Sugar Bounce Staking - Smart Contract Audit Report


Sugar Bounce Staking is a new yield farming contract that pays rewards to stakers in Sugar Bounce tokens.

For this audit, we reviewed the SugarBounceStaking Contract provided to us by the team.

Notes on the SugarBounceStaking Contract:
  • This contract allows users to stake Sugar Bounce tokens in exchange for rewards in additional Sugar Bounce tokens.
  • Users will receive a reward amount on each block based on the amount staked and the percentage of total points allocated to the pool.
  • Pending rewards must be manually collected by the user.
  • There are 3 total pools users can deposit into, with a different lock duration per pool.
  • Users may not withdraw from the pool until the lock time since their most recent deposit, withdrawal, or rewards claim has passed.
  • The user can trigger an emergency withdraw, which will transfer all the user's deposited tokens to their wallet address, without calculating rewards.
  • If an emergency withdraw is done before the lock duration, a fee is taken from the deposited tokens.
  • Sugar Bounce tokens must be supplied to the contract to be distributed as rewards.
  • If there are not enough Sugar Bounce tokens in the contract for rewards, rewards will be funded with users' staked funds.
  • The owner must initialize the pools and enable staking before rewards can be earned.
  • The owner may update the rewards emission rate at any time.
  • The owner may update the emergency withdraw fee at any time.
  • Utilization of SafeMath to prevent overflow.
Audit Findings Summary
  • It is possible for users to claim another user's tokens as rewards.
  • Ensure trust in the team as they have some control within the ecosystem.
  • Date: November 19th, 2021.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesIf there are not enough Sugar Bounce tokens in the contract for rewards, rewards will be funded with users' staked funds.FAIL
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety FAIL

Radium Farm Graph

Radium Farm

 ($) = payable function
 # = non-constant function

+ [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Int] verifyCallResult

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub] Constructor #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 +  SugarBounceStaking (Ownable)
    - [Int] addPool #
    - [Ext] setSugarBounceToken #
       - modifiers: onlyOwner
    - [Ext] startStaking #
       - modifiers: onlyOwner
    - [Ext] pendingRewards
    - [Int] updatePool #
    - [Ext] deposit #
    - [Ext] withdraw #
    - [Pub] claim #
    - [Pub] emergencyWithdraw #
    - [Int] safeSugarBounceTransfer #
    - [Ext] setEmergencyWithdrawFee #
       - modifiers: onlyOwner
    - [Ext] setSugarBouncePerBlock #
       - modifiers: onlyOwner