Swene - Audit Report
Swene is building a platform for hosting liquidity generation events as well as a liquidity farming platform where users can earn rewards in the project team's SWN token.For this audit, we analyzed Swene' LGE and LiquidityFarming contracts using code provided to us by the project team.
Notes on the Contract:
The LGE contract is used to hold a Liquidity Generation Event, which will start at deployment and last for 2 weeks. While the LGE period is ongoing, anyone can invest by depositing ETH. A user's "score" is kept by accumulating the USD value of the ETH deposited at deposit time. The owner can end the LGE period at any time. The ETH collected during the LGE period is stored in the contract and used to fund Uniswap liquidity once the LGE period has ended; users can withdraw their ETH from the LGE contract given there is approval provided by the owner. Liquidity-adds are funded by swapping half the ETH collected for DAI, swapping the returned DAI for BPT, minting 1 STABLE token for every BPT, minting 5 SWN tokens for every DAI, pairing the STABLE with the SWN, and adding it as liquidity to the STABLE-SWN pair. The newly created LP tokens are transferred to the LiquidityFarming contract where they are divided up proportionally amongst the investors and permanently locked. The owner can withdraw half of the deposited ETH from the LGE contract at any time.
Users can deposit any valid lockable token into the Liquidity Farming contract to accumulate rewards in SWN tokens; tokens can be locked on a timer or permanently. Users may be eligible for extra rewards for certain locking periods. Users can withdraw their staked tokens only when the specified lock period has passed. Rewards are paid out in SWN tokens and are distributed whenever liquidity is deposited or withdrawn; users can also claim their due rewards manually. A portion of the rewards is transferred to the contract address as a fee. The owner is able to withdraw any SWN token from the contract address at any time. The owner can use the Liquidity Farming contract to add any token as a staking token at any time, specifying any value as the block reward. The owner is able to adjust the block reward for any lockable token pair at any time The owner is able to set the reward tax to any value up to 10 at any time. The owner is able to set the block reward for any lockable token to 0 at any time. The owner is able to set the LGE contract address to any address at any time. Utilization of SafeMath (or similarily safe functions) across all contracts to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have notable control in the ecosystem.
- Date: August 24th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + LGE (Ownable, LivePrice) - [Pub]
# - [Ext] invest ($) - [Pub] isInvestor - [Ext] getInvestors - [Ext] getScores - [Pub] getTotalScore - [Pub] getBalance - [Ext] endLGE # - modifiers: onlyOwner - [Int] pushLiquidity # - [Int] concatenateInvestorArrays # - [Int] swapETHtoDAI # - [Int] individualLiquidityTokenAmount - [Ext] pushInterfaceAddresses # - modifiers: onlyOwner - [Ext] approveFor # - modifiers: onlyOwner - [Ext] withdraw # - [Ext] ($) + [Int] PreLGEInterface - [Ext] getInvestors # - [Ext] getScores # - [Ext] getTotalScore # + [Int] UniSwapRouter - [Ext] swapExactETHForTokens ($) - [Ext] addLiquidity # - [Ext] WETH # - [Ext] factory + [Int] UniSwapFactory - [Ext] getPair + [Int] STABLEInterface - [Ext] createSTABLE # - [Ext] approve # + [Int] SWNInterface - [Ext] mint # - [Ext] approve # + [Int] LiquidityLock - [Ext] pushPermanentLockFromLGE # + [Int] TokenInterface - [Ext] transferFrom # - [Ext] approve #
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + LiquidityFarming (Ownable) - [Pub]
# - [Pub] addLockablePair # - modifiers: onlyOwner - [Ext] adjustBlockReward # - modifiers: onlyOwner - [Ext] adjustRewardTax # - modifiers: onlyOwner - [Ext] removeRewardEmissions # - modifiers: onlyOwner - [Pub] isLockable - [Pub] isLocker - [Ext] lockPermanent # - [Ext] lockTimed # - [Int] pushLiquidityData # - [Ext] pushPermanentLockFromLGE # - [Ext] pushLGEAddress # - modifiers: onlyOwner - [Prv] blocksStaked - [Pub] rewardOf - [Int] getTotalScore - [Pub] calculateRewardRatio # - [Int] distributeReward # - [Ext] withdrawReward # - [Ext] treasuryReward # - modifiers: onlyOwner - [Ext] withdrawLiquidity # + [Int] TokenInterface - [Ext] mint # - [Ext] transfer # - [Ext] transferFrom # - [Ext] balanceOf