- Smart Contract Audit Report


April 7th Update - The team has abused their control discussed below to set deposit and withdraw fees to 99%. Any investments will be lost.
Projects which provide the team a high level of control paired with anonymous developers are inherently risky.

Vampire Audit Report is a fork of Dracula Protocol which intends to aggregate major DeFi yield farms and liquidity mining platforms on the Binance Smart Chain.

We reviewed's contracts at the following addresses on the Binance Smart Chain mainnet:

  • VMPRtoken - 0x5bd0b6a5dcd738da1cd9d5d3b2aa801f9179b6d8
  • MasterVampire - 0xfb4efbd8d0c0b50bfbd5851e75297093fb4fab46
  • VampireAdapter - 0xe0e474a311f8900b042f5b04399b416e5fc278e3
  • PancakeswapAdater - 0x5fb015c4ab09bba4eeed2b24b5baaa69332bcfc6

    • Token Contract:
    • The token is mintable by the owner of the contract.
    • Only the address set as owner can mint the token. This has been properly set to the MasterVampire address for the purpose of providing rewards.
    • The Pancakeswap liquidity pool holds 54% of the token's supply. 23.6% of the supply has been burned. The MasterVampire contract holds 4.7% of the supply. The next largest holder has 1.3%
    • 63% of liquidity is locked for 6 months and another 35% is held in the MasterVampire contract.

    • MasterVampire:
    • This contract allows users to deposit their assets into the protocol, and specifically into their specified victim pool. Currenly the only strategy is for PancakeSwap.
    • Depositers will also earn VMPR tokens as rewards.
    • There is a fee charged on deposits and withdraws on the platform. The team can update these fees to any amount at any time.
    • The logic for draining pools (from the DrainController) is also contained in this contract.
    • The owner can add additional victims and pools through this contract and update current pools.
    • The owner can also update a variety of variables critical to the platform, such as the addresses of victims and other contracts in the ecosystem.
    • The owner can set the fee percentages to any amount at any time.

    • VampireAdapter & PancakeAdapter:
    • VampireAdapter is a library which holds functions for performing delegate calls to external victim platforms from the MasterVampire contract.
    • The VampireAdapter library also has view functions which can be used to obtain information on the protocol.
    • The only adapter currently available is designed to support deposits into Pancakeswap LP pools via the MasterVampire contract.
    • Curently about a dozen various Pancakeswap pools are supported.

    • Audit Findings Summary:
    • No security issues from external attackers were identified.
    • Ensure trust in the team as they have substantial power in the ecosystem.
    • Date: April 5th, 2021
    • Update Date: April 7th, 2021 - Abuse of powers by the team to steal user's funds.

    External Threats - Audit Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS




    VMPR Token


    Function Graph.   Inheritance Chart.



    Function Graph.   Inheritance Chart.



    Function Graph.   Inheritance Chart.



    Function Graph.   Inheritance Chart.