ZABU Finance - Smart Contract Audit Report

Summary

ZABU Finance is building a new yield farming platform on the Avalanche Network.

For this audit, we analyzed ZABU Finance's MasterChef staking contract. We reviewed the team's code on 0xd0f3121A190d85dE0AB6131f2bCEcdbfcfB38891 on the Avax Network.

Notes on the Contract:
The initial total supply of the $ZABU token has yet to be determined by the owner, however the owner can mint tokens up to any amount at any time.
The owner of the token contract has been properly set to the MasterChef staking contract for the provision of staking rewards.
The token is designed to be a governance token where 1 token = 1 vote.
Token holders can delegate their voting rights to any address. To save gas, users can also do so using an EIP-712 signature.

Users can stake various tokens in this contract to earn rewards in the form of the project's native $ZABU token.
There is a fee associated with making a withdrawal from the contract, set by the team upon adding the pool. The fee is directed to a wallet controlled by the team and its percentage can be updated at any time.
An emergencyWithdraw function exists so users can withdraw without collecting rewards. The withdraw fee is applied on emergency withdrawals.
The developers will be minted some tokens from rewards to incentivize further development.
The team must exercise caution as to not add the same token twice for staking.
The contract utilizes SafeMath (or similarily safe functions) to prevent overflows; and also uses ReentrancyGuard to prevent reentrancy via ERC777-compliant tokens.
The team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens.

Audit Findings Summary:
No security issues from outside attackers were identified.
Ensure trust in the team as they have some control in the ecosystem.
Date: September 18th, 2021

External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Details: MasterChef Staking

Function Graph

Smart Contract Graph

Inheritance Chart

Smart Contract Inheritance

Functions Overview


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20 (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  ReentrancyGuard 
    - [Int]  #

 +  ZABU (ERC20)
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] delegateBySig #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32
    - [Int] getChainId

 +  MasterChef (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] poolLength
    - [Ext] add #
       - modifiers: onlyOwner,nonDuplicated
    - [Ext] set #
       - modifiers: onlyOwner
    - [Pub] getMultiplier
    - [Ext] pendingZabu
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Ext] deposit #
       - modifiers: nonReentrant
    - [Ext] withdraw #
       - modifiers: nonReentrant
    - [Ext] emergencyWithdraw #
       - modifiers: nonReentrant
    - [Int] safeZabuTransfer #
    - [Ext] setDevAddress #
       - modifiers: onlyOwner
    - [Ext] setTreasuryAddress #
       - modifiers: onlyOwner
    - [Ext] setFeeAddress #
       - modifiers: onlyOwner
    - [Ext] updateEmissionRate #
       - modifiers: onlyOwner
    - [Ext] updateStartBlock #
       - modifiers: onlyOwner

Go Home