Royal Protocol - Smart Contract Audit Report


Royal Protocol Audit Report Royal Protocol is building a new LP game where users can stake their own tokens in order to earn rewards.

For this audit, we analyzed Royal Protocol's contract that was provided to us by the team.
We previously reviewed the project team's $Groy token here.

Notes on the Contract:
  • Users can enter the LP game by depositing the project's assigned "LP" token into the contract. Users may then be eligible for rewards in the project's native $Groy token or LP token. The LP and $Groy token addresses will be set by the owner upon depyloyment.
  • There is a 5% fee charged when depositing or withdrawing the LP token from the contract. The tokens collected from the fees are directed to the team.
  • There is no way to automatically accumulate and receive rewards within the contract.
  • The owner must manually distribute $Groy or LP tokens to specific user's addresses in order for them to be eligible for rewards. Users who have had rewards distributed to them can manually claim them via the withdraw() and withdrawGroy() functions.
  • The withdraw() function sends an amount of the LP tokens specified by the user, while the withdrawGroy() function sends all of the claimable $Groy rewards.

  • The owner can manually end the game at any time. When the game is ended the owner can withdraw any tokens collected from taxes or any remaining rewards tokens that are in the contract balance.
  • Also, when the game is ended, the owner has the ability to update the withdraw fee to 2.5%.
  • The owner can pause the contract at any time. When paused, users will not be able to make deposits to the contract or claim any rewards.
  • The owner can update the $Groy token address to any address at any time.
  • As the project is implemented with Solidity v0.8.x, it is protected from overflows.

Audit Findings Summary:
  • No external threats were identified.
  • Please ensure trust in the team as they have substantial control in the ecosystem.
  • Further ensure trust as token rewards must be manually distributed by the team.
  • Date: October 29th, 2021

Combined External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Details: Royal Protocol- Contract

Smart Contract Graph

Smart Contract Inheritance

 ($) = payable function
 # = non-constant function
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  LP 
    - [Pub]  #
    - [Ext] deposit #
       - modifiers: paused
    - [Ext] withdraw #
       - modifiers: paused
    - [Ext] withdrawGroy #
       - modifiers: paused
    - [Ext] endGame #
       - modifiers: onlyOwner
    - [Ext] withdrawGroyAdmin #
       - modifiers: onlyOwner,ended
    - [Ext] withdrawLpAdmin #
       - modifiers: onlyOwner,ended
    - [Ext] updateGroyToken #
       - modifiers: onlyOwner,paused
    - [Ext] updateWithdrawTax #
       - modifiers: onlyOwner,ended
    - [Ext] balanceOf
    - [Ext] distributeLpRewards #
       - modifiers: onlyOwner
    - [Ext] distributeGroyRewards #
       - modifiers: onlyOwner
    - [Ext] activateTheOmegaThirteen #
       - modifiers: onlyOwner
    - [Pub] percentageOfPool