Sunflower Token & Farm - Smart Contract Audit Report

Summary

Sunflower is new token and yield farming platform.

We reviewed Sunflower's token contract at 0x3295fde99976e6b6b477e6834b2651a22deb1dd7 on the BSC mainnet and the project's Farm contract using code provided to us by the team and available below.

    Notes on the Token Contract:
  • The initial total supply of the token is 16 billion.
  • The owner has the ability to mint tokens at any time.
  • Ownership is intended to be transferred to the Farm contract. The farm contract also allows the team to mint tokens at any time, however.
  • Currently, the team has split up the supply among five wallets, holding 3%-37.5% each.
  • The contract utilizes SafeMath to prevent overflows.

  • Notes on the Farm Contract:
  • Users can stake various tokens in this contract to earn rewards in the form of the project's native SFO token.
  • Users can also earn further rewards by refering others to deposit into the contract.
  • Reward rates decrease over time with 'halvings' which occur at times set by the team.
  • Rewards will also be issued to users who refers others to deposit and hold a minimum number of tokens as set by the team. Some of these issued rewards will be vested over time.
  • The team can add additional pools at any time. The team must be careful not to add the same pool twice; or implement a check to prevent this.
  • The team will set the reward rate for each pool when added and can update it at any time. Rewards are created by minting tokens.
  • The developers will be minted some tokens from referrals and vesting to provide the team with rewards.
  • A manualMint() function is present, which allows the team to directly mint the SFO token at any time.
  • Some gas optimizations can be achieved through marking functions external instead of public.
  • Utilization of SafeMath to prevent overflow issues.

Audit Findings Summary
  • No issues from external attackers were identified.
  • As with any presale, ensure trust in the team prior to investing. The team is anonymous and holds a portion of the supply.
  • Further, ensure trust in the team as they have substantial power over the Farm contract and can mint SFO tokens at any time. We recommend renouncing ownership.
  • Date: May 1st, 2021

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Details: Token Contract

ERC20 Token Graph

Multi-file Token


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  SunflowerToken (ERC20, Ownable)
    - [Pub] maxSupply
    - [Int] _beforeTokenTransfer #
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Pub] burn #
    - [Pub] burnFrom #
    - [Pub]  #

							


Details: Farm Contract

ERC20 Token Graph

Multi-file Token


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Mintable (IERC20)
    - [Ext] mint #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  SunflowerFarm (Ownable)
    - [Pub]  #
    - [Pub] capFarm
    - [Ext] poolLength
    - [Pub] add #
       - modifiers: onlyOwner
    - [Pub] manualMint #
       - modifiers: onlyOwner
    - [Int] _setAllocPoints #
       - modifiers: onlyOwner
    - [Int] _setHalvingAtBlocks #
       - modifiers: onlyOwner
    - [Pub] setStatus #
       - modifiers: onlyOwner
    - [Pub] set #
       - modifiers: onlyOwner
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Pub] getMultiplier
    - [Pub] getPoolReward
    - [Ext] pendingReward
    - [Pub] claimReward #
    - [Int] _harvest #
    - [Int] _transferReferral #
    - [Pub] setAmountLPStakeLevelRefer #
       - modifiers: onlyOwner
    - [Pub] deposit #
    - [Pub] withdraw #
    - [Pub] withdrawAll #
    - [Pub] emergencyWithdraw #
    - [Pub] dev #
    - [Pub] getNewRewardPerBlock
    - [Pub] totalLockInPool
    - [Pub] lockOf
    - [Pub] lastUnlockBlock
    - [Int] farmLock #
    - [Pub] canUnlockAmount
    - [Pub] unlock #