Totem Finance - Smart Contract Audit Report
Summary
Totem Finance is building a new yield farming platform on the Fantom Blockchain.
For this audit, we analyzed Totem Finance's Token and MasterChef staking contracts. We reviewed the team's code on the Fantom Blockchain at the following addresses:Notes on the Token contract:The current circulating supply of the token is 1.4 million [1,424,247] $TOTEM. More tokens can be minted by the owner of the token contract at any time. The owner of the token contract has been properly set to the MasterChef staking contract for the provision of staking rewards. At the time of writing this report, 37% of the token's supply is held in the MasterChef contract. 13.94% of the total supply is held in the Paint liquidity pool. 12.76% of the supply is held in the Spooky liquidity pool. 7.53% of the supply is held in the Spirit liquidity pool. 8.21% of the supply belongs to the burn address. Liquidity is not locked as it is primarily being provided by users staking LP tokens in the MasterChef contract. The next largest holder has 4.04%. The token is designed to be a governance token where 1 token = 1 vote. Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature. Users can stake various tokens in this contract to earn rewards in the form of the project's native Totem token. There is a fee associated with making a deposit to the contract, set by the team upon adding the pool. The fee is directed to the team and its percentage can be updated at any time. The developers will be minted some tokens from rewards to incentivize further development. The team must be careful not to add the same token twice for staking. Some gas optimizations can be achieved through marking functions external instead of public. As this contract is already deployed, this is informational. The contract utilizes SafeMath to prevent overflows. The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.
Audit Findings Summary:
- No security issues from external attackers were identified.
- Please ensure trust in the team as they have some control in the ecosystem.
- Date: September 7th, 2021
Combined External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Details: MasterChef Staking
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ ReentrancyGuard
- [Int] #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ BEP20 (Context, IBEP20, Ownable)
- [Pub] #
- [Ext] getOwner
- [Pub] name
- [Pub] decimals
- [Pub] symbol
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ TotemToken (BEP20)
- [Pub] mint #
- modifiers: onlyOwner
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ MasterChef (Ownable, ReentrancyGuard)
- [Pub] #
- [Ext] poolLength
- [Ext] add #
- modifiers: onlyOwner,nonDuplicated
- [Ext] set #
- modifiers: onlyOwner
- [Pub] getMultiplier
- [Ext] pendingTotem
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Ext] deposit #
- modifiers: nonReentrant
- [Ext] withdraw #
- modifiers: nonReentrant
- [Ext] emergencyWithdraw #
- modifiers: nonReentrant
- [Int] safeTotemTransfer #
- [Ext] setDevAddress #
- [Ext] setFeeAddress #
- [Ext] updateEmissionRate #
- modifiers: onlyOwner
- [Ext] updateStartBlock #
- modifiers: onlyOwner