Cronus Audit Report
Copyright © 2022 by Verilog Solutions. All rights reserved.June 15, 2022
by Verilog Solutions

This report presents our engineering engagement with Cronus Finance, a decentralized exchange deployed on the EVMOS ecosystem. Cronus Finance is an AMM DEX with liquidity mining rewards. Cronus Finance has its own governance token, $CRN, which can be staked into $sCRN and earn staking rewards denominated in stablecoin.
Project Name | Cronus Finance Protocol |
---|---|
Repository Link | https://github.com/cronus-finance/cronus-core/tree/main |
Commit Hash | 06820480fcf5bfe6906d5ddae0ff52f3e0907d0f |
Language | Solidity |
Chain | EVMOS |
About Verilog Solutions
About Verilog Solutions
Founded by a group of cryptography researchers and smart contract engineers in North America, Verilog Solutions elevates the security standard for Web3 ecosystems by being a full-stack Web3 security firm covering smart contract security, consensus security, and operational security for Web3 projects.
Verilog Solutions team works closely with major ecosystems and Web3 projects and applies a quality above quantity approach with a continuous security model. Verilog Solutions onboards the best and most innovative projects and provides the best-in-class advisory service on security needs, including on-chain and off-chain components.
Table of Contents
Table of Contents
Service Scope
Service Scope
Service Stages
Service Stages
Our auditing service includes the following two stages:
- Pre-Audit Consulting Service
- As a part of the pre-audit service, the Verilog team worked closely with the project development team to discuss potential vulnerability and smart contract development best practices. Verilog team is very appreciative of establishing an efficient and effective communication channel with the project team, as new findings are often exchanged promptly and fixes were deployed quickly, during the preliminary report stage.
- Smart Contract Auditing Service
- Verilog Solutions team analyzed the entire project using a detailed-oriented approach to capture the fundamental logic and suggested improvements to the existing code. Details can be found under Findings & Improvement Suggestions
Methodology
Methodology
- Code Assessment
- We evaluate the overall quality of the code and comments as well as the architecture of the repository.
- We help the project dev team improve the overall quality of the repository by providing suggestions on refactorization to follow the best practice of Web3 software engineering.
- Code Logic Analysis
- We dive into the data structures and algorithms in the repository and provide suggestions to improve the data structures and algorithms for the lower time and space complexities.
- We analyze the hierarchy among multiple modules and the relations among the source code files in the repository and provide suggestions to improve the code architecture with better readability, reusability, and extensibility.
- Business Logic Analysis
- We study the technical whitepaper and other documents of the project and compare its specification with the functionality implemented in the code for any potential mismatch between them.
- We analyze the risks and potential vulnerabilities in the business logic and make suggestions to improve the robustness of the project.
- Access Control Analysis
- We perform a comprehensive assessment of the special roles of the project, including their authorities and privileges.
- We provide suggestions regarding the best practice of privilege role management according to the standard operating procedures (SOP).
Audit Scope
Audit Scope
Our auditing for Cronus Finance covered the following components:
- AMM DEX
- Liquidity Mining Farm
- $CRN Token
- Stable Cronus Staking
File Name |
---|
.\contracts\CronusFactory.sol |
.\contracts\CronusPair.sol |
.\contracts\CronusRouter02.sol |
.\contracts\CronusToken.sol |
.\contracts\LPToken.sol |
.\contracts\MasterChefCronus.sol |
.\contracts\MathUtils.sol |
.\contracts\MoneyMaker.sol |
.\contracts\StableCronusStaking.sol |
.\contracts\weth.sol |
.\contracts\interfaces\IAllowlist.sol |
.\contracts\interfaces\ICronusCallee.sol |
.\contracts\interfaces\ICronusERC20.sol |
.\contracts\interfaces\ICronusFactory.sol |
.\contracts\interfaces\ICronusPair.sol |
.\contracts\interfaces\ICronusRouter01.sol |
.\contracts\interfaces\ICronusRouter02.sol |
.\contracts\interfaces\IERC20.sol |
.\contracts\interfaces\ISwap.sol |
.\contracts\interfaces\IWEVMOS.sol |
.\contracts\libraries\BoringERC20.sol |
.\contracts\libraries\CronusLibrary.sol |
.\contracts\libraries\Math.sol |
.\contracts\libraries\OwnablePausable.sol |
.\contracts\libraries\SafeERC20.sol |
.\contracts\libraries\SafeMath.sol |
.\contracts\libraries\TransferHelper.sol |
.\contracts\libraries\UQ112x112.sol |
.\contracts\multicall\BlockTimestamp.sol |
.\contracts\multicall\IMulticall.sol |
.\contracts\multicall\Multicall.sol |
.\contracts\multicall\PeripheryValidation.sol |
.\contracts\rewarder\BoringOwnable.sol |
.\contracts\rewarder\SimpleRewarder.sol |
.\contracts\test\ERC20.sol |
.\contracts\test\ERC20test1.sol |
.\contracts\test\ERC20test2.sol |
.\contracts\test\MockERC20.sol |
Project Summary
Project Summary
Cronus Finance is an AMM DEX deployed on the EVMOS ecosystem. A portion of Cronus Finance’s code is based on SushiSwap, which features liquidity mining rewards and governance token staking. It is worth noting that Cronus Finance also implemented new features such as a Stable Cronus Staking that converts LP fees into stablecoins and allows $sCRN holders to claim exchange fees denominated in stablecoins.

- AMM DEX
The AMM DEX part of Cronus Finance is based on SushiSwap, which is based on the Uniswap V2. Users can add/remove liquidity and swap assets by interacting with the
CronusRouter02.sol
contract. For adding liquidity,CronusRouter02.sol
will first check whether the pair exists. If the pair does not exist, ACronusPair.sol
will be deployed byCronusFactory.sol
. If the pair exists,CronusRouter02.sol
will query the reserve oftokenA
andtokenB
of the pair by callingCronusLibrary
contract.CronusRouter02.sol
will then check whether the user is depositing the minimal amount oftokenA
andtokenB
to the pair. If the check passes, thenCronusRouter02.sol
will thetokenA
andtokenB
that the user is depositing to theCronusPair.sol
contract of the pair. TheCronusPair.sol
contract of the pair will then mint LP tokens to the user, representing the liquidity provided by the user.For removing liquidity,
CronusRouter02.sol
will first query the address of the deployedCronusPair.sol
for the pair by callingCronusLibrary
contract. TheCronusPair.sol
contract of the pair will then transfer the LP token from the user to theCronusPair.sol
contract of the pair. TheCronusPair.sol
contract of the pair will then burn the LP tokens and send the amount (corresponding to the amount of LP tokens and the reserves) oftokenA
andtokenB
to the user.For swapping tokens.
CronusRouter02.sol
will query theCronusLibrary
contract for the number of tokens that the user should receive/send.CronusRouter02.sol
will first query the address of the deployedCronusPair.sol
for the first hop of pairs in thepath
by callingCronusLibrary
contract. TheCronusPair.sol
contract of the pair will then transfer the token that needs to be swapped from the user to theCronusPair.sol
contract of the first hop of pairs in thepath
. Then a low-level function_swap
is called to swap tokens between the hops in thepath
.
- Liquidity Mining Farm
The liquidity mining farm part of Cronus Finance is based on SushiSwap MasterChef contracts. The
MasterChefCronus.sol
mints new $CRN tokens at each call to theupdatePool
function. New $CRN tokens are minted to the developer address, treasury address, investor address, and the deployedMasterChefCronus.sol
contract based on a proportion defined in theMasterChefCronus.sol
contract. The proportions can be changed by the owner of theMasterChefCronus.sol
contract.The owner of the
MasterChefCronus.sol
can add a new reward pool to the liquidity mining contract by callingadd
function. Each reward pool needs to be specified with three parameters:_allocPoint
,_lpToken
,_rewarder
._allocPoint
determines the proportion of the $CRN liquidity mining rewards that the reward pool is allocated._lpToken
determines which LP token is accepted by the reward pool._rewarder
is optional and used when a reward pool has double rewards in $CRN and another token. Theowner
ofMasterChefCronus.sol
can also later adjust the_allocPoint
and_rewarder
parameters by callingset
.The function
updatePool
will update the rewards metrics of a particular pool, specified by_pid
. TheupdatePool
function will calculate the amount of $CRN that should be minted based on the time of the last update for the particular pool, the amount of $CRN to be minted every second, and the allocation point of the particular pool. The function would then mint the $CRN tokens to thedevAddr
,treasuryAddr
,investorAddr
, and the liquidity mining contract itself. The amount of $CRN tokens minted is determined bydevPercent
,treasuryPercent
, andinvestorPercent
, which can be set by the owner of the liquidity mining contract. The number of $CRN that each share of LP token deposit is then calculated and stored in the reward pool data structure asaccCronusPerShare
.The function
deposit
handles the deposit of LP tokens into the liquidity mining pool. Thedeposit
function will first callupdatePool
to update the rewards metrics for the reward pool to the latest state, corresponding to the latest timestamp. Then thedeposit
function will check whether the user has already deposited LP tokens into the reward pair. If the user has already deposited into the reward pair, the already accumulated rewards will be harvested and sent to the user. Then thedeposit
function will calculate and storerewardDebt
for the user that is depositing LP tokens.rewardDebt
is the amount of $CRN token accumulated to date, before the user’s deposit, for the amount of LP token that the user is depositing. Therefore, when calculating the amount of $CRN that the user is earning, the smart contract only needs to multiply the number of $CRN per share by the number of reward pool shares that the user holds, minus therewardDebt
for the user. Thedeposit
function will also call theonCronusReward
function of therewarder
contract associated with the reward pool, if available. Lastly, thedeposit
function will transfer the LP token from the user to the liquidity mining farm.The function
withdraw
handles the withdrawal of LP tokens from the liquidity mining pool. Thewithdraw
function will first callupdatePool
to update the rewards metrics for the reward pool to the latest state, corresponding to the latest timestamp. Then the already accumulated rewards will be harvested and sent to the user. Then thewithdraw
function will calculate and storerewardDebt
for the user that is depositing LP tokens. Thewithdraw
function will also call theonCronusReward
function of therewarder
contract associated with the reward pool, if available. Lastly, thewithdraw
function will transfer the LP token to the user from the liquidity mining farm.
- $CRN Token
CronusToken.sol
inheritsSafeERC20.sol
from OpenZepplin.CronusToken.sol
has additional governance-related features such asdelegateBySig
delegates
.
Findings & Improvement Suggestions
Findings & Improvement Suggestions
Severity | Total | Acknowledged | Resolved |
High | 3 | 3 | 3 |
Medium | 0 | 0 | 0 |
Low | 1 | 1 | 1 |
Informational | 8 | 4 | 3 |
High
High
- Critical State variables are not updated after critical operations
Severity High Source contracts/MasterChefCronus.sol#L429; Status Resolved in commit 5508803e0acbf40688557a8e68342581810c2a30; Description
UserInfo.rewardDebt
is not updated inMasterChefCronus.collectAllPoolRewards()
. Attackers can call this function to drain the Cronus tokens in pool.MasterChefCronus.collectAllPoolRewards()
loops through all pools and transfers rewards of each pool to the user. However,UserInfo.rewardDebt
is not updated as expected. Becausememory
instead ofstorage
is used when fetchingUserInfo
. So the userInfo that was updated inside the function is just a local copy of the original variable and thus the update has no impact on the state variable reward debt.UserInfo.rewardDebt
still remains unchanged afterMasterChefCronus.collectAllPoolRewards()
.The user’s reward debt is not updated and remains unchanged after claiming rewards. The calculated claimable rewards will also stay unchanged. Users can get the same Cronus token rewards again even if they have claimed. The attacker can just call this function multiple times to drain the Cronus token in the pool.
Exploit Scenario
Malloy stakes some tokens in the pool and accumulates some rewards. He then calls
MasterChefCronus.collectAllPoolRewards()
many times to drain all the Cronus tokens in the pool.
Recommendations
Use
storage
instead ofmemory
forUserInfo
function collectAllPoolRewards() public { for (uint256 _pid = 0; _pid < poolInfo.length; _pid++) { PoolInfo memory pool = poolInfo[_pid]; // * suggestion: use `storage` * UserInfo storage user = userInfo[_pid][msg.sender]; updatePool(_pid); if (user.amount > 0) { // Harvest Cronus uint256 pending = user.amount.mul(pool.accCronusPerShare).div(1e12).sub(user.rewardDebt); safeCronusTransfer(msg.sender, pending); emit Harvest(msg.sender, _pid, pending); } user.rewardDebt = user.amount.mul(pool.accCronusPerShare).div(1e12); IRewarder rewarder = poolInfo[_pid].rewarder; if (address(rewarder) != address(0)) { rewarder.onCronusReward(msg.sender, user.amount); } } }
In this way,
UserInfo
gets updated correctly and the function works as expected.
Results
Resolved in commit 5508803e0acbf40688557a8e68342581810c2a30. The issue was fixed by changing the
memory
tostorage
forUserInfo
.
- Inter-contract state variables inconsistency
Severity High Source contracts/MasterChefCronus.sol#L354; Status Resolved in commit 84e287b3512fee5fb308ab15c9603ce63ff9651e; Description
Reward amount of
rewarder
contract is not reset inemergencyWithdraw()
. Rewards on the rewarder contract can still be claimed after the user withdraws all the staked tokens.MasterChefCronus.emergencyWithdraw()
is a function for users to withdraw all the staked tokens and give up all the unclaimed rewards. All the rewards that the user has earned should be reset to zero and staked tokens are transferred back to the user. However, the reward amount on the rewarder contract is not reset to zero. Users are still able to claim rewards from the rewarder contract after they emergency withdraw all the staked tokens.
Exploit Scenario
- Attacker Mallory takes a flash loan.
- Deposits x LP tokens into any double reward farm. He then
- Emergency withdraws his LP tokens.
- Deposits a single LP token back into the same farm and waits n number of days.
- Harvests the bonus reward
- Mallory now has rewards as he has x number of LP tokens instead of 1 LP token.
Recommendations
Fix the mistake in
emergencyWithddraw()
function, clear user data inrewarder
contract./// @notice Withdraw without caring about rewards. EMERGENCY ONLY. /// @param pid The index of the pool. See `poolInfo`. function emergencyWithdraw(uint256 pid) external nonReentrant { PoolInfo memory pool = poolInfo[pid]; UserInfo storage user = userInfo[pid][msg.sender]; uint256 amount = user.amount; user.amount = 0; user.rewardDebt = 0; // * suggestion: update amount of rewarder contract * IRewarder _rewarder = pool.rewarder; if (address(_rewarder) != address(0)) { _rewarder.onCronusReward(msg.sender, 0); } // Note: transfer can fail or succeed if `amount` is zero. pool.lpToken.safeTransfer(msg.sender, amount); emit EmergencyWithdraw(msg.sender, pid, amount); }
Result
Resolved in commit 84e287b3512fee5fb308ab15c9603ce63ff9651e. The user’s amount in the rewarder contract is reset to zero inside this function.
- Critical State variables are not updated after critical operations
Severity High Source contracts/StableCronusStaking.sol#L287; Status resolved in commit 4909443408e4c01ef17684455f8dd021de4547ec; Description
A critical variable used to calculate rewards is not updated in
StableCronusStaking.emergencyWithdraw()
. It will result in incorrect calculation of rewards and may cause the calls on critical functions to fail.internalCronusBalance
is a variable used to track the balance of Cronus tokens. It should be updated every time the Cronus token is transferred to/from the current contract. InemergencyWithdraw()
, the amount is not deducted from theinternalCronusBalance
when the Cronus token is transferred from this contract to users. TheinternalCronusBalance
will be bigger than it should be.internalCronusBalance
is used to calculate rewards in functionStableCronusStaking.pendingReward()
. The inaccurateinternalCronusBalance
will result in incorrect rewards calculation as well. The reward will be smaller than it should be. Besides, this may also cause the reward calculation to revert on subtraction underflow (it deductsinternalCronusBalance
from the token balance), which will make calls todeposit()
,addRewardToken()
,removeRewardToken()
,withdraw()
fail because of the revert onupdateReward()
.
Exploit Scenario
Because of the Incorrect internal Cronus token balance tracking, the amount of Cronus token rewards Alice can claim is smaller than it should be.
Recommendations
update the
internalCronusBalance
insideStableCronusStaking.emergencyWithdraw()
.function emergencyWithdraw() external { UserInfo storage user = userInfo[_msgSender()]; uint256 _amount = user.amount; user.amount = 0; uint256 _len = rewardTokens.length; for (uint256 i; i < _len; i++) { IERC20 _token = rewardTokens[i]; user.rewardDebt[_token] = 0; } // *suggestion: update internalCronusBalance* internalCronusBalance = internalCronusBalance.sub(_amount); CRN.safeTransfer(_msgSender(), _amount); emit EmergencyWithdraw(_msgSender(), _amount); }
Result
Resolved in commit 4909443408e4c01ef17684455f8dd021de4547ec.
internalCronusBalance
is updated when Cronus token gets transferred out through functionStableCronusStaking.emergencyWithdraw()
.
Medium
Medium
None ; )
Low
Low
- Gas-inefficient array operations
Severity Low Source contracts/StableCronusStaking.sol#L198; Status resolved in commit 9fe1b898da869d3c22fdb9757becd062b50219ba; Description
In order to remove one reward token,
removeRewardToken()
function loops through all the reward tokens. Loop can be avoided by using more optimized data structures. It would cost extra unneeded time.function removeRewardToken(IERC20 _rewardToken) external onlyOwner { require(isRewardToken[_rewardToken], "StableCronusStaking: token can't be removed"); updateReward(_rewardToken); isRewardToken[_rewardToken] = false; uint256 _len = rewardTokens.length; for (uint256 i; i < _len; i++) { if (rewardTokens[i] == _rewardToken) { rewardTokens[i] = rewardTokens[_len - 1]; rewardTokens.pop(); break; } } emit RewardTokenRemoved(address(_rewardToken)); }
Exploit Scenario
N/A
Recommendations
Use EnumerableSet (See code below).
tokenIndex
can also serve asisRewardToken
to further save gas. Allrequire(isRewardToken[_token])
should change torequire(tokenIndex[_token] != 0)
.mapping(IERC20 => uint256) tokenIndex; //mapping(IERC20 => bool) isRewardToken; // removed function addRewardToken(IERC20 _rewardToken) external onlyOwner { uint256 valueIndex = tokenIndex[_rewardToken]; // 0 index is reserve as null identifier require(valueIndex, "StableCronusStaking: rewardToken already exists."); rewardTokens.push(_rewardToken); tokenIndex[_rewardToken] = rewardTokens.length; updateReward(_rewardToken); emit RewardTokenAdded(address(_rewardToken)); } function removeRewardToken(IERC20 _rewardToken) external onlyOwner { uint256 valueIndex = tokenIndex[_rewardToken]; require(valueIndex, "StableCronusStaking: rewardToken does not exist."); updateReward(_rewardToken); uint256 toDeleteIndex = tokenIndex[_rewardToken] - 1; uint256 lastIndex = rewardTokens.length - 1; if (lastIndex != toDeleteIndex) { address lastValue = rewardTokens[lastIndex] rewardTokens[toDeleteIndex] = lastValue; // update last value to the removed value tokenIndex[lastValue] = valueIndex; // update index } rewardTokens.pop(); detele tokenIndex[_rewardToken]; emit RewardTokenRemoved(address(_rewardToken)); }
Results
Resolved in commit 9fe1b898da869d3c22fdb9757becd062b50219ba. The Cronus Finance team fixed this issue by using EnumerableSet
Informational
Informational
- Lack of Re-entrancy Guard for critical function with external dependency
Severity Informational Source contracts/MasterChefCronus.sol(#L294, #L321, #L350, #L358); Status Unresolved; Description
The snippets are following a proper check-effects-interaction pattern. However, attention should be paid to the external
lptoken.safeTransfer
andlptoken.safeTransferFrom
that is interacted. Be cautious when adding support for tokens like ERC777 that have before after transfer hooks. It brings in reentrancy vulnerabilities even when following a check-effects-interaction pattern.
Exploit Scenario
N/A
Recommendations
Be cautious when adding support for new tokens.
ReentrancyGaurd
can be added to functions that contain interactions with the external token transfer.
Results
The suggestion is not adopted
- Magic numbers
Severity Informational Source contracts/StableCronusStaking.sol(#L106, #L187, #L218); Status Unresolved; Description
There are several magic numbers (
5e17
,25
) used in the contracts.It’s a better practice to make those magic numbers constant variables and have sufficient comments on their usage, which can greatly improve code readability.
Exploit Scenario
N/A
Recommendations
Use constant state variables to represent those magic numbers.
Results
Unresolved. The suggestion is not adopted.
- Naming issues
Severity Informational Source contracts/StableCronusStaking.sol#L78; Status Resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427; Description
event ClaimReward()
does not follow the “noun + verb past participle” naming scheme.
Exploit Scenario
N/A
Recommendations
Events and indexed values of events can be used to monitor contract operations. Thus, event names similar to contract function names must keep best practice by using the “noun + verb past participle” naming scheme. Therefore, we suggest changing the event name to
RewardClaimed
.
Results
Resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427. The event name has been changed to
RewardClaimed
.
- Missing
indexed
variables in eventSeverity Informational Source contracts/StableCronusStaking.sol#L84; Status Partially resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427; Description
event RewardTokenAdded(address token)
andevent RewardTokenRemoved(address token)
do not index the added/removed token address.Events and indexed values of events can be used to monitor contract operations. It’s recommended to have events emitted on important function calls and index those critical variables.
Exploit Scenario
N/A
Recommendations
The indexed parameters for logged events will allow users/developers to search for these events using the indexed parameters as filters. We suggest adding
indexed
to keep the best practice of smart contract programming
Results
Partially resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427.
indexed
was added toevent RewardTokenAdded(address token)
, but not added toevent RewardTokenRemoved
.
- Unbounded gas usage in recursive function
Severity Informational Source contracts/MoneyMaker.sol#L253; Status Unresolved; Description
In
_convertStep()
, the recursive function will recuse all the input tokens until all of them are converted totokenTo
, however, if thebridgeOf(token)
graph has a loop, the recursive function will be in a dead loop and revert due to out-of-gas. Example: The path of token bridges must not contain any loop (Say, A - B - C - A), otherwise theconvert()
will be in a dead loop.
Exploit Scenario
As described above, under certain edge cases,
convert()
will be in a dead loop
Recommendations
Check Directed Acyclic Graph(DAG) compliance before calling
setBridge()
.
Results
Unresolved. The suggestion is not adopted.
- Inconsistency in variable name and actual implementation
Severity Informational Source contracts/MoneyMaker.sol; Status Resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427; Description
wavax
is from Trader Joe XYZ’s implementation which is deployed on Avalanche. Usingwavax
is a bit confusing in the code since Cronus is deployed on Evmos. The name is misleading and confusing to future developers.
Exploit Scenario
N/A
Recommendations
Use another name like
wevmos
Results
Resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427.
wavax
has been changed towevmos
.
- Missing variables in events
Severity Informational Source contracts/MoneyMaker.sol; Status Resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427; Description
Events on updating state variables (
SetDevAddr SetDevCut SetTokenTo
) do not include the old values.Events are usually used to monitor contracts. Including old values in events emitted when there is a critical variable set to a new value is good practice. It can help monitor the state variable changing and have a track of the value change.
Exploit Scenario
N/A
Recommendations
event SetDevAddr(address indexed newDevAddr, address indexed oldDevAddr); event SetDevCut(uint256 indexed newDevCut, uint256 indexed oldDevCut); event SetTokenTo(address indexed newTokenTo, address indexed oldTokenTo);
Results
Resolved in commit 68790c5370be9411d2ac181a33088bf206c2b427. The old variable value has been added to the events.
- Missing error message
Severity Informational Source contracts/CronusRouter02.sol; Status Unresolved; Description
The majority of the
require
statement in theCronusRouer02.sol
has no error message, which is not a good practice in smart contract programming. Missingrequire
error messages may result in users do not understand why their transaction failed.
Exploit Scenario
N/A
Recommendations
Add error string to
require
statements in theCronusRouer02.sol
Results
Unresolved. The suggestion is not adopted.
Access Control Analysis
Access Control Analysis
We list the privileged roles that have special access to critical functions.
CronusToken.sol
owner
: mint new tokens.
keeper
: updatemaxSupply
limit.
CronusFactory.sol
feeTo
: the address that can receive the mint fee when the lp token is minted.
feeToSetter
: setfeeTo
andfeeToSetter
address.
MasterChefCronus.sol
owner
:add
andset
pool.
admin
: deposit token for a user.
MoneyMaker.sol
auth
: authorized address. It can set bridge, dev cut, dev address,tokenTo
address. It can also convert pairs of tokens totokenTo
owner
: add/removeauth
role.
StableCronusStaking.sol
owner
: add/remove reward token and set deposit fee percent.
Appendix I: Severity Categories
Appendix I: Severity Categories
Severity | Description |
---|---|
High | Issues that are highly exploitable security vulnerabilities. It may cause direct loss of funds / permanent freezing of funds. All high severity issues should be resolved. |
Medium | Issues that are only exploitable under some conditions or with some privileged access to the system. Users’ yields/rewards/information is at risk. All medium severity issues should be resolved unless there is a clear reason not to. |
Low | Issues that are low risk. Not fixing those issues will not result in the failure of the system. A fix on low severity issues is recommended but subject to the clients’ decisions. |
Informational | Issues that pose no risk to the system and are related to the security best practices. Not fixing those issues will not result in the failure of the system. A fix on informational issues or adoption of those security best practices-related suggestions is recommended but subject to clients’ decision. |
Appendix II: Status Categories
Appendix II: Status Categories
Status | Description |
---|---|
Unresolved | The issue is not acknowledged and not resolved. |
Partially Resolved | The issue has been partially resolved |
Acknowledged | The Finding / Suggestion is acknowledged but not fixed / not implemented. |
Resolved | The issue has been sufficiently resolved |
Disclaimer
Disclaimer
Verilog Solutions receives compensation from one or more clients for performing the smart contract and auditing analysis contained in these reports. The report created is solely for Clients and published with their consent. As such, the scope of our audit is limited to a review of code, and only the code we note as being within the scope of our audit detailed in this report. It is important to note that the Solidity code itself presents unique and unquantifiable risks since the Solidity language itself remains under current development and is subject to unknown risks and flaws. Our sole goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies. Thus, Verilog Solutions in no way claims any guarantee of security or functionality of the technology we agree to analyze.
In addition, Verilog Solutions reports do not provide any indication of the technologies proprietors, business, business model, or legal compliance. As such, reports do not provide investment advice and should not be used to make decisions about investment or involvement with any particular project. Verilog Solutions has the right to distribute the Report through other means, including via Verilog Solutions publications and other distributions. Verilog Solutions makes the reports available to parties other than the Clients (i.e., “third parties”) – on its website in hopes that it can help the blockchain ecosystem develop technical best practices in this rapidly evolving area of innovation.