Swene - Audit Report

Summary

Swene Audit Report Swene is building a platform for hosting liquidity generation events as well as a liquidity farming platform where users can earn rewards in the project team's SWN token.

For this audit, we analyzed Swene' LGE and LiquidityFarming contracts using code provided to us by the project team.

Notes on the Contract:
  • The LGE contract is used to hold a Liquidity Generation Event, which will start at deployment and last for 2 weeks.
  • While the LGE period is ongoing, anyone can invest by depositing ETH.
  • A user's "score" is kept by accumulating the USD value of the ETH deposited at deposit time.
  • The owner can end the LGE period at any time.
  • The ETH collected during the LGE period is stored in the contract and used to fund Uniswap liquidity once the LGE period has ended; users can withdraw their ETH from the LGE contract given there is approval provided by the owner.
  • Liquidity-adds are funded by swapping half the ETH collected for DAI, swapping the returned DAI for BPT, minting 1 STABLE token for every BPT, minting 5 SWN tokens for every DAI, pairing the STABLE with the SWN, and adding it as liquidity to the STABLE-SWN pair.
  • The newly created LP tokens are transferred to the LiquidityFarming contract where they are divided up proportionally amongst the investors and permanently locked.
  • The owner can withdraw half of the deposited ETH from the LGE contract at any time.

  • Users can deposit any valid lockable token into the Liquidity Farming contract to accumulate rewards in SWN tokens; tokens can be locked on a timer or permanently.
  • Users may be eligible for extra rewards for certain locking periods.
  • Users can withdraw their staked tokens only when the specified lock period has passed.
  • Rewards are paid out in SWN tokens and are distributed whenever liquidity is deposited or withdrawn; users can also claim their due rewards manually.
  • A portion of the rewards is transferred to the contract address as a fee.
  • The owner is able to withdraw any SWN token from the contract address at any time.
  • The owner can use the Liquidity Farming contract to add any token as a staking token at any time, specifying any value as the block reward.
  • The owner is able to adjust the block reward for any lockable token pair at any time
  • The owner is able to set the reward tax to any value up to 10 at any time.
  • The owner is able to set the block reward for any lockable token to 0 at any time.
  • The owner is able to set the LGE contract address to any address at any time.
  • Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.


  • Audit Findings Summary:
    • No security issues from outside attackers were identified.
    • Ensure trust in the team as they have notable control in the ecosystem.
    • Date: August 24th, 2021

    Combined External Threat Results

    Vulnerability Category Notes Result
    Arbitrary Storage Write N/A PASS
    Arbitrary Jump N/A PASS
    Delegate Call to Untrusted Contract N/A PASS
    Dependence on Predictable Variables N/A PASS
    Deprecated Opcodes N/A PASS
    Ether Thief N/A PASS
    Exceptions N/A PASS
    External Calls N/A PASS
    Integer Over/Underflow N/A PASS
    Multiple Sends N/A PASS
    Suicide N/A PASS
    State Change External Calls N/A PASS
    Unchecked Retval N/A PASS
    User Supplied Assertion N/A PASS
    Critical Solidity Compiler N/A PASS
    Overall Contract Safety   PASS

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     +  LGE (Ownable, LivePrice)
        - [Pub]  #
        - [Ext] invest ($)
        - [Pub] isInvestor
        - [Ext] getInvestors
        - [Ext] getScores
        - [Pub] getTotalScore
        - [Pub] getBalance
        - [Ext] endLGE #
           - modifiers: onlyOwner
        - [Int] pushLiquidity #
        - [Int] concatenateInvestorArrays #
        - [Int] swapETHtoDAI #
        - [Int] individualLiquidityTokenAmount
        - [Ext] pushInterfaceAddresses #
           - modifiers: onlyOwner
        - [Ext] approveFor #
           - modifiers: onlyOwner
        - [Ext] withdraw #
        - [Ext]  ($)
    
     + [Int] PreLGEInterface 
        - [Ext] getInvestors #
        - [Ext] getScores #
        - [Ext] getTotalScore #
    
     + [Int] UniSwapRouter 
        - [Ext] swapExactETHForTokens ($)
        - [Ext] addLiquidity #
        - [Ext] WETH #
        - [Ext] factory
    
     + [Int] UniSwapFactory 
        - [Ext] getPair
    
     + [Int] STABLEInterface 
        - [Ext] createSTABLE #
        - [Ext] approve #
    
     + [Int] SWNInterface 
        - [Ext] mint #
        - [Ext] approve #
    
     + [Int] LiquidityLock 
        - [Ext] pushPermanentLockFromLGE #
    
     + [Int] TokenInterface 
        - [Ext] transferFrom #
        - [Ext] approve #

    Function Graph

    Smart Contract Graph

    Inheritence Chart

    Smart Contract Inheritance

    Functions Overview

    
    
     ($) = payable function
     # = non-constant function
     
     Int = Internal
     Ext = External
     Pub = Public
    
     +  LiquidityFarming (Ownable)
        - [Pub]  #
        - [Pub] addLockablePair #
           - modifiers: onlyOwner
        - [Ext] adjustBlockReward #
           - modifiers: onlyOwner
        - [Ext] adjustRewardTax #
           - modifiers: onlyOwner
        - [Ext] removeRewardEmissions #
           - modifiers: onlyOwner
        - [Pub] isLockable
        - [Pub] isLocker
        - [Ext] lockPermanent #
        - [Ext] lockTimed #
        - [Int] pushLiquidityData #
        - [Ext] pushPermanentLockFromLGE #
        - [Ext] pushLGEAddress #
           - modifiers: onlyOwner
        - [Prv] blocksStaked
        - [Pub] rewardOf
        - [Int] getTotalScore
        - [Pub] calculateRewardRatio #
        - [Int] distributeReward #
        - [Ext] withdrawReward #
        - [Ext] treasuryReward #
           - modifiers: onlyOwner
        - [Ext] withdrawLiquidity #
    
     + [Int] TokenInterface 
        - [Ext] mint #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] balanceOf