Cross Chain Farming smart contracts final audit report
Audit by: HashEx
Prepared for: Cross Chain Farming
This audit report was generated for Cross Chain Farming with CryptEx token constructor. The audited code is deployed at 0x7f9528b913A99989B88104b633D531241591A358 in
Binance Smart Chain (BSC).
The purpose of this audit was to achieve the following:
Identify potential security issues with smart contracts. Formally check the logic behind given smart contracts.
Information in this report should be used to understand the risk exposure of smart contracts, and as a guide to improving the security posture of smart contracts by remediating the issues that were identified.
We hereby verify that the generated token has identical bytecode with the original audited token. The external audit of the same code was conducted by PaladinSec.
Contract
ReflectToken
Implementation of ERC20 token standard with the custom functionality of auto-yield by burning tokens and distributing the fees on transfers. Also has a marketing fee. Default fees values are: distributed between users (3%), automatic addition to liquidity(1%), burning (2%).
Issues
#01. addLiquidity() recipient
Severity: Medium
Status: Acknowledged
addLiquidity()
function calls for swapRouter.addLiquidityETH()
function with the parameter of LP tokens recipient set to the liquidityAddress. With time the liquidityAddress may accumulate a significant amount of LP tokens which may be dangerous for token economics if the owner acts maliciously or their account gets compromised. The owner can change the liquidityAddress address.
Recommendation: Investors should check if the liquidity is actually locked.
#02. No slippage checks on swaps and adding liquidity
Severity: Medium
Status: Acknowledged
The functions _swapTokensForBNB()
and addLiquidity()
do not perform slippage checks. The transactions may be front-runned.
Recommendation: This is an architectural decision, but the owner of the token should be aware that if the liqThreshold
parameter is set to a big value it creates incentives on frontrun attacks.
#03. General recommendations
Severity: Low
Status: Acknowledged
We recommend adding a documentation section to the Project website to track any changes in token parameters made by the owner.
Conclusion
The audited contract is ERC20 token with a Reflect.finance auto-yield model with some changes such as the ability to swap itself to BNB and to add liquidity. The audited contract was generated with CryptEx token constructor.
No high severity issues were found.
The audited code is deployed at 0x7f9528b913A99989B88104b633D531241591A358 in Binance Smart Chain (BSC).
Audit includes recommendations on the code improving and preventing potential attacks.
Blockchain Security
References
1. CryptEx token constructor
2. Audit by PaladinSec
3. Reflect.finace github repo
HashEx website: https://hashex.org
Request an audit