Token and Farming Contract Audit
Last updated
Last updated
Smart contract security audit report
Smart Contract Name And Address Link: None
Start Date:2020.12.10 Completion Date:2020.12.12
Audit Team: Beosin (Chengdu LianAn) Technology Co. Ltd.
Audit Categories and Results:
No.
Categories
Subitems
Results
1
Coding Conventions
Compiler Version Security
Pass
Deprecated Items
Pass
Redundant Code
Pass
SafeMath Features
Pass
require/assert Usage
Pass
Gas Consumption
Pass
Visibility Specifiers
Pass
Fallback Usage
Pass
2
General Vulnerability
Integer Overflow/Underflow
Pass
Reentrancy
Pass
Pseudo-random Number Generator (PRNG)
Pass
Transaction-Ordering Dependence
Pass
DoS (Denial of Service)
Pass
Access Control of Owner
Pass
Low-level Function (call/delegatecall) Security
Pass
Returned Value Security
Pass
tx.origin Usage
Pass
Replay Attack
Pass
Overriding Variables
Pass
3
Business Security
Business Logics
Pass
Business Implementations
Pass
Disclaimer: This audit is only applied to the type of auditing specified in this report and the scope of given in the results table. Other unknown security vulnerabilities are beyond auditing responsibility. Beosin (Chengdu LianAn) Technology only issues this report based on the attacks or vulnerabilities that already existed or occurred before the issuance of this report. For the emergence of new attacks or vulnerabilities that exist or occur in the future, Beosin (Chengdu LianAn) Technology lacks the capability to judge its possible impact on the security status of smart contracts, thus taking no responsibility for them. The security audit analysis and other contents of this report are based solely on the documents and materials that the contract provider has provided to Beosin (Chengdu LianAn) Technology before the issuance of this report, and the contract provider warrants that there are no missing, tampered, deleted; if the documents and materials provided by the contract provider are missing, tampered, deleted, concealed or reflected in a situation that is inconsistent with the actual situation, or if the documents and materials provided are changed after the issuance of this report, Beosin (Chengdu LianAn) Technology assumes no responsibility for the resulting loss or adverse effects. The audit report issued by Beosin (Chengdu LianAn) Technology is based on the documents and materials provided by the contract provider, and relies on the technology currently possessed by Beosin (Chengdu LianAn). Due to the technical limitations of any organization, this report conducted by Beosin (Chengdu LianAn) still has the possibility that the entire risk cannot be completely detected. Beosin (Chengdu LianAn) disclaims any liability for the resulting losses.
The final interpretation of this statement belongs to Beosin (Chengdu LianAn).
Audit Results Explained:
Beosin (Chengdu LianAn) Technology has used several methods including Formal Verification, Static Analysis, Typical Case Testing and Manual Review to audit three major aspects of smart contracts OnXFarm, including Coding Standards, Security, and Business Logic. The OnXFarm contract pass all audit items. The overall result is Pass. The smart contract is able to function properly.
Coding Conventions
Check the code style that does not conform to Solidity code style.
Compiler Version Security
Description: Check whether the code implementation of current contract contains the exposed solidity compiler bug.
Result: Pass
Deprecated Items
Description: Check whether the current contract has the deprecated items.
Result: Pass
Redundant Code
Description: Check whether the contract code has redundant codes.
Result: Pass
SafeMath Features
Description: Check whether the SafeMath has been used. Or prevents the integer overflow/underflow in mathematical operation.
Result: Pass
require/assert Usage
Description: Check the use reasonability of 'require' and 'assert' in the contract.
Result: Pass
Gas Consumption
Description: Check whether the gas consumption exceeds the block gas limitation.
Result: Pass
Visibility Specifiers
Description: Check whether the visibility conforms to design requirement.
Result: Pass
Fallback Usage
Description: Check whether the Fallback function has been used correctly in the current contract.
Result: Pass
General Vulnerability
Check whether the general vulnerabilities exist in the contract.
Integer Overflow/Underflow
Description: Check whether there is an integer overflow/underflow in the contract and the calculation result is abnormal.
Result: Pass
Reentrancy
Description: An issue when code can call back into your contract and change state, such as withdrawing ETH.
Result: Pass
Pseudo-random Number Generator (PRNG)
Description: Whether the results of random numbers can be predicted.
Result: Pass
Transaction-Ordering Dependence
Description: Whether the final state of the contract depends on the order of the transactions.
Result: Pass
DoS (Denial of Service)
Description: Whether exist DoS attack in the contract which is vulnerable because of unexpected reason.
Result: Pass
Access Control of Owner
Description: Whether the owner has excessive permissions, such as malicious issue, modifying the balance of others.
Result: Pass
Low-level Function (call/delegatecall) Security
Description: Check whether the usage of low-level functions like call/delegatecall have vulnerabilities.
Result: Pass
Returned Value Security
Description: Check whether the function checks the return value and responds to it accordingly.
Result: Pass
tx.origin Usage
Description: Check the use secure risk of 'tx.origin' in the contract.
Result: Pass
Replay Attack
Description: Check the weather the implement possibility of Replay Attack exists in the contract.
Result: Pass
Overriding Variables
Description: Check whether the variables have been overridden and lead to wrong code execution.
Result: Pass
Business Security
Check whether the business is secure.
Business analysis of Contract OnXFarm
add Function
Description: As shown in Figure 1 below, the contract implements the add function to add the Pool. The contract owner can call this function to add the Pool for the user to stake for getting the reward and store the pool-related information.
Figure 1 add Function Source Code
Related functions: add, massUpdatePools
Result: Pass
set Function
Description: As shown in Figure 2 below, contract implements set function to set the reward allocation point of the specified pool, the contract owner can call this function to set the reward allocation point of the specified pool. After the pool reward allocation point is modified, it will affect the value of OnX rewards when users withdraw or deposit tokens.
Figure 2 set Function Source Code
Related functions: set, massUpdatePools
Result: Pass
getTotalRewardInfoInSameCommonDifference Function
Description: As shown in Figure 3 below, contract implements the
getTotalRewardInfoInSameCommonDifference function to return reward between the given _from and
Related functions: getTotalRewardInfoInSameCommonDifference
Result: Pass
getTolalRewardInfo Function
Description: As shown in Figure 4 below, contract implements getTolalRewardInfo function to return reward between the given _from and _to block, this function mainly distinguishes before and after bonusEndBlock, and chooses different reward calculation parameters according to the difference before and after bonusEndBlock.
Figure 4 getTolalRewardInfo Function Source Code
Related functions: getTolalRewardInfo, getTotalRewardInfoInSameCommonDifference
Result: Pass
updatePool Function
Description: As shown in Figure 5 below, contract implements updatePool function to update pool OnX rewards and information of current block. Any user can call this function to update latest pool OnX rewards and information, and call mint function to mint all OnX rewards generated after last block update
Figure 5 updatePool Function Source Code
Related functions: updatePool, getTotalRewardInfo
Result: Pass
deposit Function
Description: As shown in Figure 6 below, the contract implements the deposit function for users to stake tokens, the user pre-approves this contract address and then calls this function to deposit tokens(require the pool is exist). Update the pool information when the user is deposited, if the user has previous deposit, calculate the user's previous deposit reward and send the reward to the user address.
Figure 6 deposit Function Source Code
Related functions: deposit, updatePool, safeOnXTransfer, safeTransferFrom
Result: Pass
withdraw Function
Description: As shown in Figure 7 below, the contract implements the withdraw function for users to withdraw deposit tokens and OnX rewards, the user can call this function to withdraw the specified amount of deposited tokens and all OnX rewards in the current block. Update pool information when users withdraw deposited tokens and OnX rewards, and transfer the specified deposited tokens and OnX rewards to the user address and update the user deposit information.
Figure 7 withdraw Function Source Code
Related functions: withdraw, updatePool, safeOnXTransfer, safeTransfer
Result: Pass
emergencyWithdraw Function
Description: As shown in Figure 8 below, the contract implements the emergencyWithdraw function for users to withdraw deposited tokens. The user can call this function to withdraw all deposited tokens in the pool. Update user deposit information and transfer all deposited tokens to the user address(Note: calling this function cannot get any deposit rewards).
Figure 8 emergencyWithdraw Function Source Code
Related functions: emergencyWithdraw, safeTransfer
Result: Pass
pendingOnX function
Description: As shown in Figure 9 below, the contract implements the pendingOnX function for users to query the number of OnX rewards that can be obtained.
Figure 9 pendingOnX Function Source Code
Related functions: pendingOnX, getTotalRewardInfo
Result: Pass
Parameter Related Function
Description: As shown in Figures 10 and 11, the contract implements the functions changeDevAddr and changeInsuranceAddr to set pool related parameters. The contract owner can call these functions to set the devAddr and insAddr.
Figure 11 changeInsuranceAddr Function Source Code
Related functions: changeDevAddr, changeInsuranceAddr
Result: Pass
Conclusion
Beosin(Chengdu LianAn) conducted a detailed audit on the design and code implementation of the smart contracts OnXFarm. All problems found during the audit have been notified to the project party, and the project party believes that no repair is needed. The overall audit result of the smart contracts OnXFarm is Pass.
https://twitter.com/Beosin_com
Audit Number:202012120933 Report Query Name: Farm
Note: Audit results and suggestions in code comments
_to block. The reward decreases in equal steps in each cycle.
Figure 3 getTotalRewardInfoInSameCommonDifference Function Source code
to this contract address. 5% of the calculated amount of tokens to be minted will be sent to devAddr address, and 2% will be sent to insAddr address. In addition, anyone can update all pools at once through calling the massUpdatePools function.
Figure 10 changeDevAddr Function Source Code
Official Website https://lianantech.com E-mail vaas@lianantech.com Twitter