Bridge Oracle (Hybrid Liquidity Mining) - Audit

Off-Chain (Private)
Audited on 2023/04/18
No active critical issues
Access report

Summary

Bridge Oracle allows external data to be easily injected into blockchain and smart contracts allowing developers to leverage the terabytes of data available on Web2.0 to build a whole range of useful and impactful dApps without having to compromise on security.

Issues (5)

Low
Medium
High
Critical
Total
Not fixed
1-1-2
Fixed
3---3
Total40105
Centralization Related Risks
not_fixed/high
In the contract `Ownable` the role `_owner` has authority over the functions shown in the diagram below.
Any compromise to the `_owner` account may allow the hacker to take advantage of this authority.
![](https://accelerator-tasks-prod.acc.corp.certik.com/8f69f7f45ed145838445bcd0366341fc/diagrams/centralization_BRGPool-Ownable-_owner.svg)

In the contract `SmartChefFactory` the role `_owner` has authority over the functions shown in the diagram below.
Any compromise to the `_owner` account may allow the hacker to take advantage of this authority.
![](https://accelerator-tasks-prod.acc.corp.certik.com/8f69f7f45ed145838445bcd0366341fc/diagrams/centralization_BRGPool-SmartChefFactory-_owner.svg)

In the contract `SmartChefInitializable` the role `SMART_CHEF_FACTORY` has authority over the functions shown in the diagram below.
Any compromise to the `SMART_CHEF_FACTORY` account may allow the hacker to take advantage of this authority.
![](https://accelerator-tasks-prod.acc.corp.certik.com/8f69f7f45ed145838445bcd0366341fc/diagrams/centralization_BRGPool-SmartChefInitializable-SMART_CHEF_FACTORY.svg)

In the contract `SmartChefInitializable` the role `_owner` has authority over the functions shown in the diagram below.
Any compromise to the `_owner` account may allow the hacker to take advantage of this authority.
![](https://accelerator-tasks-prod.acc.corp.certik.com/8f69f7f45ed145838445bcd0366341fc/diagrams/centralization_BRGPool-SmartChefInitializable-_owner.svg)
Third Party Dependency
not_fixed/low
The contract is serving as the underlying entity to interact with one or more third party protocols. The scope of the audit treats third party entities as black boxes and assume their functional correctness. However, in the real world, third parties can be compromised and this may lead to lost or stolen assets. In addition, upgrades of third parties can possibly create severe impacts, such as increasing fees of third parties, migrating to new LP pools, etc.

```solidity=870
    IBEP20 public rewardToken;
```
- The contract `SmartChefInitializable` interacts with third party contract with `IBEP20` interface via `rewardToken`.


---
```solidity=873
    IBEP20 public stakedToken;
```
- The contract `SmartChefInitializable` interacts with third party contract with `IBEP20` interface via `stakedToken`.


---
```solidity=1031
    function recoverWrongTokens(address _tokenAddress, uint256 _tokenAmount) external onlyOwner {
```
- The function `SmartChefInitializable.recoverWrongTokens` interacts with third party contract with `IBEP20` interface via `_tokenAddress`.

Contract (1)

#File Name
1

BRGPool.sol