Slime V2 - Audit Report

Summary

Slime Finance Audit Report Slime V2 is building a new yield farming platform on the Binance Smart Chain.

For this audit, we analyzed the project's Slime Token (V2) and their SlimeMasterChef (V3) staking contract. We reviewed the team's code at commit b23da360f75112a6d99f12dffd9d76fa3f19bdf9 and later at commit 82cfa2490a9cba045854e367605516c4f32540a9.
Update April 15th - The updated SlimeMasterChef contract is deployed to 0xc4bc80fa8349b1e4a3d848f0b2c8d4146403f515 on the Binance Smart Chain mainnet.

Notes on the Contracts:
  • The initial supply of the token is zero.
  • The can be minted by the owner or contracts with the minter role, granted by the owner.
  • The token is designed to be minted only by the project's staking farms.
  • The token is deflationary via a burn-on-transfer mechansim. The fees charged are dependant on the action being taken (buys vs. sells for example) and can be updated by the team.
  • As of the date of this report, 15% of the supply is in the SlimeFactory contract. These tokens are mostly inaccesible, however, due to multiple bugs in the contract missed by TechRate.
  • 15% of the token's supply is in the BNB and BUSD Pancakeswap pairs. ~98% of the liquidity is staked in the MasterChef contract.

  • Users can stake various LP tokens into the SlimeMasterChef V3 contract in order to earn Slime tokens.
  • There is a fee associated with making a deposit to the contract, set by the team.
  • For users who used the older MasterChef contract which enountered an error, there will be no fee on their first deposit.
  • While there is no fee on withdrawals, some fees are charged on a user's generated rewards.
  • Users who refer others can also earn further tokens as a reward for their referral.
  • The project team can add different types of tokens for staking, and can update the reward rates for each token at any time.
  • The tean can update the fee rates at any time, but the overall fee cannot exceed 20%.
  • The team can give contracts the ability to deposit (but not withdraw) on behalf of others.
  • Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have substantial control in the ecosystem.
    • Date: April 14th, 2021

    Combined External Threat Results

    Vulnerability Category Notes Result
    Arbitrary Storage Write N/A PASS
    Arbitrary Jump N/A PASS
    Delegate Call to Untrusted Contract N/A PASS
    Dependence on Predictable Variables N/A PASS
    Deprecated Opcodes N/A PASS
    Ether Thief N/A PASS
    Exceptions N/A PASS
    External Calls N/A PASS
    Integer Over/Underflow N/A PASS
    Multiple Sends N/A PASS
    Suicide N/A PASS
    State Change External Calls N/A PASS
    Unchecked Retval N/A PASS
    User Supplied Assertion N/A PASS
    Critical Solidity Compiler N/A PASS
    Overall Contract Safety   PASS


    Details: Slime Token V2


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
        - [Int] min
        - [Int] sqrt
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     +  BEP20 (Context, IBEP20, Ownable)
        - [Pub]  #
        - [Ext] getOwner
        - [Pub] name
        - [Pub] decimals
        - [Pub] symbol
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _burnFrom #
    
     + [Int] DeflationController 
        - [Ext] checkDeflation
    
     +  SlimeTokenV2 (BEP20)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Pub] mint #
           - modifiers: onlyMinter
        - [Pub] transfer #
        - [Ext] setMinter #
           - modifiers: onlyOwner
        - [Ext] setDeflationController #
           - modifiers: onlyOwner
        - [Pub] transferFrom #
        - [Ext] emergencyBEP20Drain #
           - modifiers: onlyOwner
    							


    Details: SlimeMasterChef V2


    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
        - [Int] min
        - [Int] sqrt
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     + [Lib] SafeBEP20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     +  Context 
        - [Int]  #
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     +  BEP20 (Context, IBEP20, Ownable)
        - [Pub]  #
        - [Ext] getOwner
        - [Pub] name
        - [Pub] decimals
        - [Pub] symbol
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _burnFrom #
    
     + [Int] DeflationController 
        - [Ext] checkDeflation
    
     +  SlimeTokenV2 (BEP20)
        - [Pub]  #
        - [Pub] mint #
           - modifiers: onlyOwner
        - [Pub] mint #
           - modifiers: onlyMinter
        - [Pub] transfer #
        - [Ext] setMinter #
           - modifiers: onlyOwner
        - [Ext] setDeflationController #
           - modifiers: onlyOwner
        - [Pub] transferFrom #
        - [Ext] emergencyBEP20Drain #
           - modifiers: onlyOwner
    
     +  ReentrancyGuard 
    
     + [Int] SlimeFriends 
        - [Ext] setSlimeFriend #
        - [Ext] getSlimeFriend
    
     + [Int] BuggyOldMasterChef 
        - [Ext] userInfo
    
     +  IRewardDistributionRecipient (Ownable)
        - [Ext] setRewardReferral #
           - modifiers: onlyOwner
    
     +  SlimeMasterChefV2 (IRewardDistributionRecipient, ReentrancyGuard)
        - [Pub]  #
        - [Ext] add #
           - modifiers: onlyOwner,nonDuplicated
        - [Ext] set #
           - modifiers: onlyOwner,validatePoolByPid
        - [Pub] getMultiplier
        - [Pub] isUserWhiteListed
        - [Ext] pendingReward
           - modifiers: validatePoolByPid
        - [Pub] massUpdatePools #
        - [Pub] updatePool #
           - modifiers: validatePoolByPid
        - [Int] internalUpdatePool #
        - [Ext] massHarvestStake #
           - modifiers: nonReentrant
        - [Int] internalDeposit #
        - [Ext] depositFor #
           - modifiers: nonReentrant,validatePoolByPid
        - [Pub] deposit #
           - modifiers: nonReentrant,validatePoolByPid
        - [Int] deflacionaryDeposit #
        - [Int] deflacionaryHarvest #
        - [Ext] withdraw #
           - modifiers: nonReentrant,validatePoolByPid
        - [Int] payRefFees #
        - [Ext] emergencyWithdraw #
           - modifiers: nonReentrant,validatePoolByPid
        - [Ext] changeSlimiesPerBlock #
           - modifiers: onlyOwner
        - [Int] safeStransfer #
        - [Ext] updateFees #
           - modifiers: onlyOwner
        - [Ext] updateAddresses #
           - modifiers: onlyOwner
        - [Ext] updateTrustedAddress #
           - modifiers: onlyOwner
        - [Ext] updateEnableWhitelistFee #
           - modifiers: onlyOwner
        - [Ext] updateWhitelistChefAddress #
           - modifiers: onlyOwner
        - [Ext] setStakePoolId #
           - modifiers: onlyOwner
        - [Pub] poolLength