FarmersOnly
- Completed
Paladin Rush
-
Audit Report
Commissioned
01 Oct 2021
Completed
02 Oct 2021
Contracts Audited
MasterChef 0x27271ECd985F1B666e51209B033d93ddC5a36076 CornCoin 0xFcA54c64BC44ce2E72d621B6Ed34981e53B66CaE Multicall Only used on the frontend LiqLocker 0xAfbD20B5E79fAdBc0c0B9AbA64cBb5d27D995bFD Timelock 0xc14BFa11c072d5e5735092CEe376Be905B9D7359 View Audit Report
IssuesRisk SummaryFound Resolved Partially Resolved Acknowledged
(no change made)High 1 0 1 – Medium 1 0 – 1 Low 4 0 – 4 Informational 11 0 – 11 Total 17 0 1 16 From the technical side of things, FarmersOnly has not taken the best steps in rectifying the issues identified in our audit report as their contracts had already been deployed to the Avalanche network and the project owner insisted against redeployment. This has resulted in the issues being acknowledged rather than resolved. However, we’ve worked together with the client to mitigate the risks of the high severity issue by adding a dummy pool that mints 50% of the tokens which can then be distributed to the other half of the pools. While the issue would initially have led to the Masterchef being drained of native tokens, this situation will no longer occur under proper management.
The main risk vector that remains is:
- The owner adds pools without adjusting the weight of the dummy pool properly leading to either too many or too little tokens being minted. In case too many were minted, the cap will be reached more quickly. In case too few were minted, the Masterchef will be drained of native tokens while the non-native and LP tokens remain safe.
In addition to the aforementioned risks, there is no reasonable guarantee that the protocol will be successful or profitable to the average investor. The native token often drops very rapidly after launch so we recommend you carefully do your research on the project and team and whether they are appropriate for you.
The following steps are recommended minimum checks you as a potential/current user should perform:
- Setting alerts for and monitoring Timelock transactions. This is especially useful to monitor the mitigation of issue #1.
- Ensuring that the contract you approve and stake in matches the one we audited. This can be done by comparing the address with the one present in the contracts page in our audit.
- Be aware of the risk that the native token’s value might drop rapidly simply due to the nature of yield farming. Carefully evaluating the team and project could help with assessing this.
When using this protocol, the main risks you want to look out for are:
- Ensuring that the contracts you are interacting with matches the one we audited. This can be done by comparing the addresses with the one present in the contracts page in our audit.
- Our audits only cover code-related risks. Users will have to do their own due diligence on other aspects of the protocol such as the reputation of the team, the protocol’s tokenomics, and other aspects of the project that might be relevant.