Beluga Protocol security audit, conducted by the Callisto Network Security Department during April 2021.
Beluga Protocol Specification
Our contracts are vaults, they take deposits and optimize yields on them.
- Telegram: https://t.me/belugaprotocol
- Twitter: https://twitter.com/belugaprotocol
- Medium: https://belugaprotocol.medium.com
I am fine with the report being published as is unless there is a highly severe bug in the code, then please privately message me.
The report can be publish as long as there is no high severity bugs in the contracts.
Binance Smart Chain
Beluga Protocol Smart Contract Security Audit Report
Are Your Funds Safe?
1. In scope
Smart contracts commit 84c33c8ca90f4a6d3ed2115bd7b2d90bf595abc9
In total, 3 issues were reported including:
0 high severity issues.
0 medium severity issues.
2 low severity issues.
0 owner privileges.
No critical security issues were found.
NoMintRewardPool is not defined
NoMintRewardPool contract is not defined. Perhaps we are talking about a
StakingRewards contract from RewardsPool.sol
2.2 Restriction to use Reward Pool by others smart contracts
RewardPool.sol uses the construction
tx.origin to allow only the initiators of the transaction to collect the reward. This can lead to the blocking of many users who use smart contracts for convenience and security. For example, users using multisig contracts will not be able to use this contract.
More info about
tx.origin vulnerabilities: ethereum/solidity#683
2.3 Known vulnerabilities of ERC-20 token
It is possible to double withdrawal attacks. More details here.
Add the following code to the
transfer(_to address, ...) function:
require( _to != address(this) );
The audited smart contract can be deployed. Only low severity issues were found during the audit.
4. Revealing previous audit reports
4.1 Notes about gorbunovperm report.
The issue 3.2. does not hurt users and can’t cause any losses for users or contract. It’s an owner’s right to restrict other contracts from interacting with the farms.
The severity was changed to
Trust the Blockchain, Audit the Smart Contracts.
Follow Callisto’s Security Department on Twitter to get our latest news and updates!