Vampire.cash - Smart Contract Audit Report

Summary




April 7th Update - The Vampire.cash team has abused their control discussed below to set deposit and withdraw fees to 99%. Any investments will be lost.
Projects which provide the team a high level of control paired with anonymous developers are inherently risky.




Vampire Audit Report Vampire.cash is a fork of Dracula Protocol which intends to aggregate major DeFi yield farms and liquidity mining platforms on the Binance Smart Chain.

We reviewed Vampire.cash's contracts at the following addresses on the Binance Smart Chain mainnet:

  • VMPRtoken - 0x5bd0b6a5dcd738da1cd9d5d3b2aa801f9179b6d8
  • MasterVampire - 0xfb4efbd8d0c0b50bfbd5851e75297093fb4fab46
  • VampireAdapter - 0xe0e474a311f8900b042f5b04399b416e5fc278e3
  • PancakeswapAdater - 0x5fb015c4ab09bba4eeed2b24b5baaa69332bcfc6

    • Token Contract:
    • The token is mintable by the owner of the contract.
    • Only the address set as owner can mint the token. This has been properly set to the MasterVampire address for the purpose of providing rewards.
    • The Pancakeswap liquidity pool holds 54% of the token's supply. 23.6% of the supply has been burned. The MasterVampire contract holds 4.7% of the supply. The next largest holder has 1.3%
    • 63% of liquidity is locked for 6 months and another 35% is held in the MasterVampire contract.

    • MasterVampire:
    • This contract allows users to deposit their assets into the protocol, and specifically into their specified victim pool. Currenly the only strategy is for PancakeSwap.
    • Depositers will also earn VMPR tokens as rewards.
    • There is a fee charged on deposits and withdraws on the platform. The team can update these fees to any amount at any time.
    • The logic for draining pools (from the DrainController) is also contained in this contract.
    • The owner can add additional victims and pools through this contract and update current pools.
    • The owner can also update a variety of variables critical to the platform, such as the addresses of victims and other contracts in the ecosystem.
    • The owner can set the fee percentages to any amount at any time.

    • VampireAdapter & PancakeAdapter:
    • VampireAdapter is a library which holds functions for performing delegate calls to external victim platforms from the MasterVampire contract.
    • The VampireAdapter library also has view functions which can be used to obtain information on the protocol.
    • The only adapter currently available is designed to support deposits into Pancakeswap LP pools via the MasterVampire contract.
    • Curently about a dozen various Pancakeswap pools are supported.


    • Audit Findings Summary:
    • No security issues from external attackers were identified.
    • Ensure trust in the team as they have substantial power in the ecosystem.
    • Date: April 5th, 2021
    • Update Date: April 7th, 2021 - Abuse of powers by the team to steal user's funds.


    External Threats - Audit Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS


    Name

    Address

    Graphics


    VMPR Token


    0x5bd0b6a5dcd738da1cd9d5d3b2aa801f9179b6d8


    Function Graph.   Inheritance Chart.


    MasterVampire


    0xfb4efbd8d0c0b50bfbd5851e75297093fb4fab46


    Function Graph.   Inheritance Chart.


    VampireAdapter


    0xe0e474a311f8900b042f5b04399b416e5fc278e3


    Function Graph.   Inheritance Chart.


    PancakeSwapAdapter


    0x5fb015c4ab09bba4eeed2b24b5baaa69332bcfc6


    Function Graph.   Inheritance Chart.