[YFI] ERC20 Token Smart Contract Technical Assessment

[YFI] ERC20 Token Smart Contract Technical Assessment

General Information

Risk Summary

  • Does the contract implement the ERC20 token standards? Yes.
  • Risk analysis : LOW.

Technical Information

  • Compiler version : v0.5.17+commit.d19bba13
  • Decimals : 18
  • Overflow checks : Yes, the contract uses the SafeMath library for uint operations.
  • Mitigation against allowance race-condition : Yes, the contract implements increaseAllowance and decreaseAllowance to get around this issue.
  • Upgradeable contract patterns : No.
  • Access control or restriction lists : No.
  • Non-standard features or behaviors : Yes.
    • Ability of the governance address to add a minter, an address with the ability to mint uint256 amount of tokens.

Formal Verification Considerations:

  • Does transfer have simple semantics? Yes.
  • Does transferFrom have simple semantics? Yes.
  • Can balances be arbitrarily modified by some actor? No.
  • Are there any external calls? No.

Testnet Information

  • N/A, the project prides itself on testing in prod.

Contract Logic Summary

Administrative Addresses

The governance address can add / remove minters, and give itself minting functionality. Governance is currently a 6-of-9 multisig with identified generally known & accepted community members.

Inheritance Structure

YFI’s uses the standard OpenZeppelin ERC20Detailed contract inheritance pattern.

Contract Risk Summary

This is a low risk contract. The ERC20 function are implemented to industry standard, there are checks to prevent over/underflows, the approval race condition is correctly handled using increase/decreaseAllowance functions, and the contract is non-upgradeable. The known risk is the governance address with the ability to add additional minters and set itself as minter. This governance address is currently a 6-of-9 multisig, so the risk is limited.

Supporting Materials

Architecture Diagram


Created using ConsenSys Diligence’s Surya

Inheritance Diagram


Created using ConsenSys Diligence’s Surya

Sūrya’s Description Report

Files Description Table

File Name SHA-1 Hash
YFI.sol 988fb744654879ef1d5871a49baab71600e619fb

Contracts Description Table

Contract Type Bases
Function Name Visibility Mutability Modifiers
IERC20 Interface
totalSupply External :exclamation: NO❗️
balanceOf External :exclamation: NO❗️
transfer External :exclamation: :stop_sign: NO❗️
allowance External :exclamation: NO❗️
approve External :exclamation: :stop_sign: NO❗️
transferFrom External :exclamation: :stop_sign: NO❗️
Context Implementation
Internal :lock: :stop_sign:
_msgSender Internal :lock:
ERC20 Implementation Context, IERC20
totalSupply Public :exclamation: NO❗️
balanceOf Public :exclamation: NO❗️
transfer Public :exclamation: :stop_sign: NO❗️
allowance Public :exclamation: NO❗️
approve Public :exclamation: :stop_sign: NO❗️
transferFrom Public :exclamation: :stop_sign: NO❗️
increaseAllowance Public :exclamation: :stop_sign: NO❗️
decreaseAllowance Public :exclamation: :stop_sign: NO❗️
_transfer Internal :lock: :stop_sign:
_mint Internal :lock: :stop_sign:
_burn Internal :lock: :stop_sign:
_approve Internal :lock: :stop_sign:
ERC20Detailed Implementation IERC20
Public :exclamation: :stop_sign: NO❗️
name Public :exclamation: NO❗️
symbol Public :exclamation: NO❗️
decimals Public :exclamation: NO❗️
SafeMath Library
add Internal :lock:
sub Internal :lock:
sub Internal :lock:
mul Internal :lock:
div Internal :lock:
div Internal :lock:
Address Library
isContract Internal :lock:
SafeERC20 Library
safeTransfer Internal :lock: :stop_sign:
safeTransferFrom Internal :lock: :stop_sign:
safeApprove Internal :lock: :stop_sign:
callOptionalReturn Private :closed_lock_with_key: :stop_sign:
YFI Implementation ERC20, ERC20Detailed
Public :exclamation: :stop_sign: ERC20Detailed
mint Public :exclamation: :stop_sign: NO❗️
setGovernance Public :exclamation: :stop_sign: NO❗️
addMinter Public :exclamation: :stop_sign: NO❗️
removeMinter Public :exclamation: :stop_sign: NO❗️

Legend

Symbol Meaning
:stop_sign: Function can modify state
:dollar: Function is payable
3 Likes