Polkabase - Smart Contract Audit Report

Summary

Polkabase is a token which has its price rebases based upon the weighted market cap of a basket of cryptocurrencies in the Polkadot ecosystem at a ratio of 1 : 1 billion.

We audited Polkabase on testnet at the following addresses:

MedianOracle Contract:

This contract represents the oracles for the TargetPrice and the MarketPrice contracts.

These contracts pull external data to provide the platform with market data which is used to calculate the rebases of the token.

Users must trust the team's oracle implementation to provide honest pricing.

Some gas optimizations can be achieved through marking functions external.

Utilization of SafeMath to prevent overflows.

UFragments_PBASE_Token & UFragmentsPolicy Contracts:

These contracts represent the token and the monetary policy that controls the rebases.

The owner has the ability to update the orchestrator and oracle addresses at any time; as well as some variables used in calculating the rebase.

Some gas optimizations can be achieved through marking functions external.

Utilization of SafeMath to prevent overflows.

Orchestrator Contract:

The Orchestrator contract is used to trigger and call the rebase of the PBASE token.

The team has the ability to update the monetary policy address at any time.

This contract also gives the team the ability to execute arbitrary transactions.

Some gas optimizations can be achieved through marking functions external.

Utilization of SafeMath to prevent overflows.

Audit Findings Summary:

No issues from outside attackers were identified.

Ensure trust in the project team as they have notable power in the ecosystem.

Date: February 10th, 2021.

Update Date: February 11th, 2021 - Resolution of issue with rebase function with regards to Uniswap Liquidity.

Combined Audit Results

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMath 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] mod

 +  Ownable 
    - [Int]  #
    - [Pub] owner
    - [Pub] isOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Lib] Select 
    - [Int] computeMedian

 + [Int] IOracle 
    - [Ext] getData #

 +  MedianOracle (Ownable, IOracle)
    - [Pub]  #
    - [Ext] setReportExpirationTimeSec #
       - modifiers: onlyOwner
    - [Ext] setReportDelaySec #
       - modifiers: onlyOwner
    - [Ext] setMinimumProviders #
       - modifiers: onlyOwner
    - [Ext] pushReport #
    - [Ext] purgeReports #
    - [Ext] getData #
    - [Ext] addProvider #
       - modifiers: onlyOwner
    - [Ext] removeProvider #
       - modifiers: onlyOwner
    - [Ext] providersSize

							

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs

 +  Initializable 
    - [Prv] isConstructor

 +  Ownable (Initializable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] isOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Lib] SafeMath 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] transfer #
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20Detailed (Initializable, IERC20)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals

 +  UFragments (ERC20Detailed, Ownable)
    - [Ext] setMonetaryPolicy #
       - modifiers: onlyOwner
    - [Ext] rebase #
       - modifiers: onlyMonetaryPolicy
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
       - modifiers: validRecipient
    - [Pub] allowance
    - [Pub] transferFrom #
       - modifiers: validRecipient
    - [Pub] approve #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
	

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs

 + [Lib] UInt256Lib 
    - [Int] toInt256Safe

 +  Initializable 
    - [Prv] isConstructor

 +  Ownable (Initializable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] isOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Lib] SafeMath 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] transfer #
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20Detailed (Initializable, IERC20)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals

 +  UFragments (ERC20Detailed, Ownable)
    - [Ext] setMonetaryPolicy #
       - modifiers: onlyOwner
    - [Ext] rebase #
       - modifiers: onlyMonetaryPolicy
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
       - modifiers: validRecipient
    - [Pub] allowance
    - [Pub] transferFrom #
       - modifiers: validRecipient
    - [Pub] approve #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #

 + [Int] IOracle 
    - [Ext] getData #

 +  UFragmentsPolicy (Ownable)
    - [Ext] rebase #
       - modifiers: onlyOrchestrator
    - [Ext] setTargetPriceOracle #
       - modifiers: onlyOwner
    - [Ext] setMarketOracle #
       - modifiers: onlyOwner
    - [Ext] setOrchestrator #
       - modifiers: onlyOwner
    - [Ext] setDeviationThreshold #
       - modifiers: onlyOwner
    - [Ext] setExchangeRate #
       - modifiers: onlyOwner
    - [Ext] setRebaseLag #
       - modifiers: onlyOwner
    - [Ext] setRebaseTimingParameters #
       - modifiers: onlyOwner
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] inRebaseWindow
    - [Prv] computeSupplyDelta
    - [Prv] withinDeviationThreshold
							

 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs

 + [Lib] UInt256Lib 
    - [Int] toInt256Safe

 +  Initializable 
    - [Prv] isConstructor

 +  Ownable (Initializable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] owner
    - [Pub] isOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Lib] SafeMath 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] transfer #
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20Detailed (Initializable, IERC20)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals

 +  UFragments (ERC20Detailed, Ownable)
    - [Ext] setMonetaryPolicy #
       - modifiers: onlyOwner
    - [Ext] rebase #
       - modifiers: onlyMonetaryPolicy
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
       - modifiers: validRecipient
    - [Pub] allowance
    - [Pub] transferFrom #
       - modifiers: validRecipient
    - [Pub] approve #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #

 + [Int] IOracle 
    - [Ext] getData #

 +  UFragmentsPolicy (Ownable)
    - [Ext] rebase #
       - modifiers: onlyOrchestrator
    - [Pub] getTargetPrice
    - [Ext] setTargetPrice #
       - modifiers: onlyOwner
    - [Ext] setTargetPriceOracle #
       - modifiers: onlyOwner
    - [Ext] setMarketOracle #
       - modifiers: onlyOwner
    - [Ext] setOrchestrator #
       - modifiers: onlyOwner
    - [Ext] setDeviationThreshold #
       - modifiers: onlyOwner
    - [Ext] setExchangeRate #
       - modifiers: onlyOwner
    - [Ext] setRebaseLag #
       - modifiers: onlyOwner
    - [Ext] setRebaseTimingParameters #
       - modifiers: onlyOwner
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] inRebaseWindow
    - [Prv] computeSupplyDelta
    - [Prv] withinDeviationThreshold

 +  Orchestrator (Ownable)
    - [Pub]  #
    - [Ext] rebase #
    - [Ext] addTransaction #
       - modifiers: onlyOwner
    - [Ext] removeTransaction #
       - modifiers: onlyOwner
    - [Ext] setTransactionEnabled #
       - modifiers: onlyOwner
    - [Ext] transactionsSize
    - [Int] externalCall #
	
							

• Go Home