TimeLeap Finance

Timeleap has deployed a SafeOwner contract that has resolved several medium and low risk issues identified in our audit findings. As they have already deployed their contracts to the Polygon mainnet, their ability to enact sweeping reformations is limited. Nonetheless, we do commend Timeleap taking the necessary steps to resolved several of the more pressing issues.

The majority of issues remains unresolved, and thus marked Acknowledged, and may yet possess significant residual risk to users from vectors including but not limited to:

• Exploitation of the Masterchef contract if tokens with transfer taxes are added as pools.
• Adding non-token addresses as pools, resulting in transactions reverting.
• Reversion of harvesting due to division by 0 in the pendingTime function.

The list provided above represent a fraction of issues that remain unresolved in the Timeleap contracts. Users wishing to interact with this project should exercise caution, and to monitor any queued Timelock transactions.

In addition to the above risks, there is no reasonable guarantee that the protocol will be successful or profitable to the average investor. The native token often drops very rapidly after launch so we recommend you carefully do your research on the project and team and whether they are appropriate for you.

The following steps are recommended minimum checks you as a potential/current user should perform:

• Setting alerts for and monitoring Timelock transactions, especially as the current delay is too short.
• Ensuring that the contract you approve and stake in matches the one we audited. This can be done by comparing the address with the one present in the contracts page in our audit.
• The risk that the native token’s value might drop rapidly simply due to the nature of yield farming. Carefully evaluating the team and project could help with assessing this.

When using this protocol, the main risks you want to look out for are:

1. Ensuring that the contracts you are interacting with matches the one we audited. This can be done by comparing the addresses with the one present in the contracts page in our audit.
2. Our audits only cover code-related risks. Users will have to do their own due diligence on other aspects of the protocol such as the reputation of the team, the protocol’s tokenomics, and other aspects of the project that might be relevant.