> For the complete documentation index, see [llms.txt](https://waka-finance-2.gitbook.io/waka-finance/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://waka-finance-2.gitbook.io/waka-finance/documentation/audit.md). # Audit ![](/files/-M_xMt-dacwG_czyVlMd) **Smart contract security audit report** ![](/files/-M_xMt-eqF0AMOlnabwS) **Audit Number:202105131637** **Report query name:Wakaswap** **Audit Contract Link Address:** **Commit Hash:** 6aa010785104728e1dd04bdf5f51aeb801dac6fe **Start Date:2021.05.06** **Completion Date:2021.05.13** **Overall Result:Pass** **Audit Team: Beosin (Chengdu LianAn) Technology Co. Ltd.** **Audit Categories and Results:** | No. | Categories | Subitems | Results | | ----------------------------------------------- | --------------------- | -------------------------- | ------- | | 1 | Coding Conventions | Compiler Version Security | Pass | | Deprecated Items | Pass | | | | Redundant Code | Pass | | | | SafeMath Features | Pass | | | | require/assert Usage | Pass | | | | Gas Consumption | Pass | | | | Visibility Specifiers | Pass | | | | Fallback Usage | Pass | | | | 2 | General Vulnerability | Integer Overflow/Underflow | Pass | | Reentrancy | Pass | | | | Pseudo-random Number Generator (PRNG) | Pass | | | | Transaction-Ordering Dependence | Pass | | | | DoS (Denial of Service) | Pass | | | | Access Control of Owner | Pass | | | | Low-level Function (call/delegatecall) Security | Pass | | | ![](/files/-M_xMt-fnL7TASO39yIK) | | | Returned Value Security | Pass | | ------------------------ | ----------------- | ----------------------- | ---- | | tx.origin Usage | Pass | | | | Replay Attack | Pass | | | | Overriding Variables | Pass | | | | 3 | Business Security | Business Logics | Pass | | Business Implementations | Pass | | | Disclaimer:This report is made in response to the project code. No description, expression or wording in this report shall be construed as an endorsement, affirmation or confirmation of the project.This audit is only applied to the type of auditing specified in this report and the scope of given in the results table. Other unknown security vulnerabilities are beyond auditing responsibility. Beosin (Chengdu LianAn) Technology only issues this report based on the attacks or vulnerabilities that already existed or occurred before the issuance of this report. For the emergence of new attacks or vulnerabilities that exist or occur in the future, Beosin (Chengdu LianAn) Technology lacks the capability to judge its possible impact on the security status of smart contracts, thus taking no responsibility for them. The security audit analysis and other contents of this report are based solely on the documents and materials that the contract provider has provided to Beosin (Chengdu LianAn) Technology before the issuance of this report, and the contract provider warrants that there are no missing, tampered, deleted; if the documents and materials provided by the contract provider are missing, tampered, deleted, concealed or reflected in a situation that is inconsistent with the actual situation, or if the documents and materials provided are changed after the issuance of this report, Beosin (Chengdu LianAn) Technology assumes no responsibility for the resulting loss or adverse effects. The audit report issued by Beosin (Chengdu LianAn) Technology is based on the documents and materials provided by the contract provider, and relies on the technology currently possessed by Beosin (Chengdu LianAn). Due to the technical limitations of any organization, this report conducted by Beosin (Chengdu LianAn) still has the possibility that the entire risk cannot be completely detected. Beosin (Chengdu LianAn) disclaims any liability for the resulting losses. The final interpretation of this statement belongs to Beosin (Chengdu LianAn). **Audit Results Explained:** Beosin (Chengdu LianAn) Technology has used several methods including Formal Verification, Static Analysis, Typical Case Testing and Manual Review to audit three major aspects of smart contracts project Wakaswap, including Coding Standards, Security, and Business Logic. **The Wakaswap project passed all audit items. The overall result is Pass. The smart contract is able to function properly.** **Audit Contents:** **1. Coding Conventions** Check the code style that does not conform to Solidity code style. 1.1 Compiler Version Security ![](/files/-M_xMt-gt_ESIagjnGj8) ● Description: Check whether the code implementation of current contract contains the exposed solidity compiler bug. ● Result: Pass 1.2 Deprecated Items ● Description: Check whether the current contract has the deprecated items. ● Result: Pass 1.3 Redundant Code ● Description: Check whether the contract code has redundant codes. ● Result: Pass 1.4 SafeMath Features ● Description: Check whether the SafeMath has been used. Or prevents the integer overflow/underflow in mathematical operation. ● Result: Pass 1.5 require/assert Usage ● Description: Check the use reasonability of 'require' and 'assert' in the contract. ● Result: Pass 1.6 Gas Consumption ● Description: Check whether the gas consumption exceeds the block gas limitation. ● Result: Pass 1.7 Visibility Specifiers ● Description: Check whether the visibility conforms to design requirement. ● Result: Pass 1.8 Fallback Usage ● Description: Check whether the Fallback function has been used correctly in the current contract. ● Result: Pass **2. General Vulnerability** Check whether the general vulnerabilities exist in the contract. 2.1 Integer Overflow/Underflow ● Description: Check whether there is an integer overflow/underflow in the contract and the calculation result is abnormal. ● Result: Pass 2.2 Reentrancy ● Description: An issue when code can call back into your contract and change state, such as withdrawing HT. ● Result: Pass ![](/files/-M_xMt-h1jXQ-OQ7sfdU) 2.3 Pseudo-random Number Generator (PRNG) ● Description: Whether the results of random numbers can be predicted. ● Result: Pass 2.4 Transaction-Ordering Dependence ● Description: Whether the final state of the contract depends on the order of the transactions. ● Result: Pass 2.5 DoS (Denial of Service) ● Description: Whether exist DoS attack in the contract which is vulnerable because of unexpected reason. ● Result: Pass 2.6 Access Control of Owner ● Description: Whether the owner has excessive permissions, such as malicious issue, modifying the balance of others. ● Result: Pass 2.7 Low-level Function (call/delegatecall) Security ● Description: Check whether the usage of low-level functions like call/delegatecall have vulnerabilities. ● Result: Pass 2.8 Returned Value Security ● Description: Check whether the function checks the return value and responds to it accordingly. ● Result: Pass 2.9 tx.origin Usage ● Description: Check the use secure risk of 'tx.origin' in the contract. ● Result: Pass 2.10 Replay Attack ● Description: Check whether the implement possibility of Replay Attack exists in the contract. ● Result: Pass 2.11 Overriding Variables ● Description: Check whether the variables have been overridden and lead to wrong code execution. ● Result: Pass **3. Business Security** 3.1 Contracts of wakaswap audit (1) WakaSwapFactory ![](/files/-M_xMt-i-8y_TdSxxP8x) ● Description: This contract implements the function of creating and recording transaction pair contracts. Users can create transaction pairs by calling the *createPair* function of this contract. ● Related functions: *allPairsLength, pairCodeHash, createPair, setFeeTo, setMigrator, setFeeToSetter* ● Result: Pass (2) WakaSwapPair ● Description: This contract implements the trading pool based on the AMM principle, and users can exchange tokens in this trading pool. ● Related functions: *getReserves, mint, burn, swap, skim, sync* ● Result: Pass (3) WakaSwapRouter02 ● Description: This contract implements a convenient routing function for users. Users can interact with the transaction pool through this contract. ● Related functions: *addLiquidity, removeLiquidity, removeLiquidityWithPermit,* *swapExactTokensForTokens* ● Result: Pass 3.2 WakaBar Contract audit (1) *enter* function ● Description: The *enter* function implements the user to exchange WAKA token for xWAKA. The user calls this function to pass in the specified WAKA tokens, and the function returns the corresponding xWAKA tokens to the user according to the current ratio. ![](/files/-M_xMt-jYhFTASiCH06j) ![](/files/-M_xMt-k5BOyFgt3QGon)Figure 1 Source code screenshot of *enter* function ● Related functions: *enter, transferFrom, \_mint* ● Result: Pass (2) *leave* function ● Description: The *leave* function implements the users using xWAKA to exchange WAKA, the user calls this function and specifies the number of xWAKA to exchange WAKA. ![](/files/-M_xMt-lQRHDOeFDxw9M)Figure 2 Source code screenshot of *leave* function ● Related functions: *leave, \_burn, transfer* ● Result: Pass 3.3 WakaFarm Contract audit (1) *add* function ● Description: The owner address can call the *add* function to add a new pool. **When adding a new pool, if mining has already started, \_withUpdate must be true, otherwise it will affect the rewards of other pools.** ![](/files/-M_xMt-mWTTjlN7YV5b0) ![](/files/-M_xMt-nbrdMzEWLpYZI)Figure 3 Source code screenshot of *add* function ● Related functions: *add, massUpdatePools* ● Result: Pass (2) *updatePool* function ● Description: This function implements the reward update of the specified pool. Anyone can call this function to update the reward of the specified pool and mint tokens into this contract. **It should be noted that this contract does not support add reward token pool. Otherwise it will be calculated incorrectly.** ![](/files/-M_xMt-o34arGEjfZt4K) Figure 4 Source code screenshot of *updatePool* function ● Related functions: *getTotalRewardInfo, mintTo* ● Result: Pass (3) *deposit* function ![](/files/-M_xMt-pZyJcLSSzciUt) ● Description: Users can deposit the specified tokens in the contract to get rewards by calling this function. ![](/files/-M_xMt-ql3YK-JVTccsX)Figure 5 Source code screenshot of *deposit* function ● Related functions: *updatePool, safeWakaTransfer, safeTransferFrom* ● Result: Pass (4) *withdraw* function ● Description: The user withdraws the principal of the specified amount of deposited by calling this function, and settles the current reward at the same time. ![](/files/-M_xMt-r9s8_9XzBGRUw)Figure 6 Source code screenshot of *withdraw* function ● Related functions: *updatePool, safeWakaTransfer, safeTransfer* ● Result: Pass 3.4 WakaTimeFarm Contract audit ![](/files/-M_xMt-sR_lm1zuo9-CD) This contract is the same as the WakaFarm contract. The main change is that the calculation of rewards has changed from block to time as the base. 3.5 WakaMaker Contract audit (1) *setBridgeFor* function ● Description: This function implements the setting of the bridge map, which is used to provide the path when convert. ![](/files/-M_xMt-t7LhQEvEHibyU)Figure 7 Source code screenshot of *setBridgeFor* function ● Related functions: *setBridge* ● Result: Pass (2) *\_convertStep* function ● Description: This internal function is the core of this contract. The designated token will be converted to WAKA and sent to the Wakabar contract. Different tokens will have different exchange paths. ![](/files/-M_xMt-uvia0nw2drlix) ![](/files/-M_xMt-v8lg06tSC4FG0)Figure 8 Source code screenshot of *\_convertStep* function ● Related functions: *safeTransfer, \_toWAKA, \_swap, \_convertStep* ● Result: Pass (3) *\_swap* function ![](/files/-M_xMt-wf4u-XhadEVsq) ● Description: This function implements the function of exchange tokens. ![](/files/-M_xMt-xZ82sW_GXg68G)Figure 9 Source code screenshot of *\_swap* function ● Related functions: *\_sawp, getPair, getReserves, safeTransfer, swap* ● Result: Pass 3.6 WakaTimelock Contract audit (1) *deposit* function ● Description: This function is used by the locker to deposit tokens into the contract and update the start time. ![](/files/-M_xMt-ymWd2GG7Pi2jt) ![](/files/-M_xMt-zVfBLE6QU9hWu)Figure 10 Source code screenshot of *deposit* function ● Related functions: *getBlockTimestamp, safeTransferFrom* ● Result: Pass (2) *release* function ● Description: This function implements the function of the beneficiary withdrawing the regular release tokens. On the premise of meeting the time, calling once will release a fixed \_releaseAmount tokens and beneficiaries. ![](/files/-M_xMt0-4HIpu0mhhY44)Figure 11 Source code screenshot of *release* function ● Related functions: *release, safeTransferFrom* ● Result: Pass **4. Conclusion** ![](/files/-M_xMt00ylCdWj9a4HvN) Beosin(Chengdu LianAn) conducted a detailed audit on the design and code implementation of the smart contracts project Wakaswap. The problems found by the audit team during the audit process have been notified to the project party and reached an agreement on the repair results. The overall audit result of the Wakaswap project's smart contracts is **Pass**. ![](/files/-M_xMt01HdWBrNiy09uA)![](/files/-M_xMt020q119jqyEb9Y) **Official Website** **E-mail** **Twitter** --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://waka-finance-2.gitbook.io/waka-finance/documentation/audit.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.