Paladin audit: What’s up and how are risks being mitigated?
SAFU UPDATE — Aug 10, 2021
We have renounced our MasterChef ownership to a SafeOwner contract! Aside from ensuring that our users are protected from a malicious transfer of ownership for MasterChef, here are some upgrades of our own on our SafeOwner contract:
1 — We have hard-coded a requirement for a maximum of 4% fees on our MasterChef. This was previously overlooked when we forked our Masterchef contract from Polycat, but not anymore!
2 — Updating of addresses such as dev / fee addresses now require non-zero addresses. This helps to prevent our Masterchef contract from malfunctioning due to incorrect data input.
3 — Previously raised by Paladin Audits, we’ve also hard-coded a maximum allowable emission rate to be set, which is the current rate of our MasterChef contract (0.05 TIME / block).
4 — And to ensure that our users have sufficient time to react to any changes to the MasterChef, we’ve also transferred the ownership of our SafeOwner contract over to a 24-hour Timelock.
Multiple layers of safety, all for the sake of ensuring the future of $TIME!
Our completed Paladin audit has been published here.
Most farms publish and verify their Masterchef on polygonscan before they get their contracts audited.
They would then submit github repos containing their contract code for these audits instead. In other words, they would submit their github versions, fix them locally, and then submit their local file.
This allows for issues to be marked as resolved even though farms have already been launched with their MC contract deployed. Note that contracts that were published on polygonscan don’t get fixed unless they are re-deployed.
We want to be transparent, so we didn’t do that.
On July 22, 2021, we launched the TIME token and transferred ownership of TIME over to MC immediately after liquidity launch. This was done before MC was audited.
RugDoc was the first to point out these issues prior to the completion of the Paladin audit — so we tried to redeploy MC, but we realized that ownership of TIME contract had already been renounced. Hence, we couldn’t re-deploy MC to resolve the issues.
While we could have taken the route that most farms did, we’re choosing not to.
The issues raised in our audit have not been resolved but acknowledged as we wanted to be honest that we submitted a verified contract that was published on polygonscan.
So, how are risks being mitigated?
The below issues were surfaced by the Paladin audit team:
Issue #1: Exploitation of the Masterchef contract if tokens with transfer taxes are added as pools
We have no intention of supporting tokens with transfer taxes into our pools.
In the first place, most tokens with transfer tax are frictionless yield-generating tokens that allow holders to earn more of the same token — this has no practical utility at all aside from sentiment-driven price action. It’s just a different type of investment product with a different target audience.
We personally hold some in our portfolio, but we would never stake them in a yield farm because it just doesn’t make sense to do so.
Issue #2: Raising deposit fees up to 100%, resulting in total loss of users’ funds
As we’re a Polycat fork, this was an oversight on our part for not setting an upper limit to depositFeeBP. At the point of writing our MC, we were entirely focused on the tokenomics of the larger ecosystem and did not notice that setting a deposit fee of 100% was possible.
We do apologize if this is a huge red flag to our potential yield farmers, but we want to assure you that we will not be setting deposit fees above 4% (market rate).
- We created this yield farm because we got sick of moving our funds around (Read our open letter)
- We don’t want to get rugged ourselves, considering that we’ve experienced major losses from the PolyGold soft rug and the Iron Finance “bank run”
- We truly care about building a community — you can see that from our conversations within the Telegram group
So no, we wouldn’t set >4% deposit fees because that would destroy what we initially set out to do.
Issue #3: Calling the finalMint function to mint and dump TIME tokens, though this is behind a 3 hour timelock. It is our opinion that 3 hours is too short of a delay, and we recommend a timelock of at least 24 hours.
We’ll be honest, we didn’t even think about it, but there is a possible owner-only exploit of finalMint() that was thought up by Paladin.
But hey, we’re yield farmers, just like you. We don’t want our lives to be ruined by a soft rug due to massive dumping of TIME.
We’re staking all of our TIME that we’ve earned from emissions in our TIME Capsule while compounding this on a daily basis — that’s what yield farmers do. It’s great APR by the way, clocking in a sweet 4395.26% at the time of writing.
So tell us, why would we call the finalMint() function when we can happily enjoy farming in our own farm, without any fear of rugging? The only fear we’ve got is community FUD (no, really).
Either way, we understand that some of you might still feel unsafe to leave your funds with us. We want you to assure you that we’ll be taking Paladin’s suggestion to increase the Timelock duration from 3 to 24 hours. This is in line with the Telegram poll that we ran, with 24 hours as the duration chosen by the majority.
Our timelock delay transaction has been queued and will be executed when we’re awake on August 1.
Issue #4: Users’ deposits and withdrawals could revert when the fee and vault addresses are set to the zero address.
Once again we’re a Polycat fork, and this was an oversight on our part for not identifying this bug earlier.
Here’s what you need to know:
- We’re seasoned devs and we know not to enter a ZERO (‘0’) address when an argument strictly defines that an “address” must be used (Solidity is a statically-typed language)
- We’re currently behind a 3 hour timelock (and soon, 24 hour). That means you can check if our queued transactions make sense.
- There’s absolutely no reason for us to add a ZERO (‘0’) address when we need those fees for marketing and dev. Plus, funds will still need to be transferred to our vault address for the upcoming automated buyback and make feature which will further create buying pressure for TIME.
We hope that reading this article gives you a peace of mind. As we always say, we’re here to stay. We’ll keep being transparent with you and hopefully, earn your trust in TIME 😜