StarSeed - Smart Contract Audit Report
StarSeed ($STAR) is building a new yield farming platform on Polygon.
We reviewed StarSeed's MasterChef staking contract at 0x5c72CB5F3cf810fed7434FA4e789C1E68e89889a on the Polygon mainnet.
Notes on the Contract:
- The initial total supply of the $STAR token has yet to be determined by the owner, however the owner can mint tokens at any time up to the maximum supply value that is set to 111,111 $STAR.
- Any user can burn their tokens to reduce the total supply.
- There is a 0.75% 'transfer fee' on all transactions for any address that participates in a transfer. The tokens collected through transfer fee gets sent directly to a wallet controlled by the team.
- Users can stake various LP tokens into the MasterChef contract in order to earn StarSeed tokens.
- There is a fee associated with making a deposit to the contract, set by the owner upon adding the pool. This fee is sent directly to a wallet controlled by the team.
- On both deposits and withdrawals, user's rewards will be calculated and sent to a reward locker contract. This reward locker contract was out of scope for the audit.
- On withdrawals, the user will receive the desired amount of LP tokens; this amount cannot be more than the amount the user has deposited.
- An emergencyWithdraw function exists so users can withdraw without collecting rewards.
- The owner has the ability to add different types of tokens for staking and update reward rates.
- The owner of the MasterChef contract can assign a different owner to the token contract at any time.
- Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
- The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.
Audit Findings Summary
- No external threats were identified.
- Please ensure trust in the team as they have substantial control in the ecosystem.
- Date: September 14th, 2021
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
MasterChef Contract - Details
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Int] IRewardLocker - [Ext] lock ($) - [Ext] lockWithStartBlock ($) - [Ext] vestCompletedSchedulesForMultipleTokens # - [Ext] vestScheduleForMultipleTokensAtIndices # - [Ext] vestCompletedSchedules # - [Ext] vestScheduleAtIndices # - [Ext] vestSchedulesInRange # - [Ext] numVestingSchedules - [Ext] getVestingScheduleAtIndex - [Ext] getVestingSchedules + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Int]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + ERC20 (Context, IERC20) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _setupDecimals # - [Int] _beforeTokenTransfer # + ERC20Burnable (Context, ERC20) - [Pub] burn # - [Pub] burnFrom # + StarToken (ERC20, ERC20Burnable, Ownable) - [Pub] transfer # - [Pub] transferFrom # - [Int] _transferFee # - [Ext] mint # - modifiers: onlyOwner + ReentrancyGuard - [Int] # + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + [Lib] SafeERC20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + MasterChefv2 (Ownable, ReentrancyGuard) - [Pub] # - [Ext] poolLength - [Ext] add # - modifiers: onlyOwner,nonDuplicated - [Ext] set # - modifiers: onlyOwner - [Pub] getMultiplier - [Ext] pendingStar - [Pub] massUpdatePools # - [Pub] updatePool # - [Ext] deposit # - modifiers: nonReentrant - [Ext] withdraw # - modifiers: nonReentrant - [Ext] emergencyWithdraw # - modifiers: nonReentrant - [Int] _updateUserReward # - [Ext] harvest # - modifiers: nonReentrant - [Ext] harvestMultiple # - modifiers: nonReentrant - [Ext] harvestAll # - modifiers: nonReentrant - [Int] _lockReward # - [Ext] setDevAddress # - modifiers: onlyOwner - [Ext] updateEmissionRate # - modifiers: onlyOwner - [Ext] setStarTransferOwner # - [Ext] transferStarOwnership #