[UNI] ERC20 Token Smart Contract Domain Community Assessment

[UNI] ERC20 Token Smart Contract Domain Community Assessment

General Information

Risk Summary

  • Does the contract implement the ERC20 token standards?
    Yes, the contract implements all the required ERC20 functions.
  • Risk analysis: LOW

Technical Information

  • Compiler version: v0.5.16+commit.9c3226ce
  • Decimals: 18
  • Overflow checks: Yes, the contract has custom safe Integer and add functions
  • Mitigation against allowance race-condition: No, the approve function has a race condition
  • Upgradeable contract patterns: No
  • Access control or restriction lists: Minter access to setMinter and mint functions
  • Non-standard features or behaviors: permit, minting, voting, and vote delegation related functions

Formal Verification Considerations:

  • Does transfer have simple semantics? Yes
  • Does transferFrom have simple semantics? Yes
  • Can balances be arbitrarily modified by some actor? No
  • Are there any external calls? No

Testnet Information

Ropsten: 0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984
Rinkeby: 0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984
Görli: 0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984
Kovan: 0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984

UNI networks deployment information: https://uniswap.org/docs/v2/governance/overview/

Contract Logic Summary

At its core the implementation is a standard erc20 contract which uses the custom safe integer and add functions.
The contract also implements mint functions which use a custom SafeMath Library derived form Math (OpenZeppelin), permit function and various voting, and vote delegation functions.

Administrative Addresses

Below is a list of addresses related to token management:

delegation typehash: 0xe48329057bfd03d55e49b547132e39cffd9c1820ad7b9d4c5307691425d15adf
domain typehash: 0x8cad95687ba82c2ce50e74f7b754645e5117c3a5bec8151c0726d5857980a866
permit typehash: 0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9

Contract Risk Summary

This is a low risk contract. The ERC20 functions are implemented to the industry standard, although approve does have a race condition. The contract makes use of custom functions to prevent integer underflow and overflow. A number of voting functions are also implemented as UNI is a governance token.

Supporting Materials


Architecture Diagram

Inheritance Diagram

Sūrya’s Description Report

Files Description Table

File Name SHA-1 Hash
uni.sol 46e82a5db81f02d25309cbb6197827064d11c265

Contracts Description Table

Contract Type Bases
L Function Name Visibility Mutability Modifiers
SafeMath Implementation
L add Internal :lock: :x:
L add Internal :lock: :x:
L sub Internal :lock: :x:
L sub Internal :lock: :x:
L mul Internal :lock: :x:
L mul Internal :lock: :x:
L div Internal :lock: :x:
L div Internal :lock: :x:
L mod Internal :lock: :x:
L mod Internal :lock: :x:
Uni Implementation
L Public :exclamation: :red_circle: :x:
L setMinter External :exclamation: :red_circle: :x:
L mint External :exclamation: :red_circle: :x:
L allowance External :exclamation: :x:
L approve External :exclamation: :x:
L permit External :exclamation: :red_circle: :x:
L balanceOf External :exclamation: :x:
L transfer External :exclamation: :red_circle: :x:
L transferFrom External :exclamation: :red_circle: :x:
L delegate Public :exclamation: :red_circle: :x:
L delegateBySig Public :exclamation: :red_circle: :x:
L getCurrentVotes External :exclamation: :x:
L getPriorVotes External :exclamation: :x:
L _delegate Internal :lock: :red_circle:
L _transferTokens Internal :lock: :red_circle:
L _moveDelegate Internal :lock: :red_circle:
L _writeCheckpoint Internal :lock: :red_circle:
L safe32 Internal :lock:
L safe96 Internal :lock:
L add96 Internal :lock:
L sub96 Internal :lock:
L getChainId Internal :lock:


Symbol Meaning
:red_circle: Function can modify state
:dollar: Function is payable