PolygonFarm
- Completed
Paladin Rush
-
Audit Report
Commissioned
28 Jul 2021
Completed
29 Jul 2021
Contracts Audited
SpadeToken 0xf5EA626334037a2cf0155D49eA6462fDdC6Eff19 MasterChef 0x9a2c85efbbe4dd93cc9a9c925cea4a2b59c0db78 Referral 0x4a4aE735905FE530298D189091439a097bcD28A8 Timelock 0x5ECBFA6540DB0F5493D7b85dC68B3904Cc632377 SpadeVault 0x8e6C2827d234b16C3B496deD77a0f6b7e3Cf27ee View Audit Report
IssuesRisk SummaryFound Resolved Partially Resolved Acknowledged
(no change made)High 2 – 2 – Medium 3 – – 3 Low 6 1 – 5 Informational 12 1 – 11 Total 23 2 2 19 From the technical side of things, PolygonFarm has not taken any reasonable steps in rectifying the issues identified in our audit report as their contracts have already been deployed to the Polygon network and the project owner insisted against redeployment. This has resulted in the issues being acknowledged rather than resolved. As a result, the contracts are not secure from a user’s perspective as there remains significant residual risk from vectors including but not limited to :
- Exploitation of the Masterchef contract if tokens with transfer taxes are added as pools.
- Exploitation of the SpadeVault contract to steal native tokens.
- Users’ deposits and withdrawals reverting when fee address is set to the zero address.
The points above above represent a small fraction, but are the most severe of issues that remain in the PolygonFarm contracts. Users wishing to interact with this project should exercise increased caution, and to monitor any queued Timelock transactions especially with regards to those concerning the Masterchef and SpadeVault.
In addition to the aforementioned risks, there is no reasonable guarantee that the protocol will be successful or profitable to the average investor. The native token often drops very rapidly after launch so we recommend you carefully do your research on the project and team and whether they are appropriate for you.
The following steps are recommended minimum checks you as a potential/current user should perform:
- Setting alerts for and monitoring Timelock transactions.
- Ensuring that the contract you approve and stake in matches the one we audited. This can be done by comparing the address with the one present in the contracts page in our audit.
The risk that the native token’s value might drop rapidly simply due to the nature of yield farming. Carefully evaluating the team and project could help with assessing this.