Open Bi Sea smart contract security audit, conducted by the Callisto Network Security Department during April 2021.

 

 

Open Bi Sea Smart Contract Security Audit Report

Are Your Funds Safe?

1. Summary

OpenBiSea smart contract security audit report performed by Callisto Security Audit Department.

2. In scope

2.1 Excluded

  1. Standard Uniswap interfaces:
  • @uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol
  • @uniswap/v2-core/contracts/interfaces/IUniswapV2Factory.sol
  • @uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol
  1. The audited contracts use other contracts by their interface. We can’t be sure what those contracts do, because their addresses are changeable. The list of interfaces of those contracts:
  • IPool
  • IAssetsManageTeam
  • IReturnInvestmentLpartner
  • IOracle
  1. The correctness of the mathematical calculations was not verified during the audit due to the lack of complete documentation of what the contract should do and under what conditions.

3. Findings

In total, 1 issue were reported including:

  • 0 high severity issue.
  • 0 medium issue.
  • 1 low severity issue.

In total, 1 note were reported, including:

  • 1 notes.

  • 0 owner privileges.

3.1 Losing accuracy

Severity: low.

Description:

In the function claimFreeTokens() you are requesting priceMainToUSD, decimals (OpenBiSea.sol line 397) and than priceMainToUSD.div(10 ** uint256(decimals)) (OpenBiSea.sol line 400). This will cause of losing values that less than 1. I.e. is price is $1.5 you will get $1. If price is $0.99 you will get $0. It may cause different issues in future calculation.

The same issue is in the function updateFirstDateAndValue() (OpenBiSeaAuction.sol lines 165-167).

Recommendation

Keep decimals in calculation values.

3.2 Buyer and Seller may claim token

Severity: note.

Description:

In the function updateFirstDateAndValue() the same value adding to buyer and seller (OpenBiSeaAuction.sol lines 170-171), so buyer and seller may claimFreeTokens() (OpenBiSea.sol lines 394-400).

4. Conclusion

The audited smart contract can be deployed. Only low severity issues were found during the audit.

Please note, the price may be set in USD without decimals, any cents will be dropped.

The logic splits among many different contracts that can be changed by Team. Therefore overall behavior is unpredictable. Also using many cross-contracts calls significantly increases Gas usage.

Will be better to refactor the entire codebase to make it more readable with clear logic.

Appendix

Smart Contract Audits by Callisto Network.

Miscellaneous

Why Audit Smart Contracts?

Our Most Popular Audit Reports.

Trust the Blockchain, Audit the Smart Contracts.

Follow Callisto’s Security Department on Twitter to get our latest news and updates!