PolyYeld Finance - Smart Contract Audit Report

Summary

PolyYeld Finance is building a new yield farming platform on Polygon.

For this audit, we analyzed PolyYeld Finance's token contract and their MasterChef staking contract. We reviewed the team's code at the following addresses on the Polygon mainnet:

PolyYeld FinanceSwap Token: 0xd0f3121A190d85dE0AB6131f2bCEcdbfcfB38891

MasterChef Staking: 0x2DC11B394BD0f1CC6AC0a269cfe3CC0b333601B4

Notes on the Contracts:
The initial total supply of the PolyYeld token is 0. Currently, the total supply is 3,229 YELD tokens.
More tokens can be minted by the owner of the token contract at any time.
The owner of the token contract has been properly set to the MasterChef staking contract for the provision of staking rewards.
The maximum supply of the token is 62,100 tokens.
Currently, 44% of the token's supply is held in the MasterChef contract.
46% of the supply is held in the liquidity pool.
Liquidity is not locked as it is primarily being provided by users staking LP tokens in the MasterChef contract.
The team holds 5.7% of the supply unlocked.
The next largest holder has 2.1%
The token is designed to be a governance token where 1 token = 1 vote.
Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.

Users can stake various tokens in this contract to earn rewards in the form of the project's native PolyYeld token.
There is a fee associated with making a deposit to the contract, set by the team upon adding the pool. The fee is directed to the team and its percentage can be updated at any time.
Users can also earn further token rewards by refering others to deposit into the contract. Referral logic is held in a separate contract.
The developers will be minted some tokens from rewards to incentivize further development.
The team must be careful not to add the same token twice or fee-on-transfer tokens for staking.
Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational.
Utilization of SafeMath (or similarily safe functions) to prevent overflows; and usage of ReentrancyGuard to prevent reentrancy via ERC777-compliant tokens.

Audit Findings Summary:
No security issues from outside attackers were identified.
Ensure trust in the team as they have some control in the ecosystem.
Date: June 18th, 2021

Combined External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Details: PolyYeld Token

Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  BEP20 (Context, IBEP20, Ownable)
    - [Pub]  #
    - [Ext] getOwner
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] maxSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _burnFrom #

 +  POLYYELD (BEP20)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

Details: MasterChef Staking

Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20 (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  ReentrancyGuard 
    - [Int]  #

 +  YeldToken (ERC20)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 + [Int] IReferral 
    - [Ext] recordReferral #
    - [Ext] getReferrer

 +  MasterChef (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] poolLength
    - [Ext] add #
       - modifiers: onlyOwner,nonDuplicated
    - [Ext] set #
       - modifiers: onlyOwner
    - [Pub] getMultiplier
    - [Ext] pendingYeld
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Pub] deposit #
       - modifiers: nonReentrant
    - [Pub] withdraw #
       - modifiers: nonReentrant
    - [Pub] emergencyWithdraw #
       - modifiers: nonReentrant
    - [Int] safeYeldTransfer #
    - [Ext] setDevAddress #
       - modifiers: onlyOwner
    - [Ext] setFeeAddress #
       - modifiers: onlyOwner
    - [Ext] updateEmissionRate #
       - modifiers: onlyOwner
    - [Ext] setReferralAddress #
       - modifiers: onlyOwner
    - [Ext] setReferralCommissionRate #
       - modifiers: onlyOwner
    - [Int] payReferralCommission #
    - [Pub] updateStartBlock #
       - modifiers: onlyOwner

Go Home