Sugar Bounce Staking - Smart Contract Audit Report
Summary
Sugar Bounce Staking is a new yield farming contract that pays rewards to stakers in Sugar Bounce tokens.
Notes on the SugarBounceStaking Contract:
- This contract allows users to stake Sugar Bounce tokens in exchange for rewards in additional Sugar Bounce tokens.
- Users will receive a reward amount on each block based on the amount staked and the percentage of total points allocated to the pool.
- Pending rewards must be manually collected by the user.
- There are 3 total pools users can deposit into, with a different lock duration per pool.
- Users may not withdraw from the pool until the lock time since their most recent deposit, withdrawal, or rewards claim has passed.
- The user can trigger an emergency withdraw, which will transfer all the user's deposited tokens to their wallet address, without calculating rewards.
- If an emergency withdraw is done before the lock duration, a fee is taken from the deposited tokens.
- Sugar Bounce tokens must be supplied to the contract to be distributed as rewards.
- If there are not enough Sugar Bounce tokens in the contract for rewards, rewards will be funded with users' staked funds.
- The owner must initialize the pools and enable staking before rewards can be earned.
- The owner may update the rewards emission rate at any time.
- The owner may update the emergency withdraw fee at any time.
Audit Findings Summary
- Utilization of SafeMath to prevent overflow.
- It is possible for users to claim another user's tokens as rewards.
- Ensure trust in the team as they have some control within the ecosystem.
- Date: November 19th, 2021.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | If there are not enough Sugar Bounce tokens in the contract for rewards, rewards will be funded with users' staked funds. | FAIL |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | FAIL |
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] Constructor #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ SugarBounceStaking (Ownable)
- [Int] addPool #
- [Ext] setSugarBounceToken #
- modifiers: onlyOwner
- [Ext] startStaking #
- modifiers: onlyOwner
- [Ext] pendingRewards
- [Int] updatePool #
- [Ext] deposit #
- [Ext] withdraw #
- [Pub] claim #
- [Pub] emergencyWithdraw #
- [Int] safeSugarBounceTransfer #
- [Ext] setEmergencyWithdrawFee #
- modifiers: onlyOwner
- [Ext] setSugarBouncePerBlock #
- modifiers: onlyOwner