Rocket Vault - Smart Contract Audit Report

Summary

Rocket Vault Finance Audit Report Rocket Vault intends to offer its users different vaults to deposit their funds, in return they will receive rewards in stable coins..

We previously reviewed Rocket Vault's token contract in December 2020. They have since launched a new token to work with Ferrum, prompting this updated report.

We reviewed the Rocket Vault Finance token contract at 0xdc8af07a7861bedd104b8093ae3e9376fc8596d2 on the Ethereum Mainnet.

Notes of the token contract:
  • The total supply of Rocket Vault is intended to be 100,000,000 RVF.
  • The token cannot be minted after deployment, though tokens can be burned.
  • As of the date of this report, the team holds 100% of the token's supply.
  • The transfer function includes logic to integrate with Ferrum's Anti-Bot service.
  • This means that the Ferrum team has the ability to blacklist any address at any time, preventing them from transfering their tokens.
  • The team can update the address of the 'locker' contract which holds this blacklisting logic at any time.
  • The team can also recover any ERC20 tokens erroneously sent to the contract.
  • No other ownership-restricted functions are present.

  • The contract uses SafeMath libraries and conforms with the ERC20 standard.
Audit Findings:
  • No security vulnerabilities from external actors were identified.
  • Usage of the contract requires trust in the Ferrum team as they can blacklist addresses at any time.
  • Note: The team at Solidity Finance has not audited the RVF Vault or any other contracts.
  • Date: April 10th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

ERC20 Token Graph

Multi-file Token

                                     
    
($) = payable function
 # = non-constant function +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  ERC20Burnable (Context, ERC20)
    - [Pub] burn #
    - [Pub] burnFrom #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] ILocker 
    - [Ext] lockOrGetPenalty #

 +  RocketVault (ERC20Burnable, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] burn #
       - modifiers: onlyOwner
    - [Ext] setLocker #
       - modifiers: onlyOwner
    - [Pub] burnFrom #
       - modifiers: onlyOwner
    - [Pub] transferAnyERC20Token #
       - modifiers: onlyOwner
    - [Int] _transfer #