Retro DeFi Token & Farm - Smart Contract Audit Report
Summary
Retro DeFi intends to build a yield aggregator on the Binance Smart Chain.
For this audit we reviewed the project's Native Farm contract and QBERT (Native) Token contract. We reviewed the contracts at commit 1d9fd8b4bddfa6a5f2b79b807e9cc36ce9c11ee7 and again at commit 6fe987343d82138451c30357bc773e68844411c3 on GitHub. Please note we have not reviewed the project's strategy contracts.
Notes of the Contracts:Audit Findings Summary
- The total supply of the token is set to 850,000.
- The owner has the ability to mint tokens at any time.
- The owner of the token is intended to be the farm contract for the provision of rewards.
- The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.
- Users can stake various tokens into the Farm contract in order to earn QBERT token rewards.
- There are no fees associated with making a deposit to or withdrawing from the contract.
- User's tokens will be forwarded to Strategy contracts created by the team to earn yield.
- Users must trust the team's Strategy implementations as those contracts will hold their funds. We have not reviewed the Strategy contracts at this time, though it's interface hints that the team can remove any tokens from the strategies.
- Rewards are generated via minting of the QBERT token. Rewards are expected to end in the beginning of August.
- An emergency withdraw function is present, allowing users to withdraw their tokens while ignoring rewards in case of an issue.
- The project team can add different types of tokens for staking, and can update the reward rates for each token.
- Utilization of SafeMath (or similarily safe functions) to prevent overflow issues.
- No issues from external attackers were identified.
- Ensure trust in the team as they can remove users' tokens from the Farm contract at any time, and can update reward rates.
- Further, ensure trust in the team's Strategy implementations as they will hold users' funds. We have not reviewed those contracts.
- Date: May 17th, 2021.
- UpdateDate: May 20th, 2021 - Removal of unneeded function.
External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Details: Native Token Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ QBERT (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Pub] mint #
- modifiers: onlyOwner
Details: Native Farm Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ReentrancyGuard
- [Int] #
+ NATIVEToken (ERC20)
- [Pub] mint #
+ [Int] IStrategy
- [Ext] wantLockedTotal
- [Ext] sharesTotal
- [Ext] earn #
- [Ext] deposit #
- [Ext] withdraw #
- [Ext] inCaseTokensGetStuck #
+ NativeFarm (Ownable, ReentrancyGuard)
- [Ext] poolLength
- [Pub] add #
- modifiers: onlyOwner
- [Pub] set #
- modifiers: onlyOwner
- [Pub] getMultiplier
- [Ext] pendingNATIVE
- [Ext] stakedWantTokens
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Pub] deposit #
- modifiers: nonReentrant
- [Pub] withdraw #
- modifiers: nonReentrant
- [Pub] withdrawAll #
- modifiers: nonReentrant
- [Pub] emergencyWithdraw #
- modifiers: nonReentrant
- [Int] safeNATIVETransfer #
- [Pub] inCaseTokensGetStuck #
- modifiers: onlyOwner