ReaperFarm Token & Farm - Smart Contract Audit Report

Summary

TAO Audit Report ReaperFarm intends to build a yield aggregator on Fantom's Opera network.

For this audit we reviewed the project's Vault contract Auto-Compounding contract, and Treasury contract. We reviewed the contracts at commit 4b2af85b83f17984cf43b7d7ef51e0b25a57b339 on Github.

Notes of the Contracts:
  • Users can stake various tokens into the Vault contract in order to earn rewards in the project's native token.
  • User's deposited tokens will be forwarded to Strategy contract to earn yield while the user earns rewards.
  • There are a 0.1% fee associated with making a deposit to or withdrawing from the contract.
  • Funds held in the Strategy contract will then be forwarded for deposit into Pancakeswap farms for yield.
  • Yield from deposits will be denominated in the deposit asset and is additional to a user's earned native token rewards.
  • 4.5% of yield earned will be provided to the project's Treasury vault.
  • The team will have access to the funds deposited into the treasury vault.
  • The owner has the ability to pause deposits into the contract; withdrawal cannot be paused.
  • The owner can initiate an upgrade of the strategy in use by the vault at any time. The delay to upgrade to a new strategy is set by the team upon deployment.
  • In addition, the owner can update fees up to a maximum of 5%.
  • The owner can also recover tokens erroneously sent to the contract. Staken tokens cannot be moved.
  • Some functions could be declared external instead of public, and some variables could be set constant.
  • ReentrancyGuard is used in relevant locations to prevent reentrancy attacks.
  • Utilization of SafeMath (or similarily safe functions) to prevent overflow issues.
Audit Findings Summary
  • No issues from external attackers were identified.
  • Ensure trust in the team as they have some control in the ecosystem.
  • Date: May 28th, 2021.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS


Details: ReaperFarm Vault Contract


ERC20 Token Graph

Multi-file Token


($) = payable function
# = non-constant function

Int = Internal
Ext = External
Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  ReentrancyGuard 
    - [Int]  #

 + [Int] IStrategy 
    - [Ext] deposit #
    - [Ext] withdraw #
    - [Ext] balanceOf
    - [Ext] harvest #
    - [Ext] retireStrat #
    - [Ext] panic #
    - [Ext] pause #
    - [Ext] unpause #
    - [Ext] updateTotalFee #
    - [Ext] updateCallFee #
    - [Ext] updateTreasuryFee #

 +  ReaperVault (ERC20, Ownable, ReentrancyGuard)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] initialize #
       - modifiers: onlyOwner
    - [Pub] agreeToTerms #
    - [Pub] balance
    - [Pub] available
    - [Pub] getPricePerFullShare
    - [Ext] depositAll #
    - [Pub] deposit #
       - modifiers: nonReentrant
    - [Pub] earn #
    - [Ext] withdrawAll #
    - [Pub] withdraw #
       - modifiers: nonReentrant
    - [Pub] proposeStrat #
       - modifiers: onlyOwner
    - [Pub] upgradeStrat #
       - modifiers: onlyOwner
    - [Int] incrementDeposits #
    - [Int] incrementWithdrawals #
    - [Ext] inCaseTokensGetStuck #
       - modifiers: onlyOwner


Details: ReaperFarm AutoCompound Contract


ERC20 Token Graph

Multi-file Token


($) = payable function
# = non-constant function

Int = Internal
Ext = External
Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Pausable (Context)
    - [Int]  #
    - [Pub] paused
    - [Int] _pause #
       - modifiers: whenNotPaused
    - [Int] _unpause #
       - modifiers: whenPaused

 + [Int] IUniswapRouterETH 
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapExactTokensForETH #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #

 + [Int] IUniswapV2Pair 
    - [Ext] token0
    - [Ext] token1

 + [Int] IMasterChef 
    - [Ext] poolLength
    - [Ext] setBooPerSecond #
    - [Ext] getMultiplier
    - [Ext] pendingBOO
    - [Ext] massUpdatePools #
    - [Ext] updatePool #
    - [Ext] deposit #
    - [Ext] withdraw #
    - [Ext] userInfo
    - [Ext] emergencyWithdraw #

 +  ReaperAutoCompoundBoo (Ownable, Pausable)
    - [Pub]  #
    - [Pub] deposit #
       - modifiers: whenNotPaused
    - [Ext] withdraw #
    - [Ext] harvest #
       - modifiers: whenNotPaused
    - [Int] chargeFees #
    - [Int] addLiquidity #
    - [Pub] balanceOf
    - [Pub] balanceOfLpPair
    - [Pub] balanceOfPool
    - [Ext] retireStrat #
    - [Pub] panic #
       - modifiers: onlyOwner
    - [Pub] pause #
       - modifiers: onlyOwner
    - [Ext] unpause #
       - modifiers: onlyOwner
    - [Int] giveAllowances #
    - [Int] removeAllowances #
    - [Ext] updateTotalFee #
       - modifiers: onlyOwner
    - [Ext] updateCallFee #
       - modifiers: onlyOwner
    - [Ext] updateTreasury #
       - modifiers: onlyOwner


Details: ReaperFarm Treasury Contract


ERC20 Token Graph

Multi-file Token


($) = payable function
# = non-constant function

Int = Internal
Ext = External
Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  ReaperTreasury (Ownable)
    - [Pub] viewWithdrawal
    - [Pub] markReviewed #
    - [Ext] withdrawTokens #
       - modifiers: onlyOwner
    - [Ext] withdrawFTM #
       - modifiers: onlyOwner
    - [Pub] setAccountant #
       - modifiers: onlyOwner
    - [Ext]  ($)