TimeLeap Finance
- Completed (2)
-
Farm Audit Report
Commissioned
25 Jul 2021
Completed
29 Jul 2021
Contracts Audited
TimeToken 0x5c59d7cb794471a9633391c4927ade06b8787a90 MasterChef 0x41c4dfa389e8c43ba6220aa62021ed246d441306 Timelock 0x0bd5d1f205c593f4587f54b131ef86b1b026976d SafeOwner 0x02e6aed3d464490b39295626a39bffda17d679a9 View Audit Report
IssuesRisk SummaryFound Resolved Partially Resolved Acknowledged
(no change made)High 3 1 – 2 Medium 3 2 – 1 Low 5 2 – 3 Informational 5 – – 5 Total 16 5 – 11 Timeleap has deployed a SafeOwner contract that has resolved several medium and low risk issues identified in our audit findings. As they have already deployed their contracts to the Polygon mainnet, their ability to enact sweeping reformations is limited. Nonetheless, we do commend Timeleap taking the necessary steps to resolved several of the more pressing issues.
The majority of issues remains unresolved, and thus marked Acknowledged, and may yet possess significant residual risk to users from vectors including but not limited to:
- Exploitation of the Masterchef contract if tokens with transfer taxes are added as pools.
- Adding non-token addresses as pools, resulting in transactions reverting.
- Reversion of harvesting due to division by 0 in the pendingTime function.
The list provided above represent a fraction of issues that remain unresolved in the Timeleap contracts. Users wishing to interact with this project should exercise caution, and to monitor any queued Timelock transactions.
In addition to the above risks, there is no reasonable guarantee that the protocol will be successful or profitable to the average investor. The native token often drops very rapidly after launch so we recommend you carefully do your research on the project and team and whether they are appropriate for you.
The following steps are recommended minimum checks you as a potential/current user should perform:
- Setting alerts for and monitoring Timelock transactions, especially as the current delay is too short.
- Ensuring that the contract you approve and stake in matches the one we audited. This can be done by comparing the address with the one present in the contracts page in our audit.
- The risk that the native token’s value might drop rapidly simply due to the nature of yield farming. Carefully evaluating the team and project could help with assessing this.
-
Vaults Audit Report
Commissioned
04 Aug 2021
Completed
16 Aug 2021
Contracts Audited
BaseStrategy 0x4436Ff0a96C77f38E66de5Dc1225Cfb51Bf88709 BaseStrategyLP 0x4436Ff0a96C77f38E66de5Dc1225Cfb51Bf88709 BaseStrategyLPSingle 0x4436Ff0a96C77f38E66de5Dc1225Cfb51Bf88709 StrategyQuickSwap 0x4436Ff0a96C77f38E66de5Dc1225Cfb51Bf88709 VaultChef 0x62902cc933e5d32717135a05a52c8a46f9b5a323 StrategyVaultBuyBack The team has decided not to use this contract. The contracts for all Quickswap LP strategies are the same and based off the contract parts of BaseStrategy, BaseStrategyLP, BaseStrategyLPSingle and StrategyQuickswap. You can find a full list of their contracts in their documentation.
View Audit Report
IssuesRisk SummaryFound Resolved Partially Resolved Acknowledged
(no change made)High 3 3 – – Medium 2 2 – – Low 9 8 1 – Informational 17 14 – 1 Total 31 29 1 1 When using this protocol, the main risks you want to look out for are:
- Ensuring that the contracts you are interacting with matches the one we audited. This can be done by comparing the addresses with the one present in the contracts page in our audit.
- Our audits only cover code-related risks. Users will have to do their own due diligence on other aspects of the protocol such as the reputation of the team, the protocol’s tokenomics, and other aspects of the project that might be relevant.