Slime V2 - Smart Contract Audit Report
Summary
Slime V2 is building a new yield farming platform on the Binance Smart Chain.
Update April 15th - The updated SlimeMasterChef contract is deployed to 0xc4bc80fa8349b1e4a3d848f0b2c8d4146403f515 on the Binance Smart Chain mainnet.
Notes on the Contracts:The initial supply of the token is zero. The can be minted by the owner or contracts with the minter role, granted by the owner. The token is designed to be minted only by the project's staking farms. The token is deflationary via a burn-on-transfer mechansim. The fees charged are dependant on the action being taken (buys vs. sells for example) and can be updated by the team. As of the date of this report, 15% of the supply is in the SlimeFactory contract. These tokens are mostly inaccesible, however, due to multiple bugs in the contract missed by TechRate. 15% of the token's supply is in the BNB and BUSD Pancakeswap pairs. ~98% of the liquidity is staked in the MasterChef contract. Users can stake various LP tokens into the SlimeMasterChef V3 contract in order to earn Slime tokens. There is a fee associated with making a deposit to the contract, set by the team. For users who used the older MasterChef contract which enountered an error, there will be no fee on their first deposit. While there is no fee on withdrawals, some fees are charged on a user's generated rewards. Users who refer others can also earn further tokens as a reward for their referral. The project team can add different types of tokens for staking, and can update the reward rates for each token at any time. The tean can update the fee rates at any time, but the overall fee cannot exceed 20%. The team can give contracts the ability to deposit (but not withdraw) on behalf of others. Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Date: April 14th, 2021
Combined External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: Slime Token V2
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
- [Int] min
- [Int] sqrt
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ BEP20 (Context, IBEP20, Ownable)
- [Pub] #
- [Ext] getOwner
- [Pub] name
- [Pub] decimals
- [Pub] symbol
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ [Int] DeflationController
- [Ext] checkDeflation
+ SlimeTokenV2 (BEP20)
- [Pub] #
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] mint #
- modifiers: onlyMinter
- [Pub] transfer #
- [Ext] setMinter #
- modifiers: onlyOwner
- [Ext] setDeflationController #
- modifiers: onlyOwner
- [Pub] transferFrom #
- [Ext] emergencyBEP20Drain #
- modifiers: onlyOwner
Details: SlimeMasterChef V2
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
- [Int] min
- [Int] sqrt
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Int] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ BEP20 (Context, IBEP20, Ownable)
- [Pub] #
- [Ext] getOwner
- [Pub] name
- [Pub] decimals
- [Pub] symbol
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ [Int] DeflationController
- [Ext] checkDeflation
+ SlimeTokenV2 (BEP20)
- [Pub] #
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] mint #
- modifiers: onlyMinter
- [Pub] transfer #
- [Ext] setMinter #
- modifiers: onlyOwner
- [Ext] setDeflationController #
- modifiers: onlyOwner
- [Pub] transferFrom #
- [Ext] emergencyBEP20Drain #
- modifiers: onlyOwner
+ ReentrancyGuard
+ [Int] SlimeFriends
- [Ext] setSlimeFriend #
- [Ext] getSlimeFriend
+ [Int] BuggyOldMasterChef
- [Ext] userInfo
+ IRewardDistributionRecipient (Ownable)
- [Ext] setRewardReferral #
- modifiers: onlyOwner
+ SlimeMasterChefV2 (IRewardDistributionRecipient, ReentrancyGuard)
- [Pub] #
- [Ext] add #
- modifiers: onlyOwner,nonDuplicated
- [Ext] set #
- modifiers: onlyOwner,validatePoolByPid
- [Pub] getMultiplier
- [Pub] isUserWhiteListed
- [Ext] pendingReward
- modifiers: validatePoolByPid
- [Pub] massUpdatePools #
- [Pub] updatePool #
- modifiers: validatePoolByPid
- [Int] internalUpdatePool #
- [Ext] massHarvestStake #
- modifiers: nonReentrant
- [Int] internalDeposit #
- [Ext] depositFor #
- modifiers: nonReentrant,validatePoolByPid
- [Pub] deposit #
- modifiers: nonReentrant,validatePoolByPid
- [Int] deflacionaryDeposit #
- [Int] deflacionaryHarvest #
- [Ext] withdraw #
- modifiers: nonReentrant,validatePoolByPid
- [Int] payRefFees #
- [Ext] emergencyWithdraw #
- modifiers: nonReentrant,validatePoolByPid
- [Ext] changeSlimiesPerBlock #
- modifiers: onlyOwner
- [Int] safeStransfer #
- [Ext] updateFees #
- modifiers: onlyOwner
- [Ext] updateAddresses #
- modifiers: onlyOwner
- [Ext] updateTrustedAddress #
- modifiers: onlyOwner
- [Ext] updateEnableWhitelistFee #
- modifiers: onlyOwner
- [Ext] updateWhitelistChefAddress #
- modifiers: onlyOwner
- [Ext] setStakePoolId #
- modifiers: onlyOwner
- [Pub] poolLength