Wagyu - Smart Contract Audit Report
Summary
Wagyu is building a new decentralized exchange with a yield farming platform.
For this audit, we analyzed Wagyu's PancakeSwap core and pefiphery contracts along with their WAGFarm staking contract. We reviewed the team's code at the following commits:
- Wagyu-Swap-Core Contracts - Commit afa9ae5c7752de7e49b5fd052c65da9519ec97a4
- Pefiphery Contracts - Commit 7b2c89d5f09ab1231168a2371069ffb09ab8a80e
- WAGFarm - Commit 6573933b571d87879fab588b34fcbb436aa45272
Notes on the Contracts:
PancakeERC20 Contract:WagyuFactory Contract:
- The PancakeERC20 contract implements the ERC20 standard liquidity token.
- This contract utilizes a 'permit' mechanism which allows the owner of the $Wagyu-LP tokens to sign a transaction that allows another user to withdraw tokens and send it to the recipient. The recipient, then submits the permit on behalf of the owner.
PancakePair Contract:
- The WagyuFactory contract is responsible for the creation of liquidity pairs for the token, thereby enabling trading on the platform.
- At the time of deployment, the initiliaze() function is called from the PancakePair contract which allows the factory to specify the two ERC20 tokens that this pair will exchange.
- Once the pool is created, its address is stored with a double mapping that takes both token addresses as input.
PancakeRouter Contract:
- The PancakePair contract is the core Uniswap functionality that implements the liquidity pool that exchanges tokens.
- This contract is responsible for tracking balances of ERC20 tokens, as well as mints and burns of the liquidity token.
WAGFarm Contract:
- The PancakeRouter contract is used to interact with the liquidity pool that was created in the PancakeFactory contract.
- PancakeRouter routes orders to the user-determined pair contract to swap assets.
- This contract performs requirement checks needed for swapping tokens, adding liquidity, and removing liquidity.
- Users can stake various tokens in the WAGFarm contract into pools to earn rewards in the form of the project's native WAGToken.
- A pool's share of rewards generated can be changed by the owner at any time.
- When rewards are generated, an additional 10% of minted WAGTokens are minted to a dev address.
- A Migrator function is present, allowing the team to migrate all of user's staked funds to a new contract without restriction.
- The WAGFarm staking contract should not be used with deflationary tokens or ERC-777 tokens. If a deflationary token is added as a staking asset, then the contract must be exempt from transfer fees.
- The team must also be careful not to add the same token twice for staking.
- Two lines perform a multiplication on the result of a division, leading to less accurate results. It is advisable to always do all multiplication prior to division. Applicable lines can be viewed here.
- A number of functions could be declared external instead of public to save some gas on each call. Applicable functions can be viewed here.
- Utilization of SafeMath (or similarily safe functions) to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- Ensure trust in the team as they can migrate users' staked funds.
- Date: September 28th, 2021
Combined External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: WagyuFactory
($) = payable function
# = non-constant function
+ [Int] IPancakeFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IPancakePair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IPancakeERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ PancakeERC20 (IPancakeERC20)
- [Pub] #
- [Int] _mint #
- [Int] _burn #
- [Prv] _approve #
- [Prv] _transfer #
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] permit #
+ [Lib] Math
- [Int] min
- [Int] sqrt
+ [Lib] UQ112x112
- [Int] encode
- [Int] uqdiv
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Int] IPancakeCallee
- [Ext] pancakeCall #
+ PancakePair (IPancakePair, PancakeERC20)
- [Pub] getReserves
- [Prv] _safeTransfer #
- [Pub] #
- [Ext] initialize #
- [Prv] _update #
- [Prv] _mintFee #
- [Ext] mint #
- modifiers: lock
- [Ext] burn #
- modifiers: lock
- [Ext] swap #
- modifiers: lock
- [Ext] skim #
- modifiers: lock
- [Ext] sync #
- modifiers: lock
+ WagyuFactory (IPancakeFactory)
- [Pub] #
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
Details: Pefiphery
($) = payable function
# = non-constant function
+ [Int] IUniswapV2Callee
- [Ext] uniswapV2Call #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
+ [Lib] PancakeLibrary
- [Int] sortTokens
- [Int] pairFor
- [Int] getReserves
- [Int] quote
- [Int] getAmountOut
- [Int] getAmountIn
- [Int] getAmountsOut
- [Int] getAmountsIn
+ [Int] IUniswapV1Factory
- [Ext] getExchange
+ [Int] IUniswapV1Exchange
- [Ext] balanceOf
- [Ext] transferFrom #
- [Ext] removeLiquidity #
- [Ext] tokenToEthSwapInput #
- [Ext] ethToTokenSwapInput ($)
+ [Int] IPancakeRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IERC20
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
+ [Int] IWETH
- [Ext] deposit ($)
- [Ext] transfer #
- [Ext] withdraw #
+ ExampleFlashSwap (IUniswapV2Callee)
- [Pub] #
- [Ext] ($)
- [Ext] uniswapV2Call #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Lib] FixedPoint
- [Int] encode
- [Int] encode144
- [Int] div
- [Int] mul
- [Int] fraction
- [Int] decode
- [Int] decode144
+ [Lib] PancakeOracleLibrary
- [Int] currentBlockTimestamp
- [Int] currentCumulativePrices
+ ExampleOracleSimple
- [Pub] #
- [Ext] update #
- [Ext] consult
+ ExampleSlidingWindowOracle
- [Pub] #
- [Pub] observationIndexOf
- [Prv] getFirstObservationInWindow
- [Ext] update #
- [Prv] computeAmountOut
- [Ext] consult
+ [Lib] Babylonian
- [Int] sqrt
+ [Lib] TransferHelper
- [Int] safeApprove #
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeTransferETH #
+ ExampleSwapToPrice
- [Pub] #
- [Pub] computeProfitMaximizingTrade
- [Pub] swapToPrice #
+ [Int] IPancakeRouter02 (IPancakeRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IPancakeMigrator
- [Ext] migrate #
+ PancakeMigrator (IPancakeMigrator)
- [Pub] #
- [Ext] ($)
- [Ext] migrate #
+ PancakeRouter (IPancakeRouter02)
- [Pub] #
- [Ext] ($)
- [Int] _addLiquidity #
- [Ext] addLiquidity #
- modifiers: ensure
- [Ext] addLiquidityETH ($)
- modifiers: ensure
- [Pub] removeLiquidity #
- modifiers: ensure
- [Pub] removeLiquidityETH #
- modifiers: ensure
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Pub] removeLiquidityETHSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Int] _swap #
- [Ext] swapExactTokensForTokens #
- modifiers: ensure
- [Ext] swapTokensForExactTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokens ($)
- modifiers: ensure
- [Ext] swapTokensForExactETH #
- modifiers: ensure
- [Ext] swapExactTokensForETH #
- modifiers: ensure
- [Ext] swapETHForExactTokens ($)
- modifiers: ensure
- [Int] _swapSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- modifiers: ensure
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
- modifiers: ensure
- [Pub] quote
- [Pub] getAmountOut
- [Pub] getAmountIn
- [Pub] getAmountsOut
- [Pub] getAmountsIn
+ PancakeRouter01 (IPancakeRouter01)
- [Pub] #
- [Ext] ($)
- [Prv] _addLiquidity #
- [Ext] addLiquidity #
- modifiers: ensure
- [Ext] addLiquidityETH ($)
- modifiers: ensure
- [Pub] removeLiquidity #
- modifiers: ensure
- [Pub] removeLiquidityETH #
- modifiers: ensure
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Prv] _swap #
- [Ext] swapExactTokensForTokens #
- modifiers: ensure
- [Ext] swapTokensForExactTokens #
- modifiers: ensure
- [Ext] swapExactETHForTokens ($)
- modifiers: ensure
- [Ext] swapTokensForExactETH #
- modifiers: ensure
- [Ext] swapExactTokensForETH #
- modifiers: ensure
- [Ext] swapETHForExactTokens ($)
- modifiers: ensure
- [Pub] quote
- [Pub] getAmountOut
- [Pub] getAmountIn
- [Pub] getAmountsOut
- [Pub] getAmountsIn
+ DeflatingERC20
- [Pub] #
- [Int] _mint #
- [Int] _burn #
- [Prv] _approve #
- [Prv] _transfer #
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] permit #
+ ERC20
- [Pub] #
- [Int] _mint #
- [Int] _burn #
- [Prv] _approve #
- [Prv] _transfer #
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] permit #
+ RouterEventEmitter
- [Ext] ($)
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
+ Migrations
- [Pub] #
- [Pub] setCompleted #
- modifiers: restricted
+ WETH9
- [Pub] deposit ($)
- [Pub] withdraw #
- [Pub] totalSupply
- [Pub] approve #
- [Pub] transfer #
- [Pub] transferFrom #
Details: WAGFarm
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
- [Int] min
- [Int] sqrt
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ Context
- [Pub] #
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ BEP20 (Context, IBEP20, Ownable)
- [Pub] #
- [Ext] getOwner
- [Pub] name
- [Pub] decimals
- [Pub] symbol
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] mint #
- modifiers: onlyOwner
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ WAGToken (BEP20)
- [Pub] mint #
- modifiers: onlyOwner
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId
+ WAGStake (BEP20)
- [Pub] mint #
- modifiers: onlyOwner
- [Pub] burn #
- modifiers: onlyOwner
- [Pub] #
- [Pub] safeCakeTransfer #
- modifiers: onlyOwner
- [Ext] delegates
- [Ext] delegate #
- [Ext] delegateBySig #
- [Ext] getCurrentVotes
- [Ext] getPriorVotes
- [Int] _delegate #
- [Int] _moveDelegates #
- [Int] _writeCheckpoint #
- [Int] safe32
- [Int] getChainId
+ [Int] IMigratorChef
- [Ext] migrate #
+ WAGFarm (Ownable)
- [Pub] #
- [Pub] updateMultiplier #
- modifiers: onlyOwner
- [Ext] poolLength
- [Pub] add #
- modifiers: onlyOwner
- [Pub] set #
- modifiers: onlyOwner
- [Int] updateStakingPool #
- [Pub] setMigrator #
- modifiers: onlyOwner
- [Pub] migrate #
- [Pub] getMultiplier
- [Ext] pendingCake
- [Pub] massUpdatePools #
- [Pub] updatePool #
- [Pub] deposit #
- [Pub] withdraw #
- [Pub] enterStaking #
- [Pub] leaveStaking #
- [Pub] emergencyWithdraw #
- [Int] safeCakeTransfer #
- [Pub] dev #