Osiris - Smart Contract Audit Report
Summary
Osiris is building a new farm on the Avalance blockchain.
We reviewed Osiris's contracts at commit 8254e6ac36f6b5dfc939f42fcebf0893a71fc1af and again at commit 20418e46ba4d08a97958619d0706565e6ed051c9 on GitHub.
Notes on the Token Contract:
- No minting or burning functions are present.
- Users who hold tokens will automatically receive a 100% of the fees from a 1.5% transaction tax on each transfer instantly.
- Transfers are paused by default, disallowing non-excluded addresses from haivng the token interact with the liquidity pool or router. Once unpaused by the owner, transfers can not be paused again.
- The owner can exclude any address from the fee mechanism.
- SafeMath is utilized to prevent overflows.
Notes on the Incentives Contract:- Users can stake their USDT/Osiris LP tokens in this contract to earn rewards in Osiris tokens.
- The team will set the reward rate upon deployment and can only update it after a prior rewards period ends.
- The team must provide the reward tokens manually.
- The team will set the reward LP token address via the initializeReward() and initializeStake() functions. Once set, the LP token address cannot be updated; though the reward token can.
- Utilization of SafeMath to prevent overflow issues.
Notes of the Presale Contract:
- This contract allows users to purchase tokens at a pre-determined price.
- Users can contribute between 5 and 200 AVAX to the presale; up to the presale's hard cap of 20,000 AVAX.
- At the conclusion of the presale, the team can call allocateAndAddLiquidity() to retrieve their allocation of raised funds, and automatically add liquidity.
- Liquidity will unlock and be claimable by the team 1 year after the presale.
- In the case of a critical unexpected issue, the team can enable refunds and allow users to claim back their deposited funds. This will also be allowed 7 days after deployment.
- Contract-based wallets cannot participate in the presale.
- The team will set the address of the OSIRIS token. Once set, it cannot be set again.
- The team will be able to claim 5000 tokens every 10 days after the presale.
- The team can also queue transaction that send tokens to the incentive pool which can be executed 3 days after being queued.
- The contract utilizes SafeMath for overflow checks and ReentrancyGuard is also used when purchasing tokens to prevent any potential reentrancy issues.
Audit Findings Summary
- No issues from external attackers were identified.
- As with any presale, ensure trust in the project team prior to investing. The team is anonymous.
- Date: April 29th, 2021
- Update Date: May 1st, 2021 - Minor logic fixes, implementation of gas optimizations.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: Osiris Token
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IPangolinFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IPangolinERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
+ [Int] IPangolinRouter01
- [Ext] factory
- [Ext] WAVAX
- [Ext] addLiquidity #
- [Ext] addLiquidityAVAX ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityAVAX #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityAVAXWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactAVAXForTokens ($)
- [Ext] swapTokensForExactAVAX #
- [Ext] swapExactTokensForAVAX #
- [Ext] swapAVAXForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IPangolinRouter02 (IPangolinRouter01)
- [Ext] removeLiquidityAVAXSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityAVAXWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactAVAXForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForAVAXSupportingFeeOnTransferTokens #
+ ReentrancyGuard
- [Int] #
+ Osiris (Context, IERC20, Ownable, ReentrancyGuard)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcluded
- [Pub] totalFees
- [Pub] casting #
- [Pub] castingFromToken
- [Pub] tokenFromCastings
- [Ext] excludeAccount #
- modifiers: onlyOwner
- [Ext] includeAccount #
- modifiers: onlyOwner
- [Ext] unPauseTransferForever #
- modifiers: nonReentrant
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _castingFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
Details: Osiris Incentives
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] Math
- [Int] max
- [Int] min
- [Int] average
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] isOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] toPayable
- [Int] sendValue #
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] callOptionalReturn #
+ IRewardDistributionRecipient (Ownable)
- [Ext] notifyRewardAmount #
- [Ext] setRewardDistribution #
- modifiers: onlyOwner
+ LPTokenWrapper
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] stake #
- [Pub] withdraw #
+ OsirisIncentives (LPTokenWrapper, IRewardDistributionRecipient)
- [Ext] setRewardsDuration #
- modifiers: onlyOwner
- [Ext] initializeReward #
- modifiers: onlyOwner
- [Ext] initializeStake #
- modifiers: onlyOwner
- [Pub] lastTimeRewardApplicable
- [Pub] rewardPerToken
- [Pub] earned
- [Pub] stake #
- modifiers: updateReward,checkStart
- [Pub] withdraw #
- modifiers: updateReward,checkStart
- [Ext] exit #
- [Pub] getReward #
- modifiers: updateReward,checkStart
- [Ext] notifyRewardAmount #
- modifiers: onlyRewardDistribution,updateReward
Details: Osiris Governance Presale
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] transfer #
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] unPauseTransferForever #
- [Ext] pangolinPair #
+ [Int] IPNG
- [Ext] addLiquidityAVAX ($)
- [Ext] WAVAX
+ [Int] IPangolinFactory
- [Ext] createPair #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ ReentrancyGuard
- [Pub] #
+ OsirisPresale (Context, ReentrancyGuard)
- [Pub] #
- [Ext] ($)
- [Ext] SUPER_DUPER_EMERGENCY_ALLOW_REFUNDS_DO_NOT_FUCKING_CALL_IT_FOR_FUN #
- modifiers: onlyOwner,nonReentrant
- [Ext] queueTokenToIncentivesPool #
- modifiers: onlyOwner
- [Ext] sendTokenToIncentivesPool #
- modifiers: onlyOwner
- [Ext] getRefund #
- modifiers: nonReentrant
- [Ext] withdrawPool #
- modifiers: onlyOwner,nonReentrant
- [Ext] withdrawTeamTokens #
- modifiers: onlyOwner,nonReentrant
- [Ext] setOSIR #
- modifiers: onlyOwner,nonReentrant
- [Ext] startPresale #
- modifiers: onlyOwner
- [Ext] pausePresale #
- modifiers: onlyOwner
- [Pub] buyTokens ($)
- modifiers: nonReentrant
- [Ext] userAvaxSpenttInPresale
- [Ext] allocateAndAddLiquidity #
- modifiers: onlyOwner
- [Int] addLiquidity #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod