OnX Finance
Search…
Token and Farming Contract Audit
C:\Users\xuzhi\Desktop\Work\合约审计模板\Audit-Contracts\合约审计——模板\纯英文页眉、水印、Logo\Logo.pngLogo
Smart contract security audit report
D:\作品整理\素材收集\链安科技\5a7ab477a3c07\组 1.png
Audit Number202012120933 Report Query Name: Farm
Smart Contract Name And Address LinkNone
Start Date2020.12.10 Completion Date2020.12.12
Audit Team: Beosin (Chengdu LianAn) Technology Co. Ltd.
Audit Categories and Results:
No.
Categories
Subitems
Results
1
Coding Conventions
Compiler Version Security
Pass
Deprecated Items
Pass
Redundant Code
Pass
SafeMath Features
Pass
require/assert Usage
Pass
Gas Consumption
Pass
Visibility Specifiers
Pass
Fallback Usage
Pass
2
General Vulnerability
Integer Overflow/Underflow
Pass
Reentrancy
Pass
Pseudo-random Number Generator (PRNG)
Pass
Transaction-Ordering Dependence
Pass
DoS (Denial of Service)
Pass
Access Control of Owner
Pass
Low-level Function (call/delegatecall) Security
Pass
Returned Value Security
Pass
tx.origin Usage
Pass
Replay Attack
Pass
Overriding Variables
Pass
3
Business Security
Business Logics
Pass
Business Implementations
Pass
Note: Audit results and suggestions in code comments
Disclaimer: This audit is only applied to the type of auditing specified in this report and the scope of given in the results table. Other unknown security vulnerabilities are beyond auditing responsibility. Beosin (Chengdu LianAn) Technology only issues this report based on the attacks or vulnerabilities that already existed or occurred before the issuance of this report. For the emergence of new attacks or vulnerabilities that exist or occur in the future, Beosin (Chengdu LianAn) Technology lacks the capability to judge its possible impact on the security status of smart contracts, thus taking no responsibility for them. The security audit analysis and other contents of this report are based solely on the documents and materials that the contract provider has provided to Beosin (Chengdu LianAn) Technology before the issuance of this report, and the contract provider warrants that there are no missing, tampered, deleted; if the documents and materials provided by the contract provider are missing, tampered, deleted, concealed or reflected in a situation that is inconsistent with the actual situation, or if the documents and materials provided are changed after the issuance of this report, Beosin (Chengdu LianAn) Technology assumes no responsibility for the resulting loss or adverse effects. The audit report issued by Beosin (Chengdu LianAn) Technology is based on the documents and materials provided by the contract provider, and relies on the technology currently possessed by Beosin (Chengdu LianAn). Due to the technical limitations of any organization, this report conducted by Beosin (Chengdu LianAn) still has the possibility that the entire risk cannot be completely detected. Beosin (Chengdu LianAn) disclaims any liability for the resulting losses.
The final interpretation of this statement belongs to Beosin (Chengdu LianAn).
Audit Results Explained:
Beosin (Chengdu LianAn) Technology has used several methods including Formal Verification, Static Analysis, Typical Case Testing and Manual Review to audit three major aspects of smart contracts OnXFarm, including Coding Standards, Security, and Business Logic. The OnXFarm contract pass all audit items. The overall result is Pass. The smart contract is able to function properly.
  1. 1.
    Coding Conventions
Check the code style that does not conform to Solidity code style.
    1. 1.
      Compiler Version Security
      • Description: Check whether the code implementation of current contract contains the exposed solidity compiler bug.
      • Result: Pass
    2. 2.
      Deprecated Items
      • Description: Check whether the current contract has the deprecated items.
      • Result: Pass
    1. 1.
      Redundant Code
      • Description: Check whether the contract code has redundant codes.
      • Result: Pass
    2. 2.
      SafeMath Features
      • Description: Check whether the SafeMath has been used. Or prevents the integer overflow/underflow in mathematical operation.
      • Result: Pass
    3. 3.
      require/assert Usage
      • Description: Check the use reasonability of 'require' and 'assert' in the contract.
      • Result: Pass
    4. 4.
      Gas Consumption
      • Description: Check whether the gas consumption exceeds the block gas limitation.
      • Result: Pass
    5. 5.
      Visibility Specifiers
      • Description: Check whether the visibility conforms to design requirement.
      • Result: Pass
    6. 6.
      Fallback Usage
      • Description: Check whether the Fallback function has been used correctly in the current contract.
      • Result: Pass
  1. 1.
    General Vulnerability
Check whether the general vulnerabilities exist in the contract.
    1. 1.
      Integer Overflow/Underflow
      • Description: Check whether there is an integer overflow/underflow in the contract and the calculation result is abnormal.
      • Result: Pass
    2. 2.
      Reentrancy
      • Description: An issue when code can call back into your contract and change state, such as withdrawing ETH.
      • Result: Pass
    3. 3.
      Pseudo-random Number Generator (PRNG)
      • Description: Whether the results of random numbers can be predicted.
      • Result: Pass
    4. 4.
      Transaction-Ordering Dependence
      • Description: Whether the final state of the contract depends on the order of the transactions.
      • Result: Pass
    • DoS (Denial of Service)
      • Description: Whether exist DoS attack in the contract which is vulnerable because of unexpected reason.
      • Result: Pass
    • Access Control of Owner
      • Description: Whether the owner has excessive permissions, such as malicious issue, modifying the balance of others.
      • Result: Pass
    • Low-level Function (call/delegatecall) Security
      • Description: Check whether the usage of low-level functions like call/delegatecall have vulnerabilities.
      • Result: Pass
    • Returned Value Security
      • Description: Check whether the function checks the return value and responds to it accordingly.
      • Result: Pass
    • tx.origin Usage
      • Description: Check the use secure risk of 'tx.origin' in the contract.
      • Result: Pass
    • Replay Attack
      • Description: Check the weather the implement possibility of Replay Attack exists in the contract.
      • Result: Pass
    • Overriding Variables
      • Description: Check whether the variables have been overridden and lead to wrong code execution.
      • Result: Pass
  1. 1.
    Business Security
Check whether the business is secure.
    1. 1.
      Business analysis of Contract OnXFarm
  1. 1.
    add Function
    • Description: As shown in Figure 1 below, the contract implements the add function to add the Pool. The contract owner can call this function to add the Pool for the user to stake for getting the reward and store the pool-related information.
Figure 1 add Function Source Code
    • Related functions: add, massUpdatePools
    • Result: Pass
  1. 1.
    set Function
    • Description: As shown in Figure 2 below, contract implements set function to set the reward allocation point of the specified pool, the contract owner can call this function to set the reward allocation point of the specified pool. After the pool reward allocation point is modified, it will affect the value of OnX rewards when users withdraw or deposit tokens.
Figure 2 set Function Source Code
    • Related functions: set, massUpdatePools
    • Result: Pass
  1. 1.
    getTotalRewardInfoInSameCommonDifference Function
    • Description: As shown in Figure 3 below, contract implements the
getTotalRewardInfoInSameCommonDifference function to return reward between the given _from and
_to block. The reward decreases in equal steps in each cycle.
Figure 3 getTotalRewardInfoInSameCommonDifference Function Source code
    • Related functions: getTotalRewardInfoInSameCommonDifference
    • Result: Pass
  1. 1.
    getTolalRewardInfo Function
    • Description: As shown in Figure 4 below, contract implements getTolalRewardInfo function to return reward between the given _from and _to block, this function mainly distinguishes before and after bonusEndBlock, and chooses different reward calculation parameters according to the difference before and after bonusEndBlock.
Figure 4 getTolalRewardInfo Function Source Code
    • Related functions: getTolalRewardInfo, getTotalRewardInfoInSameCommonDifference
    • Result: Pass
  1. 1.
    updatePool Function
    • Description: As shown in Figure 5 below, contract implements updatePool function to update pool OnX rewards and information of current block. Any user can call this function to update latest pool OnX rewards and information, and call mint function to mint all OnX rewards generated after last block update
to this contract address. 5% of the calculated amount of tokens to be minted will be sent to devAddr address, and 2% will be sent to insAddr address. In addition, anyone can update all pools at once through calling the massUpdatePools function.
Figure 5 updatePool Function Source Code
    • Related functions: updatePool, getTotalRewardInfo
    • Result: Pass
  1. 1.
    deposit Function
    • Description: As shown in Figure 6 below, the contract implements the deposit function for users to stake tokens, the user pre-approves this contract address and then calls this function to deposit tokens(require the pool is exist). Update the pool information when the user is deposited, if the user has previous deposit, calculate the user's previous deposit reward and send the reward to the user address.
Figure 6 deposit Function Source Code
    • Related functions: deposit, updatePool, safeOnXTransfer, safeTransferFrom
    • Result: Pass
  1. 1.
    withdraw Function
    • Description: As shown in Figure 7 below, the contract implements the withdraw function for users to withdraw deposit tokens and OnX rewards, the user can call this function to withdraw the specified amount of deposited tokens and all OnX rewards in the current block. Update pool information when users withdraw deposited tokens and OnX rewards, and transfer the specified deposited tokens and OnX rewards to the user address and update the user deposit information.
Figure 7 withdraw Function Source Code
    • Related functions: withdraw, updatePool, safeOnXTransfer, safeTransfer
    • Result: Pass
  1. 1.
    emergencyWithdraw Function
    • Description: As shown in Figure 8 below, the contract implements the emergencyWithdraw function for users to withdraw deposited tokens. The user can call this function to withdraw all deposited tokens in the pool. Update user deposit information and transfer all deposited tokens to the user address(Note: calling this function cannot get any deposit rewards).
Figure 8 emergencyWithdraw Function Source Code
    • Related functions: emergencyWithdraw, safeTransfer
    • Result: Pass
  1. 1.
    pendingOnX function
    • Description: As shown in Figure 9 below, the contract implements the pendingOnX function for users to query the number of OnX rewards that can be obtained.
Figure 9 pendingOnX Function Source Code
    • Related functions: pendingOnX, getTotalRewardInfo
    • Result: Pass
  1. 1.
    Parameter Related Function
  • Description: As shown in Figures 10 and 11, the contract implements the functions changeDevAddr and changeInsuranceAddr to set pool related parameters. The contract owner can call these functions to set the devAddr and insAddr.
Figure 10 changeDevAddr Function Source Code
Figure 11 changeInsuranceAddr Function Source Code
    • Related functions: changeDevAddr, changeInsuranceAddr
    • Result: Pass
  1. 1.
    Conclusion
Beosin(Chengdu LianAn) conducted a detailed audit on the design and code implementation of the smart contracts OnXFarm. All problems found during the audit have been notified to the project party, and the project party believes that no repair is needed. The overall audit result of the smart contracts OnXFarm is Pass.
Official Website https://lianantech.com E-mail [email protected] Twitter
https://twitter.com/Beosin_com
Last modified 11mo ago
Copy link