Sugar Bounce MasterChef - Smart Contract Audit Report
Audit Summary
Sugar Bounce is building a new MasterChef staking contract for users to deposit tokens and earn yield.
For this audit, we reviewed the project team's SBMasterChef and Rewarder contracts at commit 9feb77d75953b64628a473610e77906481c85a5b on the team's private GitHub repository.
We previously reviewed the project team's staking contract here.
Audit Findings
Please ensure trust in the team prior to investing as they have some control in the ecosystem.
Date: February 21st, 2022.
Contracts Overview
- The SBMasterChef contract allows users to stake tokens in order to earn rewards in the form of a designated reward token until the reward tokens are depleted.
- Users can deposit a specified token into the corresponding staking pool when the contract's reward start time is reached.
- On deposits and withdrawals, pending rewards are harvested and transferred from the Rewarder contract to the user.
- Users' rewards are dependent on their amount staked and the pool's reward per share amount.
- The reward per share amount is calculated using the contract's block reward rate and the pool's allocation point percentage.
- The user can trigger an emergency withdrawal, which will transfer all the user's deposited tokens to their wallet address, without calculating rewards.
- The owner can add new staking pools at any time.
- The owner can change the block reward rate to any value at any time.
- The owner can change all pools' allocation points at any time.
- The owner can change the Rewarder address at any time.
- The owner can withdraw any tokens in the Rewarder contract at any time.
- The SBMasterChef contract utilizes logic to protect against re-entrancy attacks in applicable functions.
- The team must be careful not to add the same token twice and must exercise caution when adding tokens to avoid fee-on-transfer (unless the proper exemptions are made).
- As the contracts are implemented using Solidity v0.8.x, they are safe from any possible overflow/underflow attacks.
External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS | Centralization of Control | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Logical Issues | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
SBMasterChef Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ReentrancyGuard
- [Pub] #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IRewarder
- [Ext] onSBReward #
+ [Lib] TransferHelper
- [Int] safeTransfer #
- [Int] safeTransferFrom #
+ SBMasterChef (Ownable, ReentrancyGuard)
- [Pub] #
- [Ext] poolLength
- [Ext] setRewarder #
- modifiers: onlyOwner
- [Ext] setSBPerBlock #
- modifiers: onlyOwner
- [Ext] add #
- modifiers: onlyOwner,nonReentrant
- [Ext] set #
- modifiers: onlyOwner
- [Ext] pendingRewards
- [Ext] updatePool #
- modifiers: nonReentrant
- [Prv] _updatePool #
- [Ext] deposit #
- modifiers: nonReentrant
- [Ext] withdraw #
- modifiers: nonReentrant
- [Prv] harvest #
- [Ext] emergencyWithdraw #
- modifiers: nonReentrant
Rewarder Contract
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IRewarder
- [Ext] onSBReward #
+ [Lib] TransferHelper
- [Int] safeTransfer #
- [Int] safeTransferFrom #
+ Rewarder (IRewarder, Ownable)
- [Pub] #
- [Ext] onSBReward #
- modifiers: onlyMasterChef
- [Ext] withdrawAsset #
- modifiers: onlyOwner