| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Rocket Vault - Smart Contract Audit Report
Summary
Rocket Vault intends to offer its users different vaults to deposit their funds, in return they will receive rewards in stable coins..
We previously reviewed Rocket Vault's token contract in December 2020. They have since launched a new token to work with Ferrum, prompting this updated report.
We reviewed the Rocket Vault Finance token contract at 0xdc8af07a7861bedd104b8093ae3e9376fc8596d2 on the Ethereum Mainnet.
Notes of the token contract:Audit Findings:
- The total supply of Rocket Vault is intended to be 100,000,000 RVF.
- The token cannot be minted after deployment, though tokens can be burned.
- As of the date of this report, the team holds 100% of the token's supply.
- The transfer function includes logic to integrate with Ferrum's Anti-Bot service.
- This means that the Ferrum team has the ability to blacklist any address at any time, preventing them from transfering their tokens.
- The team can update the address of the 'locker' contract which holds this blacklisting logic at any time.
- The team can also recover any ERC20 tokens erroneously sent to the contract.
- No other ownership-restricted functions are present.
- The contract uses SafeMath libraries and conforms with the ERC20 standard.
- No security vulnerabilities from external actors were identified.
- Usage of the contract requires trust in the Ferrum team as they can blacklist addresses at any time.
- Note: The team at SourceHat hasnot audited the RVF Vault or any other contracts.
- Date: April 10th, 2021
($) = payable function
# = non-constant function + Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ ERC20Burnable (Context, ERC20)
- [Pub] burn #
- [Pub] burnFrom #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] ILocker
- [Ext] lockOrGetPenalty #
+ RocketVault (ERC20Burnable, Ownable)
- [Pub] #
- modifiers: ERC20
- [Pub] burn #
- modifiers: onlyOwner
- [Ext] setLocker #
- modifiers: onlyOwner
- [Pub] burnFrom #
- modifiers: onlyOwner
- [Pub] transferAnyERC20Token #
- modifiers: onlyOwner
- [Int] _transfer #