Vera Staking - Smart Contract Audit Report
Veraswap is a decentralized framework for liquidity control and a liquidity bootstrapping protocol.For this audit, we analyzed the project's staking contract. We reviewed the contract at 0xf2f1467b6ee5efd2fb8e9a828748ae34522dd9fa on the Binance Smart Chain mainnet.We previously audited Veraswap's token contract here.
Notes on the Contract:
Users can stake any token into the staking contract into order to earn Vera tokens. After staking users will not be able to add additional stake. Users tokens will be locked in the contract Users will accrue rewards over the length of their stake. Upon withdrawing from the contract, user's rewards will be claimed. The team has the ability to update the reward rate for each token, alter the address & decimals of the Vera token contract, and update the locktime for the each token. As any token can be used, the team must check each token being given a reward rate to ensure it does not contain malicious transfer logic that could lead to reentrancy. Some public functions may be declared external to save a small amount of gas on each transaction. As this has been deployed already, this is merely informational. Utilization of SafeMath to prevent overflow issues.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have some control over the ecosystem.
- Date: May 14th, 2021
Combined External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function Int = Internal Ext = External Pub = Public + [Int] ERC - [Ext] balanceOf - [Ext] allowance - [Ext] transfer # - [Ext] transferFrom # + Math - [Int] mul - [Int] div - [Int] sub - [Int] add + Staking (Math) - [Pub]
# - [Pub] stake # - [Pub] claim # - [Pub] fetchUnclaimed - [Pub] updateReward # - modifiers: isAdmin - [Pub] updateDecimals # - modifiers: isAdmin - [Pub] updateLockTime # - modifiers: isAdmin - [Pub] revokeOwnership # - modifiers: isAdmin - [Pub] updateVeraSwapContract # - modifiers: isAdmin - [Pub] fetchCurrentTime