Totem Finance - Smart Contract Audit Report

Summary

Totem Finance is building a new yield farming platform on the Fantom Blockchain.

For this audit, we analyzed Totem Finance's Token and MasterChef staking contracts. We reviewed the team's code on the Fantom Blockchain at the following addresses:

Staking Contract- 0xbe5c44f4c02c26c9cfccae2efe69947076d804e4

Token Contract- 0x31a37aedc0c18aa139e120e1cdc673bbb2063e6f

Notes on the Token contract:
The current circulating supply of the token is 1.4 million [1,424,247] $TOTEM.
More tokens can be minted by the owner of the token contract at any time.
The owner of the token contract has been properly set to the MasterChef staking contract for the provision of staking rewards.
At the time of writing this report, 37% of the token's supply is held in the MasterChef contract.
13.94% of the total supply is held in the Paint liquidity pool.
12.76% of the supply is held in the Spooky liquidity pool.
7.53% of the supply is held in the Spirit liquidity pool.
8.21% of the supply belongs to the burn address.
Liquidity is not locked as it is primarily being provided by users staking LP tokens in the MasterChef contract.
The next largest holder has 4.04%.
The token is designed to be a governance token where 1 token = 1 vote.
Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.

Users can stake various tokens in this contract to earn rewards in the form of the project's native Totem token.
There is a fee associated with making a deposit to the contract, set by the team upon adding the pool. The fee is directed to the team and its percentage can be updated at any time.
The developers will be minted some tokens from rewards to incentivize further development.
The team must be careful not to add the same token twice for staking.
Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational.
The contract utilizes SafeMath to prevent overflows.
The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.

Audit Findings Summary:
No security issues from external attackers were identified.
Please ensure trust in the team as they have some control in the ecosystem.
Date: September 7th, 2021

Combined External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Details: MasterChef Staking

Function Graph

Smart Contract Graph

Inheritence Chart

Smart Contract Inheritance

Functions Overview


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  ReentrancyGuard 
    - [Int]  #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  BEP20 (Context, IBEP20, Ownable)
    - [Pub]  #
    - [Ext] getOwner
    - [Pub] name
    - [Pub] decimals
    - [Pub] symbol
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _burnFrom #

 +  TotemToken (BEP20)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  MasterChef (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] poolLength
    - [Ext] add #
       - modifiers: onlyOwner,nonDuplicated
    - [Ext] set #
       - modifiers: onlyOwner
    - [Pub] getMultiplier
    - [Ext] pendingTotem
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Ext] deposit #
       - modifiers: nonReentrant
    - [Ext] withdraw #
       - modifiers: nonReentrant
    - [Ext] emergencyWithdraw #
       - modifiers: nonReentrant
    - [Int] safeTotemTransfer #
    - [Ext] setDevAddress #
    - [Ext] setFeeAddress #
    - [Ext] updateEmissionRate #
       - modifiers: onlyOwner
    - [Ext] updateStartBlock #
       - modifiers: onlyOwner

Go Home