Audit
Complete Audit Report
Last updated
Complete Audit Report
Last updated
Smart contract security audit report
Audit Number:202105131637
Report query name:Wakaswap
Audit Contract Link Address:
https://github.com/waka-waka-swap/waka-contracts/tree/master/contracts
Commit Hash:
6aa010785104728e1dd04bdf5f51aeb801dac6fe
Start Date:2021.05.06
Completion Date:2021.05.13
Overall Result:Pass
Audit Team: Beosin (Chengdu LianAn) Technology Co. Ltd.
Audit Categories and Results:
No.
Categories
Subitems
Results
1
Coding Conventions
Compiler Version Security
Pass
Deprecated Items
Pass
Redundant Code
Pass
SafeMath Features
Pass
require/assert Usage
Pass
Gas Consumption
Pass
Visibility Specifiers
Pass
Fallback Usage
Pass
2
General Vulnerability
Integer Overflow/Underflow
Pass
Reentrancy
Pass
Pseudo-random Number Generator (PRNG)
Pass
Transaction-Ordering Dependence
Pass
DoS (Denial of Service)
Pass
Access Control of Owner
Pass
Low-level Function (call/delegatecall) Security
Pass
Returned Value Security
Pass
tx.origin Usage
Pass
Replay Attack
Pass
Overriding Variables
Pass
3
Business Security
Business Logics
Pass
Business Implementations
Pass
Disclaimer:This report is made in response to the project code. No description, expression or wording in this report shall be construed as an endorsement, affirmation or confirmation of the project.This audit is only applied to the type of auditing specified in this report and the scope of given in the results table. Other unknown security vulnerabilities are beyond auditing responsibility. Beosin (Chengdu LianAn) Technology only issues this report based on the attacks or vulnerabilities that already existed or occurred before the issuance of this report. For the emergence of new attacks or vulnerabilities that exist or occur in the future, Beosin (Chengdu LianAn) Technology lacks the capability to judge its possible impact on the security status of smart contracts, thus taking no responsibility for them. The security audit analysis and other contents of this report are based solely on the documents and materials that the contract provider has provided to Beosin (Chengdu LianAn) Technology before the issuance of this report, and the contract provider warrants that there are no missing, tampered, deleted; if the documents and materials provided by the contract provider are missing, tampered, deleted, concealed or reflected in a situation that is inconsistent with the actual situation, or if the documents and materials provided are changed after the issuance of this report, Beosin (Chengdu LianAn) Technology assumes no responsibility for the resulting loss or adverse effects. The audit report issued by Beosin (Chengdu LianAn) Technology is based on the documents and materials provided by the contract provider, and relies on the technology currently possessed by Beosin (Chengdu LianAn). Due to the technical limitations of any organization, this report conducted by Beosin (Chengdu LianAn) still has the possibility that the entire risk cannot be completely detected. Beosin (Chengdu LianAn) disclaims any liability for the resulting losses.
The final interpretation of this statement belongs to Beosin (Chengdu LianAn).
Audit Results Explained:
Beosin (Chengdu LianAn) Technology has used several methods including Formal Verification, Static Analysis, Typical Case Testing and Manual Review to audit three major aspects of smart contracts project Wakaswap, including Coding Standards, Security, and Business Logic. The Wakaswap project passed all audit items. The overall result is Pass. The smart contract is able to function properly.
Audit Contents:
1. Coding Conventions
Check the code style that does not conform to Solidity code style.
1.1 Compiler Version Security
● Description: Check whether the code implementation of current contract contains the exposed solidity compiler bug.
● Result: Pass
1.2 Deprecated Items
● Description: Check whether the current contract has the deprecated items.
● Result: Pass
1.3 Redundant Code
● Description: Check whether the contract code has redundant codes.
● Result: Pass
1.4 SafeMath Features
● Description: Check whether the SafeMath has been used. Or prevents the integer overflow/underflow in mathematical operation.
● Result: Pass
1.5 require/assert Usage
● Description: Check the use reasonability of 'require' and 'assert' in the contract.
● Result: Pass
1.6 Gas Consumption
● Description: Check whether the gas consumption exceeds the block gas limitation. ● Result: Pass
1.7 Visibility Specifiers
● Description: Check whether the visibility conforms to design requirement.
● Result: Pass
1.8 Fallback Usage
● Description: Check whether the Fallback function has been used correctly in the current contract. ● Result: Pass
2. General Vulnerability
Check whether the general vulnerabilities exist in the contract.
2.1 Integer Overflow/Underflow
● Description: Check whether there is an integer overflow/underflow in the contract and the calculation result is abnormal.
● Result: Pass
2.2 Reentrancy
● Description: An issue when code can call back into your contract and change state, such as withdrawing HT.
● Result: Pass
2.3 Pseudo-random Number Generator (PRNG)
● Description: Whether the results of random numbers can be predicted.
● Result: Pass
2.4 Transaction-Ordering Dependence
● Description: Whether the final state of the contract depends on the order of the transactions. ● Result: Pass
2.5 DoS (Denial of Service)
● Description: Whether exist DoS attack in the contract which is vulnerable because of unexpected reason.
● Result: Pass
2.6 Access Control of Owner
● Description: Whether the owner has excessive permissions, such as malicious issue, modifying the balance of others.
● Result: Pass
2.7 Low-level Function (call/delegatecall) Security
● Description: Check whether the usage of low-level functions like call/delegatecall have vulnerabilities.
● Result: Pass
2.8 Returned Value Security
● Description: Check whether the function checks the return value and responds to it accordingly. ● Result: Pass
2.9 tx.origin Usage
● Description: Check the use secure risk of 'tx.origin' in the contract.
● Result: Pass
2.10 Replay Attack
● Description: Check whether the implement possibility of Replay Attack exists in the contract. ● Result: Pass
2.11 Overriding Variables
● Description: Check whether the variables have been overridden and lead to wrong code execution. ● Result: Pass
3. Business Security
3.1 Contracts of wakaswap audit (1) WakaSwapFactory
● Description: This contract implements the function of creating and recording transaction pair contracts. Users can create transaction pairs by calling the createPair function of this contract.
● Related functions: allPairsLength, pairCodeHash, createPair, setFeeTo, setMigrator, setFeeToSetter ● Result: Pass
(2) WakaSwapPair
● Description: This contract implements the trading pool based on the AMM principle, and users can exchange tokens in this trading pool.
● Related functions: getReserves, mint, burn, swap, skim, sync
● Result: Pass
(3) WakaSwapRouter02
● Description: This contract implements a convenient routing function for users. Users can interact with the transaction pool through this contract.
● Related functions: addLiquidity, removeLiquidity, removeLiquidityWithPermit,
swapExactTokensForTokens
● Result: Pass
3.2 WakaBar Contract audit
(1) enter function
● Description: The enter function implements the user to exchange WAKA token for xWAKA. The user calls this function to pass in the specified WAKA tokens, and the function returns the corresponding xWAKA tokens to the user according to the current ratio.
● Related functions: enter, transferFrom, _mint
● Result: Pass
(2) leave function
● Description: The leave function implements the users using xWAKA to exchange WAKA, the user calls this function and specifies the number of xWAKA to exchange WAKA.
● Related functions: leave, _burn, transfer
● Result: Pass
3.3 WakaFarm Contract audit
(1) add function
● Description: The owner address can call the add function to add a new pool. When adding a new pool, if mining has already started, _withUpdate must be true, otherwise it will affect the rewards of other pools.
● Related functions: add, massUpdatePools
● Result: Pass
(2) updatePool function
● Description: This function implements the reward update of the specified pool. Anyone can call this function to update the reward of the specified pool and mint tokens into this contract. It should be noted that this contract does not support add reward token pool. Otherwise it will be calculated incorrectly.
Figure 4 Source code screenshot of updatePool function
● Related functions: getTotalRewardInfo, mintTo
● Result: Pass
(3) deposit function
● Description: Users can deposit the specified tokens in the contract to get rewards by calling this function.
● Related functions: updatePool, safeWakaTransfer, safeTransferFrom
● Result: Pass
(4) withdraw function
● Description: The user withdraws the principal of the specified amount of deposited by calling this function, and settles the current reward at the same time.
● Related functions: updatePool, safeWakaTransfer, safeTransfer
● Result: Pass
3.4 WakaTimeFarm Contract audit
This contract is the same as the WakaFarm contract. The main change is that the calculation of rewards has changed from block to time as the base.
3.5 WakaMaker Contract audit
(1) setBridgeFor function
● Description: This function implements the setting of the bridge map, which is used to provide the path when convert.
● Related functions: setBridge
● Result: Pass
(2) _convertStep function
● Description: This internal function is the core of this contract. The designated token will be converted to WAKA and sent to the Wakabar contract. Different tokens will have different exchange paths.
● Related functions: safeTransfer, _toWAKA, _swap, _convertStep
● Result: Pass (3) _swap function
● Description: This function implements the function of exchange tokens.
● Related functions: _sawp, getPair, getReserves, safeTransfer, swap
● Result: Pass
3.6 WakaTimelock Contract audit
(1) deposit function
● Description: This function is used by the locker to deposit tokens into the contract and update the start time.
● Related functions: getBlockTimestamp, safeTransferFrom
● Result: Pass
(2) release function
● Description: This function implements the function of the beneficiary withdrawing the regular release tokens. On the premise of meeting the time, calling once will release a fixed _releaseAmount tokens and beneficiaries.
● Related functions: release, safeTransferFrom
● Result: Pass
4. Conclusion
Beosin(Chengdu LianAn) conducted a detailed audit on the design and code implementation of the smart contracts project Wakaswap. The problems found by the audit team during the audit process have been notified to the project party and reached an agreement on the repair results. The overall audit result of the Wakaswap project's smart contracts is Pass.
Official Website
https://lianantech.com
vaas@lianantech.com
https://twitter.com/Beosin_com
Figure 1 Source code screenshot of enter function
Figure 2 Source code screenshot of leave function
Figure 3 Source code screenshot of add function
Figure 5 Source code screenshot of deposit function
Figure 6 Source code screenshot of withdraw function
Figure 7 Source code screenshot of setBridgeFor function
Figure 8 Source code screenshot of _convertStep function
Figure 9 Source code screenshot of _swap function
Figure 10 Source code screenshot of deposit function
Figure 11 Source code screenshot of release function