SOAR - Smart Contract Audit Report

Summary

SOAR Liquidity Migrator SOAR is a decentralized framework for liquidity control and a liquidity bootstrapping protocol.

We reviewed SOAR DEX and Liquidity Migrator contracts using code provided to us by the team. That code, in flattened form, is available below. Please note we have not reviewed SOAR's other contracts; though the project's main token contract has been reviewed by the reputable audit firm, Hacken.
This audit has also been updated to include our analysis on the SOAR token for the Binance Smart Chain.

Notes on the SoarSwap DEX:
  • The SoarSwap DEX is based on the battle-tested Uniswap codebase.
  • The Factory contract will allow users to create liquidity pairs for any token, thereby enabling trading on the platform.
  • The Router contract routes orders to the user-determined pair contract to swap assets.
  • The liquidity provider fee for token swaps is 0.3% of the value transacted.
  • When dealing with tokens that have a fee-on-transfer, the estimated output does not properly subtract the fee. As a result, users of fee-on-transfer tokens must set a slippage percentage prior to executing trades.

  • Notes on the Liquidity Migrator:
  • The purpose of the Liquidity Migrator contract is to migrate liquidity provided on Uniswap for other projects to provide liquidity for SOAR.
  • LP tokens representing liquidity in other projects can be used by this contract to migrate those funds to provide liquidity for SOAR.
  • When a user sends their LP tokens to this contract using the migrate() function, their liquidity will be withdrawn in the form of the project token liquidity was provided for, and ETH.
  • If the prior project tokens can be sold for more than the MIN_ETH value of 0.5 ETH at 15% slippage, then they will be sold and that ETH added to the contract's balance. If it is not profitable, they will be returned to the function caller.
  • Half of the ETH from this process will then be used to purchase SOAR tokens; and the combination of the remaining ETH and SOAR will be added to the SOAR liquidity pool.
  • Finally, the SOAR LP tokens created as a result of this process will be delivered to the caller.
  • Users can provide a slippage amount in order to ensure that fee-on-transfer tokens can be migrated.
  • The contract utilizes SafeMath and SafeERC20 to prevent overflow issues and ensure safe transfers.

  • It is important to note that the liquidity migrator will only work with LP tokens that provide for ETH as one of the liquidity pair components.
  • Large migrations of liquidity may have a negative price impact, though the amount of liquidity available will increase.
  • No ownership-restricted functions are present.
  • The team has worked with us to improve the user experience of this contract.

  • Notes on the BSC Token Contract: (Added May 3)
  • The initial supply of the token is 0.
  • The token is designed to be minted by the Soar bridge, brining SOAR tokens from the Ethereum mainnet, to the Binance Smart Chian mainnet.
  • Tokens can also be burned by the bridge to bring tokens back to Ethereum from BSC.
  • The functions to mint tokens to and burn tokens from any address are only allowed to be called by the owner.
  • The owner of the contract is designed to be an address controlled by off-chain bridge logic.
  • The contract utilizes Solidity 0.8.* which has built-in overflow checks, removing the need for SafeMath.
  • Ensure trust in the team as they will host the off-chain bridge logic.


  • Audit Findings Summary
    • No issues from external attackers were identified.
    • Date: March 13th, 2021
    • Update Date: March 17th, 2021 - Add analysis on SoarSwap Factory & Router. Incorporate updates to Liquidity Migration contract.
    • Update Date: May 3rd, 2021 - Add analysis on Soar's token to be deployed on BSC.

    External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    SoarSwap Factory Contract - Details

    Contract Graph

    Multi-file Token

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     + [Int] ISoarSwapFactory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Int] ISoarSwapPair 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
        - [Ext] MINIMUM_LIQUIDITY
        - [Ext] factory
        - [Ext] token0
        - [Ext] token1
        - [Ext] getReserves
        - [Ext] price0CumulativeLast
        - [Ext] price1CumulativeLast
        - [Ext] kLast
        - [Ext] mint #
        - [Ext] burn #
        - [Ext] swap #
        - [Ext] skim #
        - [Ext] sync #
        - [Ext] initialize #
    
     + [Int] ISoarSwapERC20 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
    
     + [Int] IERC20 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
    
     + [Int] ISoarSwapCallee 
        - [Ext] SoarSwapCall #
    
     +  SoarSwapERC20 (ISoarSwapERC20)
        - [Pub]  #
        - [Int] _mint #
        - [Int] _burn #
        - [Prv] _approve #
        - [Prv] _transfer #
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] permit #
    
     +  SoarSwapPair (ISoarSwapPair, SoarSwapERC20)
        - [Pub] getReserves
        - [Prv] _safeTransfer #
        - [Pub]  #
        - [Ext] initialize #
        - [Prv] _update #
        - [Prv] _mintFee #
        - [Ext] mint #
           - modifiers: lock
        - [Ext] burn #
           - modifiers: lock
        - [Ext] swap #
           - modifiers: lock
        - [Ext] skim #
           - modifiers: lock
        - [Ext] sync #
           - modifiers: lock
    
     +  SoarSwapFactory (ISoarSwapFactory)
        - [Pub]  #
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] mul
    
     + [Lib] Math 
        - [Int] min
        - [Int] sqrt
    
     + [Lib] UQ112x112 
        - [Int] encode
        - [Int] uqdiv
      
    							


    SoarSwap Router Contract - Details

    Contract Graph

    Multi-file Token

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
     + [Int] ISoarSwapFactory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Int] ISoarSwapPair 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
        - [Ext] MINIMUM_LIQUIDITY
        - [Ext] factory
        - [Ext] token0
        - [Ext] token1
        - [Ext] getReserves
        - [Ext] price0CumulativeLast
        - [Ext] price1CumulativeLast
        - [Ext] kLast
        - [Ext] mint #
        - [Ext] burn #
        - [Ext] swap #
        - [Ext] skim #
        - [Ext] sync #
        - [Ext] initialize #
    
     + [Int] ISoarSwapRouter01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
    
     + [Int] ISoarSwapRouter02 (ISoarSwapRouter01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     + [Int] IERC20 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
    
     + [Int] IWETH 
        - [Ext] deposit ($)
        - [Ext] transfer #
        - [Ext] withdraw #
    
     +  SoarSwapRouter02 (ISoarSwapRouter02)
        - [Pub]  #
        - [Ext]  ($)
        - [Int] _addLiquidity #
        - [Ext] addLiquidity #
           - modifiers: ensure
        - [Ext] addLiquidityETH ($)
           - modifiers: ensure
        - [Pub] removeLiquidity #
           - modifiers: ensure
        - [Pub] removeLiquidityETH #
           - modifiers: ensure
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Pub] removeLiquidityETHSupportingFeeOnTransferTokens #
           - modifiers: ensure
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Int] _swap #
        - [Ext] swapExactTokensForTokens #
           - modifiers: ensure
        - [Ext] swapTokensForExactTokens #
           - modifiers: ensure
        - [Ext] swapExactETHForTokens ($)
           - modifiers: ensure
        - [Ext] swapTokensForExactETH #
           - modifiers: ensure
        - [Ext] swapExactTokensForETH #
           - modifiers: ensure
        - [Ext] swapETHForExactTokens ($)
           - modifiers: ensure
        - [Int] _swapSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
           - modifiers: ensure
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
           - modifiers: ensure
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
           - modifiers: ensure
        - [Pub] quote
        - [Pub] getAmountOut
        - [Pub] getAmountIn
        - [Pub] getAmountsOut
        - [Pub] getAmountsIn
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] mul
    
     + [Lib] SoarSwapLibrary 
        - [Int] sortTokens
        - [Int] pairFor
        - [Int] getReserves
        - [Int] quote
        - [Int] getAmountOut
        - [Int] getAmountIn
        - [Int] getAmountsOut
        - [Int] getAmountsIn
    
     + [Lib] TransferHelper 
        - [Int] safeApprove #
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeTransferETH #
    	   
    							


    SoarSwap Liquidity Migration Contract - Details

    Contract Graph

    Multi-file Token

    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
     
    PENDING