This security analysis report mainly focuses on the potential vulnerabilities and centralization risks of the Onchain Trade project in token staking, rewards, and trading, as well as the potential threats to the platform's stability and security.
Centralization Risks of the Contract
The smart contract of Onchain Trade covers multiple functions related to token staking, rewards, and platform management. The following is our analysis result on centralization, including some core functions of the contract:
addRevenueToken(): This function is responsible for adding a new token as revenue token, and then adding token details to the 'RevenueInfo' mapping and 'revenueInfoList'.
addRevenue(): This function allows the contract owner to add revenue tokens and their quantities, and updates the boost point while ensuring the latest state of staked tokens and reward balances.
updateScore(): This function is used to update the user's score, which is calculated based on the reward quantity obtained by the user per unit of time.
addToken(): This function allows the contract owner to add a new token to the mining token pool, and the token details, including the per-second rewards and start time, will be added to 'PoolInfo'.
setPoolInfo(): This function allows the contract owner to set and update the pool information of a specific LP token, including per-second rewards and end time.
addMintPool(), updateMintPool(): These functions allow the contract owner to add new minting pools or update existing ones, including detailed information such as reward tokens, per-second rewards, start time, and end time.
setUpdater(), setFastPriceEvents(), setPriceDuration(), setMinBlockInterval(), setMaxTimeDeviation(), setLastUpdatedAt(), setMaxDeviationBasisPoints(), setTokens(), setPrice(), setPrices(), setCompactedPrices(): These functions allow the contract owner to set various parameters related to price events, timing, tokens, and token prices.
setOracle(), setRouter(): These functions enable the contract owner to specify the Oracle and Router addresses.
setMinExecFee(), setSystemRouter(): These functions allow the contract owner to set the minimum execution fee and specify the system router.
listPair(), setMaxTotalSize(), setPairStatus(), setTradingFeeRate(), setMaxLeverage(), setMarginRatio(): These functions allow the contract owner to manage token pairs, maximum size, pair status, trading fee rate, maximum leverage, and margin ratio.
setPriceFeed(), setFutureUtil(), setProtocolFeeTo(): These functions enable the contract owner to set the price feed address, utility address, and protocol fee receiver address.
realizePairProtocoFee(), decreaseInsuranceFund(): These functions enable the contract owner or protocol fee receiver to realize pair protocol fees and decrease the insurance fund.
Conclusion
The contract of Onchain Trade covers multiple functionalities related to token staking and reward platform management. It is evident that the contract owner has extensive control over platform parameters, token pools, reward rates, price feeds, etc. We have conducted a security assessment of the contract code and analyzed potential vulnerabilities and risks that may affect platform security and functionality. It is recommended that the project team takes measures to address these issues promptly in order to enhance the quality and stability of the contract.
