Royal Protocol - Smart Contract Audit Report
Royal Protocol is building a new LP game where users can stake their own tokens in order to earn rewards.For this audit, we analyzed Royal Protocol's contract that was provided to us by the team.
We previously reviewed the project team's $Groy token here.
Notes on the Contract:
Users can enter the LP game by depositing the project's assigned "LP" token into the contract. Users may then be eligible for rewards in the project's native $Groy token or LP token. The LP and $Groy token addresses will be set by the owner upon depyloyment. There is a 5% fee charged when depositing or withdrawing the LP token from the contract. The tokens collected from the fees are directed to the team. There is no way to automatically accumulate and receive rewards within the contract. The owner must manually distribute $Groy or LP tokens to specific user's addresses in order for them to be eligible for rewards. Users who have had rewards distributed to them can manually claim them via the withdraw() and withdrawGroy() functions. The withdraw() function sends an amount of the LP tokens specified by the user, while the withdrawGroy() function sends all of the claimable $Groy rewards. The owner can manually end the game at any time. When the game is ended the owner can withdraw any tokens collected from taxes or any remaining rewards tokens that are in the contract balance. Also, when the game is ended, the owner has the ability to update the withdraw fee to 2.5%. The owner can pause the contract at any time. When paused, users will not be able to make deposits to the contract or claim any rewards. The owner can update the $Groy token address to any address at any time. As the project is implemented with Solidity v0.8.x, it is protected from overflows.
Audit Findings Summary:
- No external threats were identified.
- Please ensure trust in the team as they have substantial control in the ecosystem.
- Further ensure trust as token rewards must be manually distributed by the team.
- Date: October 29th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
Details: Royal Protocol- Contract
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + LP - [Pub]
# - [Ext] deposit # - modifiers: paused - [Ext] withdraw # - modifiers: paused - [Ext] withdrawGroy # - modifiers: paused - [Ext] endGame # - modifiers: onlyOwner - [Ext] withdrawGroyAdmin # - modifiers: onlyOwner,ended - [Ext] withdrawLpAdmin # - modifiers: onlyOwner,ended - [Ext] updateGroyToken # - modifiers: onlyOwner,paused - [Ext] updateWithdrawTax # - modifiers: onlyOwner,ended - [Ext] balanceOf - [Ext] distributeLpRewards # - modifiers: onlyOwner - [Ext] distributeGroyRewards # - modifiers: onlyOwner - [Ext] activateTheOmegaThirteen # - modifiers: onlyOwner - [Pub] percentageOfPool