Extra Finance (EXTRA) Token Smart Contract Audit

 Project Background

Website Details

  • Extra Finance is a leveraged yield strategy & lending protocol built on Optimism/Base.
  • Extra Finance offers leveraged yield farming, allowing users to maximize earnings by leveraging stable pools like $ETH/$USDC for attractive yield rates and depositing assets in the Lending Pool for steady passive income. However, careful risk assessment and active management are crucial to mitigate potential drawbacks and ensure a successful farming experience.

Website: app.extrafi.io

Code Details

The provided code implements a cross-chain token called `EXTRAoft` that leverages the LayerZero protocol to facilitate sending tokens between different blockchain networks. This functionality is achieved through several abstract and base contracts that define essential methods and events for handling cross-chain messaging and token operations. Here’s a detailed breakdown of the key components and their roles:

  • Contract Components:
    • EXTRAoft Contract:
      • Inherits `OFT`.
      • Initializes the token with the name “Extra Finance” and symbol “EXTRA”.
      • Configures the contract to use a specified LayerZero endpoint for crosschain operations.
    • OFT Contract:
      • Inherits `OFTCore`, `ERC20`, and `IOFT`.
      • Implements the ERC20 token standard alongside the crosschain functionalities provided by `OFTCore`.
      • Defines `_debitFrom` and `_creditTo` methods to handle burning and minting tokens during crosschain transfers.
      • Provides additional methods to support ERC165 interface checks and tokenspecific details like total supply.
    • OFTCore Contract:
      • Inherits `NonblockingLzApp`, `ERC165`, and `IOFTCore`.
      • Provides core functionalities for an Omnichain Fungible Token (OFT), including support for estimating send fees and sending tokens across chains.
      • Implements the `_send` and `_sendAck` methods to handle token transfers and acknowledgments.
      • Includes abstract methods `_debitFrom` and `_creditTo` for debiting and crediting tokens, to be defined in derived contracts.
    • NonblockingLzApp Contract:
      • Inherits `LzApp`.
      • Adds functionality for handling message failures and retries.
      • Stores failed messages and emits events when messages fail or succeed on retry.
      • Implements `_blockingLzReceive` to safely call the nonblocking receive method and store failed messages if necessary.
    • LzApp Contract:
      • Inherits `Ownable`, `ILayerZeroReceiver`, and `ILayerZeroUserApplicationConfig`.
      • Manages the configuration and communication with the LayerZero endpoint.
      • Contains mappings to store trusted remote addresses, minimum destination gas requirements, and payload size limits.
      • Defines methods to receive messages (`lzReceive`), send messages (`_lzSend`), and configure various settings such as trusted remotes and gas limits.
  • The `EXTRAoft` contract extends a sophisticated framework for creating a cross-chain token that can be sent and received across different blockchain networks using the LayerZero protocol. The modular design allows for easy customization and extension while providing robust mechanisms for handling cross-chain messaging and token management.

Audit Summary

  • We observed 1 low and 2 Informational issues in the smart contracts. but those are not critical.
  • The security state of the reviewed smart contract, based on standard audit procedure scope, is “Secured”.

Executive Audit Summary

  • According to the standard audit assessment, the Customer`s solidity smart contracts are “Secured”. Also, these contracts contain owner control, which does not make them fully decentralized.
  • We used various tools like Slither, Solhint and Remix IDE. At the same time this finding is based on critical analysis of the manual audit.

Audit Report in PDF


pdf

Audit Report Flip book

Please wait while flipbook is loading. For more related info, FAQs and issues please refer to DearFlip WordPress Flipbook Plugin Help documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 7 =