SuperLauncher Farm - Audit Report
SuperLauncher has built a launchpad for projects on the Binance Smart Chain to launch in a safe, trusted, and decentralized manner.For this audit, we analyzed SuperLauncher's upcoming Farm contract. We reviewed the team's code at commit b9f2cbe175723747f604d6f59a55dc68bb79ef5c on GitHub.
Notes on the Contract:
Users can stake LP tokens into the Farm contract into order to earn tokens selected by the team on a per-pool basis. There are no deposit or withdraw fees associated with using the contract. The project team will set the reward rates upon deployment. Users' rewards will automatically be claimed upon unstaking from the contract. Alternativley, users can claim only their rewards without unstaking by withdrawing 0 from the contract. An emergencyWithdraw function exists in case of an issue with the contract or an absence of sufficient rewards. The team has the ability to withdraw the reward tokens from the contract, as well as stop rewards from accruing. SafeMath as well as Solidity 0.8.x is used across all contracts to prevent overflows. Additionally, SafeERC20 is used to ensure safe token transfers.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have some control over rewards.
- Date: June 27th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Int] functionStaticCall - [Int] functionStaticCall - [Int] functionDelegateCall # - [Int] functionDelegateCall # - [Prv] _verifyCallResult + [Lib] SafeERC20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + SuperFarm (Ownable) - [Pub] # - [Pub] getElapsedBlockSinceUpdate - [Ext] pendingReward - [Pub] updatePool # - [Ext] deposit # - [Ext] withdraw # - [Ext] stopReward # - modifiers: onlyOwner - [Ext] emergencyWithdraw # - [Ext] emergencyRewardWithdraw # - modifiers: onlyOwner