SuperShiba.Exchange x Solid Group: Audit Results
Auditing Process
Solid Group’s auditing process goes in-depth and covers a wide range of token code characteristics. The main things the audit checks for are vulnerabilities and imminent risks to the safety and security of the code, Solid Group does an extensive auditing process intending to help their customers increase their code quality while reducing the high level of risk presented by cryptographic tokens and blockchain technology.
Contract BSC
treats | masterchef | factory | router | Timelock
Highlights of the process
✅BEP-20’s Conformance
✅ The token cannot be minted externally, it can only be minted by the owner which is already set to MasterChef contract
✅ No issues were found
Findings
Issue #1 |🔍 Location masterchef.sol | Owner Capabilities | 🔴 High Severity | Status: Fixed ✅
Description
The contract takes a deposit fee when staking is applied, however, there is no limitation for the deposit fee value. This might cause the owner of the contract to set the _depositFeeBP variable to 100% and take 100% of the new user staking.
Recommendation
Our recommendation is to set a high limit for_depositFee variable via add() and set() functions.
✅ The team fixed this issue by adding the following restriction on both add and set functions
require(_depositFeeBP <= 1000, “add: invalid deposit fee basis points”);Issue #2 |🔍 Location masterchef.sol | Volatile Code | 🔴 Low Severity | Status: Not Fixed ❌
Description
The implementation of _lpToken parameter and safeTransfer() function is unknown, both of them are being used widely across contract.
That being said, they may have a malicious logical implementation that calls to the function deposit(), and as a result could lead to another invocation of safeTransfer() without updating user.amount variable.
This could jeopardize user.amount and it will cause a miscalculation in user’s balance eventually.
Issue #3 | 🔍 Location masterchef.sol |Best Practice| 🔴 Low Severity | Status: Not Fixed ❌
Description:
Return values of external functions calls are being ignored and not reviewed. i.e. the return value of transfer() function transfer is being ignored via safeEggTransfer() function.
Issue #4 | 🔍 Location masterchef.sol |Best Practice| 🟢 Informational Severity | Status: Not Fixed ❌
Description
Missing events for critical operations. Note that events are highly important for the integration with certain DApps in the future. Functions that we have inspected that suffer from lack of events:
- Dev
- setFeeAddress()
- updateEmissionRate()
Issue #4 |🔍 Location factory.sol | Best Practice| 🔴 High Severity | Status: Not Fixed ❌
Description:
Only feeToSetter address has permissions to create new pairs in the system. Mishandling a private key could cause devastating consequences on the project as a whole.
Recommendation:
Our recommendation is to have a list of authorized users in order to handle this kind of tasks. If one address crashes you will have additional backups that can support the contract.
Vulnerability Summary
Summary
The contract has one high severity issue, one informational and 2 low severity issues.
About SuperShiba.Exchange
The Super Shiba DEX is something revolutionary that the BSC has been in need of- this exchange will only featured fully audited and KYC’d tokens so that team has approved to list on the exchange. This means when a token is listed on the exchange you can know it’s a safe investment. The team are fully DOXXED, and the roadmap is full of amazing moves. The platform will have lucrative farms and pools, a lottery and even a presale platform.
🌏 Website |🗣 Telegram | 🐦 Twitter
About Solid Group
Solid Group is a blockchain consulting and auditing service provider, founded by 3 cybersecurity experts with a passion for thinking out of the box, learning, and sharing knowledge. Every project goes through a meticulous process and is viewed by at least two partners, thereby achieving a high level of credibility and professionalism. Our group is partnered with multiple organizations and launchpads that have a combined market cap of over 400 million USD.
📣 Telegram| 🗣Telegram discussion group |🐦 Twitter |🛡 Contact for audit
Disclaimer
SolidGroup reports are not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. These reports are not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team. Solid Group do not cover testing or auditing the integration with external contract or services (such as Unicrypt, Uniswap, PancakeSwap etc’…)
SolidGroup Audits do not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors. SolidGroup Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort. SolidGroup Reports represent an extensive auditing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. SolidGroup’s position is that each company and individual are responsible for their own due diligence and continuous security. SolidGroup in no way claims any guarantee of security or functionality of the technology we agree to analyze.
