Is token trading still secure? Centralization Risks in OnchainTrade Smart Contract

This security report outlines Project Onchain Trade's potential vulnerabilities and centralization risks on token staking, rewarding and trading, which could pose significant threats to the integrity and security of the platform.

Contract Centralized Risk

This smart contract encompasses several functions related to the management of a token staking and reward platform. Here's a centralized report outlining the core functions:

1. addRevenueToken(): This function is responsible for adding a new token as a revenue token. The token details are then added to the 'RevenueInfo' map and the 'revenueInfoList'.

2. addRevenue(): This function allows the contract owner to add revenue tokens, their amounts, and also updates the 'boost point'. It also ensures the stake token and reward balances are kept updated.

3. updateScore(): This function is for updating the score of a user. The score is computed based on the amount of reward the user has earned per unit time.

4. addToken(): This function allows the contract owner to add a new token to the pool of tokens for mining. The details of the token, including the reward per second and the start time, are added to 'PoolInfo'.

5. setPoolInfo(): This function allows the contract owner to set and update the pool info for a particular LP token, including the reward per second and the end time.

6. addMintPool(), updateMintPool(): These functions let the contract owner add a new mint pool or update an existing one, with details like the reward token, reward per second, start time, and end time.

7. setUpdater(), setFastPriceEvents(), setPriceDuration(), setMinBlockInterval(), setMaxTimeDeviation(), setLastUpdatedAt(), setMaxDeviationBasisPoints(), setTokens(), setPrice(), setPrices(), setCompactedPrices(): These functions allow the contract owner to set various parameters related to price events, timing, tokens, and token prices.

8. setOracle(), setRouter(): These functions enable the contract owner to specify the Oracle and Router addresses.

9. setMinExecFee(), setSystemRouter(): These functions let the contract owner set the minimum execution fee and designate a system router.

10. listPair(), setMaxTotalSize(), setPairStatus(), setTradingFeeRate(), setMaxLeverage(), setMarginRatio(): These functions let the contract owner manage the pairing of tokens, maximum size, pair status, trading fee rate, maximum leverage, and margin ratio.

11. setPriceFeed(), setFutureUtil(), setProtocolFeeTo(): These functions enable the contract owner to set the price feed address, future utility address, and protocol fee recipient address.

12. realizePairProtocoFee(), decreaseInsuranceFund(): These functions let the contract owner or protocol fee recipient realize the pair protocol fee and decrease the insurance fund.

Conclusion

The contract encompasses several functions related to the management of a token staking and reward platform. The contract owner has extensive control over platform parameters, token pools, reward rates, price feeds, and more. We have analyzed the contract code and identified potential vulnerabilities and risks that could affect the security and functionality of the platform. Practices should be taken to mitigate these issues and improve the quality and robustness of the contract.

About Us

At MetaTrust, our primary focus is on creating a secure infrastructure that caters to the needs of developers in the WEB 3.0 space. We offer an array of AI-Driven automation tools and security services to assist Web3 developers and project stakeholders in achieving a secure development environment.

Website || Twitter || Telegram || MetaScan for FREE