Audit

Complete Audit Report

Smart contract security audit report

Audit Number：202105131637

Report query name：Wakaswap

Audit Contract Link Address：

https://github.com/waka-waka-swap/waka-contracts/tree/master/contracts

Commit Hash：

6aa010785104728e1dd04bdf5f51aeb801dac6fe

Start Date：2021.05.06

Completion Date：2021.05.13

Overall Result：Pass

Audit Team: Beosin (Chengdu LianAn) Technology Co. Ltd.

Audit Categories and Results:

No.	Categories	Subitems	Results
1	Coding Conventions	Compiler Version Security	Pass
Deprecated Items	Pass
Redundant Code	Pass
SafeMath Features	Pass
require/assert Usage	Pass
Gas Consumption	Pass
Visibility Specifiers	Pass
Fallback Usage	Pass
2	General Vulnerability	Integer Overflow/Underflow	Pass
Reentrancy	Pass
Pseudo-random Number Generator (PRNG)	Pass
Transaction-Ordering Dependence	Pass
DoS (Denial of Service)	Pass
Access Control of Owner	Pass
Low-level Function (call/delegatecall) Security	Pass

		Returned Value Security	Pass
tx.origin Usage	Pass
Replay Attack	Pass
Overriding Variables	Pass
3	Business Security	Business Logics	Pass
Business Implementations	Pass

Disclaimer:This report is made in response to the project code. No description, expression or wording in this report shall be construed as an endorsement, affirmation or confirmation of the project.This audit is only applied to the type of auditing specified in this report and the scope of given in the results table. Other unknown security vulnerabilities are beyond auditing responsibility. Beosin (Chengdu LianAn) Technology only issues this report based on the attacks or vulnerabilities that already existed or occurred before the issuance of this report. For the emergence of new attacks or vulnerabilities that exist or occur in the future, Beosin (Chengdu LianAn) Technology lacks the capability to judge its possible impact on the security status of smart contracts, thus taking no responsibility for them. The security audit analysis and other contents of this report are based solely on the documents and materials that the contract provider has provided to Beosin (Chengdu LianAn) Technology before the issuance of this report, and the contract provider warrants that there are no missing, tampered, deleted; if the documents and materials provided by the contract provider are missing, tampered, deleted, concealed or reflected in a situation that is inconsistent with the actual situation, or if the documents and materials provided are changed after the issuance of this report, Beosin (Chengdu LianAn) Technology assumes no responsibility for the resulting loss or adverse effects. The audit report issued by Beosin (Chengdu LianAn) Technology is based on the documents and materials provided by the contract provider, and relies on the technology currently possessed by Beosin (Chengdu LianAn). Due to the technical limitations of any organization, this report conducted by Beosin (Chengdu LianAn) still has the possibility that the entire risk cannot be completely detected. Beosin (Chengdu LianAn) disclaims any liability for the resulting losses.

The final interpretation of this statement belongs to Beosin (Chengdu LianAn).

Audit Results Explained:

Beosin (Chengdu LianAn) Technology has used several methods including Formal Verification, Static Analysis, Typical Case Testing and Manual Review to audit three major aspects of smart contracts project Wakaswap, including Coding Standards, Security, and Business Logic. The Wakaswap project passed all audit items. The overall result is Pass. The smart contract is able to function properly.

Audit Contents:

1. Coding Conventions

Check the code style that does not conform to Solidity code style.

1.1 Compiler Version Security

● Description: Check whether the code implementation of current contract contains the exposed solidity compiler bug.

● Result: Pass

1.2 Deprecated Items

● Description: Check whether the current contract has the deprecated items.

● Result: Pass

1.3 Redundant Code

● Description: Check whether the contract code has redundant codes.

● Result: Pass

1.4 SafeMath Features

● Description: Check whether the SafeMath has been used. Or prevents the integer overflow/underflow in mathematical operation.

● Result: Pass

1.5 require/assert Usage

● Description: Check the use reasonability of 'require' and 'assert' in the contract.

● Result: Pass

1.6 Gas Consumption

● Description: Check whether the gas consumption exceeds the block gas limitation. ● Result: Pass

1.7 Visibility Specifiers

● Description: Check whether the visibility conforms to design requirement.

● Result: Pass

1.8 Fallback Usage

● Description: Check whether the Fallback function has been used correctly in the current contract. ● Result: Pass

2. General Vulnerability

Check whether the general vulnerabilities exist in the contract.

2.1 Integer Overflow/Underflow

● Description: Check whether there is an integer overflow/underflow in the contract and the calculation result is abnormal.

● Result: Pass

2.2 Reentrancy

● Description: An issue when code can call back into your contract and change state, such as withdrawing HT.

● Result: Pass

2.3 Pseudo-random Number Generator (PRNG)

● Description: Whether the results of random numbers can be predicted.

● Result: Pass

2.4 Transaction-Ordering Dependence

● Description: Whether the final state of the contract depends on the order of the transactions. ● Result: Pass

2.5 DoS (Denial of Service)

● Description: Whether exist DoS attack in the contract which is vulnerable because of unexpected reason.

● Result: Pass

2.6 Access Control of Owner

● Description: Whether the owner has excessive permissions, such as malicious issue, modifying the balance of others.

● Result: Pass

2.7 Low-level Function (call/delegatecall) Security

● Description: Check whether the usage of low-level functions like call/delegatecall have vulnerabilities.

● Result: Pass

2.8 Returned Value Security

● Description: Check whether the function checks the return value and responds to it accordingly. ● Result: Pass

2.9 tx.origin Usage

● Description: Check the use secure risk of 'tx.origin' in the contract.

● Result: Pass

2.10 Replay Attack

● Description: Check whether the implement possibility of Replay Attack exists in the contract. ● Result: Pass

2.11 Overriding Variables

● Description: Check whether the variables have been overridden and lead to wrong code execution. ● Result: Pass

3. Business Security

3.1 Contracts of wakaswap audit (1) WakaSwapFactory

● Description: This contract implements the function of creating and recording transaction pair contracts. Users can create transaction pairs by calling the createPair function of this contract.

● Related functions: allPairsLength, pairCodeHash, createPair, setFeeTo, setMigrator, setFeeToSetter ● Result: Pass

(2) WakaSwapPair

● Description: This contract implements the trading pool based on the AMM principle, and users can exchange tokens in this trading pool.

● Related functions: getReserves, mint, burn, swap, skim, sync

● Result: Pass

(3) WakaSwapRouter02

● Description: This contract implements a convenient routing function for users. Users can interact with the transaction pool through this contract.

● Related functions: addLiquidity, removeLiquidity, removeLiquidityWithPermit,

swapExactTokensForTokens

● Result: Pass

3.2 WakaBar Contract audit

(1) enter function

● Description: The enter function implements the user to exchange WAKA token for xWAKA. The user calls this function to pass in the specified WAKA tokens, and the function returns the corresponding xWAKA tokens to the user according to the current ratio.

Figure 1 Source code screenshot of enter function

● Related functions: enter, transferFrom, _mint

● Result: Pass

(2) leave function

● Description: The leave function implements the users using xWAKA to exchange WAKA, the user calls this function and specifies the number of xWAKA to exchange WAKA.

Figure 2 Source code screenshot of leave function

● Related functions: leave, _burn, transfer

● Result: Pass

3.3 WakaFarm Contract audit

(1) add function

● Description: The owner address can call the add function to add a new pool. When adding a new pool, if mining has already started, _withUpdate must be true, otherwise it will affect the rewards of other pools.

Figure 3 Source code screenshot of add function

● Related functions: add, massUpdatePools

● Result: Pass

(2) updatePool function

● Description: This function implements the reward update of the specified pool. Anyone can call this function to update the reward of the specified pool and mint tokens into this contract. It should be noted that this contract does not support add reward token pool. Otherwise it will be calculated incorrectly.

Figure 4 Source code screenshot of updatePool function

● Related functions: getTotalRewardInfo, mintTo

● Result: Pass

(3) deposit function

● Description: Users can deposit the specified tokens in the contract to get rewards by calling this function.

Figure 5 Source code screenshot of deposit function

● Related functions: updatePool, safeWakaTransfer, safeTransferFrom

● Result: Pass

(4) withdraw function

● Description: The user withdraws the principal of the specified amount of deposited by calling this function, and settles the current reward at the same time.

Figure 6 Source code screenshot of withdraw function

● Related functions: updatePool, safeWakaTransfer, safeTransfer

● Result: Pass

3.4 WakaTimeFarm Contract audit

This contract is the same as the WakaFarm contract. The main change is that the calculation of rewards has changed from block to time as the base.

3.5 WakaMaker Contract audit

(1) setBridgeFor function

● Description: This function implements the setting of the bridge map, which is used to provide the path when convert.

Figure 7 Source code screenshot of setBridgeFor function

● Related functions: setBridge

● Result: Pass

(2) _convertStep function

● Description: This internal function is the core of this contract. The designated token will be converted to WAKA and sent to the Wakabar contract. Different tokens will have different exchange paths.

Figure 8 Source code screenshot of _convertStep function

● Related functions: safeTransfer, _toWAKA, _swap, _convertStep

● Result: Pass (3) _swap function

● Description: This function implements the function of exchange tokens.

Figure 9 Source code screenshot of _swap function

● Related functions: _sawp, getPair, getReserves, safeTransfer, swap

● Result: Pass

3.6 WakaTimelock Contract audit

(1) deposit function

● Description: This function is used by the locker to deposit tokens into the contract and update the start time.

Figure 10 Source code screenshot of deposit function

● Related functions: getBlockTimestamp, safeTransferFrom

● Result: Pass

(2) release function

● Description: This function implements the function of the beneficiary withdrawing the regular release tokens. On the premise of meeting the time, calling once will release a fixed _releaseAmount tokens and beneficiaries.

Figure 11 Source code screenshot of release function

● Related functions: release, safeTransferFrom

● Result: Pass

4. Conclusion

Beosin(Chengdu LianAn) conducted a detailed audit on the design and code implementation of the smart contracts project Wakaswap. The problems found by the audit team during the audit process have been notified to the project party and reached an agreement on the repair results. The overall audit result of the Wakaswap project's smart contracts is Pass.

Official Website

https://lianantech.com

E-mail

vaas@lianantech.com

Twitter

https://twitter.com/Beosin_com