirement checks needed for swapping tokens, adding liquidity, and removing liquidity.
General Notes on all Contracts:
The SafeMath library is utilized to prevent overflow/underflow attacks.
The lock modifier is utilized to prevent re-entrancy where appropriate.

External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Centralization of Control	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Flash Loans	N/A	PASS
Integer Over/Underflow	N/A	PASS
Logical Issues	N/A	PASS
Multiple Sends	N/A	PASS
Oracles	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

NinanceERC20, NinanceFactory, and NinancePair Contracts

MoonLift Graph

MoonLift


 ($) = payable function
 # = non-constant function

 + [Int] INinanceFactory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] INinancePair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] INinanceERC20 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] mul

 +  NinanceERC20 (INinanceERC20)
    - [Pub]  #
    - [Int] _mint #
    - [Int] _burn #
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] permit #

 + [Lib] Math 
    - [Int] min
    - [Int] sqrt

 + [Lib] UQ112x112 
    - [Int] encode
    - [Int] uqdiv

 + [Int] IERC20 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #

 + [Int] INinanceCallee 
    - [Ext] ninanceCall #

 +  NinancePair (INinancePair, NinanceERC20)
    - [Pub] getReserves
    - [Prv] _safeTransfer #
    - [Pub]  #
    - [Ext] initialize #
    - [Prv] _update #
    - [Prv] _mintFee #
    - [Ext] mint #
       - modifiers: lock
    - [Ext] burn #
       - modifiers: lock
    - [Ext] swap #
       - modifiers: lock
    - [Ext] skim #
       - modifiers: lock
    - [Ext] sync #
       - modifiers: lock

 +  NinanceFactory (INinanceFactory)
    - [Pub]  #
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

NinanceRouter Contract