OpenFunds.app Staking V1

Rating

Overall Score
70
 
 
 
Backdoors
100
Owner Privileges
95
Fees
75
Complexity
80
Team Trust
20
Other Risk
60
 
 
 
 
 
Higher score is always better

Summary

This smart contract has been reviewed by George Stamp and found no backdoor code, and the owners privilege is to start the dapp. There is no malicious code that allows the owner (or other) to withdraw all funds from the smart contract.

If the user wishes to unstake their funds prior to ROI then they will pay a penalty fee. George Stamp requires DinoBUSD forks to leave the remaining penalty in the contract instead of sending it to the dev wallet (this contract complies).

This is a fork of DinoBUSD with lower ROI, max deposit, and higher withdrawal fees. Unstake penalty is also higher (70% instead of 50%)

See the diff here - https://www.diffchecker.com/sgm9zibL

Contract Details

Chain: BNB Smart Chain.
Token: BUSD (0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56).
Dapp Type : ROI DAPP.
Daily ROI Percent : 6% (not modifiable by owner) - Up to 3x investment.
Minimum deposit: 50 BUSD.
Maximum deposit: 1000 BUSD.
Investors can unstake their deposit and receive only 30% of their initial investment, minus a fee.

Deposit fees takes from investor wallet instead of contract.
Referral Percentage : 1 Level, 5% (not modifiable by owner).
Reward Accumulation Cut Off : 24 hours (not modifiable by owner).

Withdrawal bonus:
- claimable only once,
- 18% bonus if last deposit is 120 days old,
- 5% bonus if last deposit is 45 days old.

Backdoors

There are no backdoor methods that withdraw funds to a non investor wallet.

Owner Privileges

startMarket() - This allows the owner to start the dapp and allows investment.

Fees

Deposit : 6% (not modifiable by owner)
Withdraw : 3% (not modifiable by owner)

Unstake: investor receives 30% of its deposited funds, minus a 6% fee.

Complexity

The contract is a fork of Dino BUSD, compliant with the requirement from George Stamp to allocate unstake penalty fee to the contract’s balance instead of developer wallet.

This contract uses Reentrancy Guard modifiers even though it is not necessary: ERC20 tokens are not vulnerable to reentrancy attacks. Simply following the Pull over Push pattern makes for more readable source code and prevents recursive loop vulnerabilities (reentrancy).

Team Trust

The team has 5 members in their telegram group at the time of the audit and seems to be their first project. They claim to be working for a diginet company, as a first step in decentralized finance.

Other Risk

This is a ROI dapp that relies on new funds being invested, if the contract reaches $0 then investors will not be paid out.
Investors can unstake their deposit and receive only 30% of their initial investment, minus a fee.

While the transfer() function of ERC20 tokens are not vulnerable to reentrancy attacks, it is preferred to use transfer() after state changes, for better development habits.

Disclaimer

This contract has been audited by a human.
Only invest what you can afford to lose.
DYOR - Do your own research