Only Moons Token Locker V1 - Smart Contract Audit Report
Summary
Only Moons is building a platform that enables users to create and manage their own token lockers.
We reviewed the project team's contracts deployed at 0x016c1D8cf86f60A5382BA5c42D4be960CBd1b868 on the Binance SmartChain Mainnet.
Notes on the Contracts:
- Anyone can use the TokenLockerManager contract to create a new TokenLocker contract; the user is declared the owner of the new TokenLocker contract.
- On creation, the user specifies the token address, the amount to lock, and the unlock time.
- The tokens are immediately transferred to the TokenLocker contract.
- The owner of the TokenLockerManager can enable or disable the creation of TokenLockers at any time.
- The owner of the TokenLocker can deposit additional tokens and set a new unlock time at will. The new unlock time must later than the unlock time currently set, and it must be a future time.
- Once the unlock time has passed, the owner of the TokenLocker can withdraw the locked tokens from the contract.
- The owner of the TokenLocker can withdraw any ETH or tokens, except for the locked tokens, erroneously sent to the contract.
- The owner of the TokenLocker contract can transfer the ownership of the TokenLocker contract to any other address at any time.
- The logic within the deposit and withdrawal functions is properly structured to prevent any re-entrancy attacks.
- As the contracts are deployed with Solidity v0.8.10, they are safe from any possible overflows/underflows.
- The team worked with us to optimize these contracts for gas efficiency.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Date: November 24th, 2021.
- Updated: December 6th, 2021 to include new mainnet deployment address.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unbounded Loop | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
TokenLockerManagerV1 Contract
($) = payable function
# = non-constant function
+ [Int] ITokenLockerManagerV1
- [Ext] tokenLockerCount
- [Ext] creationEnabled
- [Ext] setCreationEnabled #
- [Ext] createTokenLocker #
- [Ext] getTokenLockAddress
- [Ext] getTokenLockData
- [Ext] getLpData
- [Ext] getTokenLockersForAddress
- [Ext] notifyLockerOwnerChange #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Int] _owner
- [Ext] owner
- [Int] _transferOwnership #
- modifiers: onlyOwner
- [Ext] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] totalSupply
- [Ext] decimals
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] Util
- [Ext] getTokenData
- [Ext] isLpToken
- [Ext] getLpData
+ TokenLockerV1 (Ownable)
- [Pub] #
- modifiers: Ownable
- [Prv] _balance
- [Ext] getIsLpToken
- [Ext] getLockData
- [Ext] getLpData
- [Ext] deposit #
- modifiers: onlyOwner,transferLocked
- [Ext] withdraw #
- modifiers: onlyOwner,transferLocked
- [Ext] withdrawToken #
- modifiers: onlyOwner,transferLocked
- [Ext] withdrawEth #
- modifiers: onlyOwner,transferLocked
- [Int] _transferOwnership #
- modifiers: onlyOwner
- [Ext] ($)
+ TokenLockerManagerV1 (ITokenLockerManagerV1, Ownable)
- [Pub] #
- modifiers: Ownable
- [Ext] tokenLockerCount
- [Ext] creationEnabled
- [Ext] setCreationEnabled #
- modifiers: onlyOwner
- [Ext] createTokenLocker #
- modifiers: allowCreation,lockCreation
- [Ext] getTokenLockAddress
- [Ext] getTokenLockData
- [Ext] getLpData
- [Ext] getTokenLockersForAddress
- [Ext] notifyLockerOwnerChange #