Scribd
Upload
207 views24 pages

Crypto Fantasy League Audit Report

The document summarizes the results of a smart contract security audit conducted by InterFi Network on the Crypto Fantasy League project. The audit found that Crypto Fantasy League's smart contract source code has low risk severity and passed the smart contract audit. InterFi analyzed the smart contract for common vulnerabilities, exploits, and hacks using static analysis, software analysis, manual analysis, and other automated tools and frameworks.

Uploaded by

radyt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
207 views24 pages

Crypto Fantasy League Audit Report

The document summarizes the results of a smart contract security audit conducted by InterFi Network on the Crypto Fantasy League project. The audit found that Crypto Fantasy League's smart contract source code has low risk severity and passed the smart contract audit. InterFi analyzed the smart contract for common vulnerabilities, exploits, and hacks using static analysis, software analysis, manual analysis, and other automated tools and frameworks.

Uploaded by

radyt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

SMART CONTRACT SECURITY AUDIT OF

Crypto Fantasy League


SOCIAL @interfinetwork WEB interfi.network

Summary

Auditing Firm InterFi Network

Architecture InterFi “Echelon” Auditing Standard

Smart Contract Audit Approved By Chris | Blockchain Specialist at InterFi Network

Project Overview Approved By Albert | Marketing Specialist at InterFi Network

Platform Solidity

Mandatory Audit Check Static, Software, Auto Intelligent & Manual Analysis

Consultation Request Date November 10, 2021

Report Date November 13, 2021

Audit Summary

InterFi team has performed a line-by-line manual analysis and automated review of the smart

contract. The smart contract was analyzed mainly for common smart contract vulnerabilities,

exploits, and manipulation hacks. According to the smart contract audit:

v Crypto Fantasy League’s smart contract source code has LOW RISK SEVERITY.

v Crypto Fantasy League has PASSED the smart contract audit.

For the detailed understanding of risk severity, source code vulnerability, and functional test, kindly

refer to the audit.

✅ Verify the authenticity of this report on InterFi’s GitHub: https://github.com/interfinetwork

PAGE 2 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Table Of Contents

Project Information

Overview ................................................................................................................................................................................................ 4

InterFi “Echelon” Audit Standard

Audit Scope & Methodology .................................................................................................................................................... 6

InterFi’s Risk Classification ......................................................................................................................................................... 8

Smart Contract Risk Assessment

Static Analysis .................................................................................................................................................................................... 9

Software Analysis ........................................................................................................................................................................... 13

Manual Analysis...............................................................................................................................................................................15

SWC Attacks .......................................................................................................................................................................................18

Risk Status & Radar Chart ....................................................................................................................................................... 20

Report Summary

Auditor’s Verdict .............................................................................................................................................................................. 21

Legal Advisory

Important Disclaimer ..................................................................................................................................................................22

About InterFi Network ..................................................................................................................................................................23

PAGE 3 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Project Overview
InterFi was consulted by Crypto Fantasy League to conduct the smart contract security audit of

their solidity source code.

About Crypto Fantasy League

CFL offers its users and holders of Token $CFL to earn and play same time. Instead of using

traditional technology CFL uses the blockchain and crypto as their payment options. With this CFL

is more secure and fast than any other Fantasy Sports Platform. Earn 3% reward just by holding

our token and using CFL App

Project Crypto Fantasy League

Blockchain Binance Smart Chain

Language Solidity

Contract 0x78ebC325641c9dB284Fc0E69305aFbc0C92AB475

Website https://cryptofantasyleague.app/

Telegram https://twitter.com/CFLToken

Twitter https://twitter.com/CFLToken

Public logo

PAGE 4 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Solidity Source Code On Blockchain (Verified Contract Source Code)

https://bscscan.com/address/0x78ebC325641c9dB284Fc0E69305aFbc0C92AB475#code

Contract Name: Crypto Fantasy League

Symbol: CFL

Compiler Version: v0.8.9

Optimization Enabled: Yes with 200 runs

Solidity Source Code On InterFi GitHub

https://github.com/interfinetwork/audited-codes/blob/main/CFL.sol

SHA-1 Hash

Solidity source code is audited at hash #28ccd61ccac43b4e17e2d2bc314796cc633f6232

PAGE 5 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Audit Scope & Methodology


The scope of this report is to audit the smart contract source code of Crypto Fantasy League. InterFi

has scanned the contract and reviewed the project for common vulnerabilities, exploits, hacks, and

back-doors. Below is the list of commonly known smart contract vulnerabilities, exploits, and hacks:

Category

v Re-entrancy

v Unhandled Exceptions

v Transaction Order Dependency

v Integer Overflow
Smart Contract Vulnerabilities
v Unrestricted Action

v Incorrect Inheritance Order

v Typographical Errors

v Requirement Violation

v Ownership Takeover

v Gas Limit and Loops

v Deployment Consistency
Source Code Review v Repository Consistency

v Data Consistency

v Token Supply Manipulation

v Access Control and Authorization

v Operations Trail and Event Generation

Functional Assessment v Assets Manipulation

v Liquidity Access

PAGE 6 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

InterFi’s Echelon Audit Standard

The aim of InterFi’s “Echelon” standard is to analyze the smart contract and identify the

vulnerabilities and the hacks in the smart contract. Mentioned are the steps used by ECHELON-1 to

assess the smart contract:

1. Solidity smart contract source code reviewal:

v Review of the specifications, sources, and instructions provided to InterFi to make sure we

understand the size, scope, and functionality of the smart contract.

v Manual review of code, which is the process of reading source code line-byline to identify

potential vulnerabilities.

2. Static, Manual, and Software analysis:

v Test coverage analysis, which is the process of determining whether the test cases are

covering the code and how much code is exercised when we run those test cases.

v Symbolic execution, which is analysing a program to determine what inputs causes each

part of a program to execute.

3. Best practices review, which is a review of the smart contracts to improve efficiency,

effectiveness, clarify, maintainability, security, and control based on the established industry

and academic practices, recommendations, and research.

4. Specific, itemized, actionable recommendations to help you take steps to secure your smart

contracts

Automated 3P frameworks used to assess the smart contract vulnerabilities

v Slither

v Consensys MythX

v Consensys Surya

v Open Zeppelin Code Analyzer

v Solidity Code Complier

PAGE 7 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

InterFi’s Risk Classification


Smart contracts are generally designed to manipulate and hold funds denominated in ETH/BNB.

This makes them very tempting attack targets, as a successful attack may allow the attacker to

directly steal funds from the contract. Below are the typical risk levels of a smart contract:

Vulnerable: A contract is vulnerable if it has been flagged by a static analysis tool as such. As we

will see later, this means that some contracts may be vulnerable because of a false-positive.

Exploitable: A contract is exploitable if it is vulnerable and the vulnerability could be exploited by an

external attacker. For example, if the “vulnerability” flagged by a tool is in a function which requires

to own the contract, it would be vulnerable but not exploitable.

Exploited: A contract is exploited if it received a transaction on the main network which triggered

one of its vulnerabilities. Therefore, a contract can be vulnerable or even exploitable without having

been exploited.

Risk
Meaning
severity

This level vulnerabilities could be exploited easily, and can lead to asset loss, data
! Critical
loss, asset manipulation, or data manipulation. They should be fixed right away.

This level vulnerabilities are hard to exploit but very important to fix, they carry an
! High
elevated risk of smart contract manipulation, which can lead to critical risk severity

This level vulnerabilities are should be fixed, as they carry an inherent risk of future
! Medium
exploits, and hacks which may or may not impact the smart contract execution.

This level vulnerabilities can be ignored. They are code style violations, and

! Low informational statements in the code. They may not affect the smart contract

execution

PAGE 8 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Smart Contract – Static Analysis


Symbol Meaning

🛑 Function can be modified

💵 Function is payable

🔒 Function is locked

🔐 Function can be accessed

❗ Important functionality

**Context** | Implementation | |||


| └ | _msgSender | Internal 🔒 | | |
| └ | _msgData | Internal 🔒 | | |
||||||
| **IERC20** | Interface | |||
| └ | totalSupply | External ❗ | |NO❗ |
| └ | decimals | External ❗ | |NO❗ |
| └ | symbol | External ❗ | |NO❗ |
| └ | name | External ❗ | |NO❗ |
| └ | getOwner | External ❗ | |NO❗ |
| └ | balanceOf | External ❗ | |NO❗ |
| └ | transfer | External ❗ | 🛑 |NO❗ |
| └ | allowance | External ❗ | |NO❗ |
| └ | approve | External ❗ | 🛑 |NO❗ |
| └ | transferFrom | External ❗ | 🛑 |NO❗ |
||||||
| **IUniswapV2Factory** | Interface | |||
| └ | feeTo | External ❗ | |NO❗ |
| └ | feeToSetter | External ❗ | |NO❗ |
| └ | getPair | External ❗ | |NO❗ |
| └ | allPairs | External ❗ | |NO❗ |
| └ | allPairsLength | External ❗ | |NO❗ |
| └ | createPair | External ❗ | 🛑 |NO❗ |
| └ | setFeeTo | External ❗ | 🛑 |NO❗ |
| └ | setFeeToSetter | External ❗ | 🛑 |NO❗ |
||||||
| **IUniswapV2Pair** | Interface | |||
| └ | name | External ❗ | |NO❗ |
| └ | symbol | External ❗ | |NO❗ |
| └ | decimals | External ❗ | |NO❗ |
| └ | totalSupply | External ❗ | |NO❗ |

PAGE 9 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

| └ | balanceOf | External ❗ | |NO❗ |


| └ | allowance | External ❗ | |NO❗ |
| └ | approve | External ❗ | 🛑 |NO❗ |
| └ | transfer | External ❗ | 🛑 |NO❗ |
| └ | transferFrom | External ❗ | 🛑 |NO❗ |
| └ | DOMAIN_SEPARATOR | External ❗ | |NO❗ |
| └ | PERMIT_TYPEHASH | External ❗ | |NO❗ |
| └ | nonces | External ❗ | |NO❗ |
| └ | permit | External ❗ | 🛑 |NO❗ |
| └ | MINIMUM_LIQUIDITY | External ❗ | |NO❗ |
| └ | factory | External ❗ | |NO❗ |
| └ | token0 | External ❗ | |NO❗ |
| └ | token1 | External ❗ | |NO❗ |
| └ | getReserves | External ❗ | |NO❗ |
| └ | price0CumulativeLast | External ❗ | |NO❗ |
| └ | price1CumulativeLast | External ❗ | |NO❗ |
| └ | kLast | External ❗ | |NO❗ |
| └ | mint | External ❗ | 🛑 |NO❗ |
| └ | burn | External ❗ | 🛑 |NO❗ |
| └ | swap | External ❗ | 🛑 |NO❗ |
| └ | skim | External ❗ | 🛑 |NO❗ |
| └ | sync | External ❗ | 🛑 |NO❗ |
| └ | initialize | External ❗ | 🛑 |NO❗ |
||||||
| **IUniswapV2Router01** | Interface | |||
| └ | factory | External ❗ | |NO❗ |
| └ | WETH | External ❗ | |NO❗ |
| └ | addLiquidity | External ❗ | 🛑 |NO❗ |
| └ | addLiquidityETH | External ❗ | 💵 |NO❗ |
| └ | removeLiquidity | External ❗ | 🛑 |NO❗ |
| └ | removeLiquidityETH | External ❗ | 🛑 |NO❗ |
| └ | removeLiquidityWithPermit | External ❗ | 🛑 |NO❗ |
| └ | removeLiquidityETHWithPermit | External ❗ | 🛑 |NO❗ |
| └ | swapExactTokensForTokens | External ❗ | 🛑 |NO❗ |
| └ | swapTokensForExactTokens | External ❗ | 🛑 |NO❗ |
| └ | swapExactETHForTokens | External ❗ | 💵 |NO❗ |
| └ | swapTokensForExactETH | External ❗ | 🛑 |NO❗ |
| └ | swapExactTokensForETH | External ❗ | 🛑 |NO❗ |
| └ | swapETHForExactTokens | External ❗ | 💵 |NO❗ |
| └ | quote | External ❗ | |NO❗ |
| └ | getAmountOut | External ❗ | |NO❗ |
| └ | getAmountIn | External ❗ | |NO❗ |
| └ | getAmountsOut | External ❗ | |NO❗ |
| └ | getAmountsIn | External ❗ | |NO❗ |
||||||
| **IUniswapV2Router02** | Interface | IUniswapV2Router01 |||
| └ | removeLiquidityETHSupportingFeeOnTransferTokens | External ❗ | 🛑 |NO❗ |
| └ | removeLiquidityETHWithPermitSupportingFeeOnTransferTokens | External ❗ | 🛑 |NO❗ |
| └ | swapExactTokensForTokensSupportingFeeOnTransferTokens | External ❗ | 🛑 |NO❗ |
| └ | swapExactETHForTokensSupportingFeeOnTransferTokens | External ❗ | 💵 |NO❗ |

PAGE 10 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

| └ | swapExactTokensForETHSupportingFeeOnTransferTokens | External ❗ | 🛑 |NO❗ |


||||||
| **AntiSnipe** | Interface | |||
| └ | checkUser | External ❗ | 🛑 |NO❗ |
| └ | setLaunch | External ❗ | 🛑 |NO❗ |
| └ | setLpPair | External ❗ | 🛑 |NO❗ |
| └ | setProtections | External ❗ | 🛑 |NO❗ |
| └ | setGasPriceLimit | External ❗ | 🛑 |NO❗ |
| └ | removeSniper | External ❗ | 🛑 |NO❗ |
| └ | getSniperAmt | External ❗ | |NO❗ |
| └ | removeBlacklisted | External ❗ | 🛑 |NO❗ |
||||||
| **Cashier** | Interface | |||
| └ | whomst | External ❗ | |NO❗ |
| └ | setReflectionCriteria | External ❗ | 🛑 |NO❗ |
| └ | tally | External ❗ | 🛑 |NO❗ |
| └ | load | External ❗ | 💵 |NO❗ |
| └ | cashout | External ❗ | 🛑 |NO❗ |
| └ | giveMeWelfarePlease | External ❗ | 🛑 |NO❗ |
| └ | getTotalDistributed | External ❗ | |NO❗ |
| └ | getShareholderInfo | External ❗ | |NO❗ |
| └ | getShareholderRealized | External ❗ | |NO❗ |
| └ | getPendingRewards | External ❗ | |NO❗ |
| └ | initialize | External ❗ | 🛑 |NO❗ |
||||||
| **CrytpoFantasyLeague** | Implementation | IERC20 |||
| └ | <Constructor> | Public ❗ | 💵 |NO❗ |
| └ | owner | Public ❗ | |NO❗ |
| └ | transferOwner | External ❗ | 🛑 | onlyOwner |
| └ | renounceOwnership | Public ❗ | 🛑 | onlyOwner |
| └ | <Receive Ether> | External ❗ | 💵 |NO❗ |
| └ | totalSupply | External ❗ | |NO❗ |
| └ | decimals | External ❗ | |NO❗ |
| └ | symbol | External ❗ | |NO❗ |
| └ | name | External ❗ | |NO❗ |
| └ | getOwner | External ❗ | |NO❗ |
| └ | balanceOf | Public ❗ | |NO❗ |
| └ | allowance | External ❗ | |NO❗ |
| └ | approve | Public ❗ | 🛑 |NO❗ |
| └ | approveContractContingency | Public ❗ | 🛑 | onlyOwner |
| └ | _approve | Private 🔐 | 🛑 | |
| └ | transfer | External ❗ | 🛑 |NO❗ |
| └ | transferFrom | External ❗ | 🛑 |NO❗ |
| └ | isFeeExcluded | Public ❗ | |NO❗ |
| └ | isDividendExcluded | Public ❗ | |NO❗ |
| └ | setInitializers | External ❗ | 🛑 | onlyOwner |
| └ | removeSniper | External ❗ | 🛑 | onlyOwner |
| └ | removeBlacklisted | External ❗ | 🛑 | onlyOwner |
| └ | getSniperAmt | Public ❗ | |NO❗ |
| └ | setProtectionSettings | External ❗ | 🛑 | onlyOwner |

PAGE 11 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

| └ | setGasPriceLimit | External ❗ | 🛑 | onlyOwner |


| └ | enableTrading | Public ❗ | 🛑 | onlyOwner |
| └ | setDividendExcluded | Public ❗ | 🛑 | onlyOwner |
| └ | setExcludedFromFees | Public ❗ | 🛑 | onlyOwner |
| └ | setTaxes | External ❗ | 🛑 | onlyOwner |
| └ | setRatios | External ❗ | 🛑 | onlyOwner |
| └ | setWallets | External ❗ | 🛑 | onlyOwner |
| └ | setContractSwapSettings | External ❗ | 🛑 | onlyOwner |
| └ | setSwapSettings | External ❗ | 🛑 | onlyOwner |
| └ | setReflectionCriteria | External ❗ | 🛑 | onlyOwner |
| └ | setReflectorSettings | External ❗ | 🛑 | onlyOwner |
| └ | giveMeWelfarePlease | External ❗ | 🛑 |NO❗ |
| └ | getTotalReflected | External ❗ | |NO❗ |
| └ | getUserInfo | External ❗ | |NO❗ |
| └ | getUserRealizedGains | External ❗ | |NO❗ |
| └ | getUserUnpaidEarnings | External ❗ | |NO❗ |
| └ | getCirculatingSupply | Public ❗ | |NO❗ |
| └ | getMaxWalletSizeUI | Public ❗ | |NO❗ |
| └ | setNewRouter | Public ❗ | 🛑 | onlyOwner |
| └ | setLpPair | External ❗ | 🛑 | onlyOwner |
| └ | setMaxTxPercent | Public ❗ | 🛑 | onlyOwner |
| └ | setMaxWalletSize | Public ❗ | 🛑 | onlyOwner |
| └ | liftFirstHourLimits | Public ❗ | 🛑 | onlyOwner |
| └ | excludePresaleAddresses | External ❗ | 🛑 | onlyOwner |
| └ | _hasLimits | Private 🔐 | | |
| └ | _transfer | Internal 🔒 | 🛑 | |
| └ | _finalizeTransfer | Internal 🔒 | 🛑 | |
| └ | processTokenReflect | Internal 🔒 | 🛑 | |
| └ | _basicTransfer | Internal 🔒 | 🛑 | |
| └ | takeTaxes | Internal 🔒 | 🛑 | |
| └ | contractSwap | Internal 🔒 | 🛑 | swapping |
| └ | manualDepost | External ❗ | 🛑 | onlyOwner |
| └ | _checkLiquidityAdd | Private 🔐 | 🛑 | |

PAGE 12 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Smart Contract – Software Analysis


Function Signatures

26003957 => setMaxWalletSize(uint256,uint256)


119df25f => _msgSender()
8b49d47e => _msgData()
18160ddd => totalSupply()
313ce567 => decimals()
95d89b41 => symbol()
06fdde03 => name()
893d20e8 => getOwner()
70a08231 => balanceOf(address)
a9059cbb => transfer(address,uint256)
dd62ed3e => allowance(address,address)
095ea7b3 => approve(address,uint256)
23b872dd => transferFrom(address,address,uint256)
017e7e58 => feeTo()
094b7415 => feeToSetter()
e6a43905 => getPair(address,address)
1e3dd18b => allPairs(uint256)
574f2ba3 => allPairsLength()
c9c65396 => createPair(address,address)
f46901ed => setFeeTo(address)
a2e74af6 => setFeeToSetter(address)
3644e515 => DOMAIN_SEPARATOR()
30adf81f => PERMIT_TYPEHASH()
7ecebe00 => nonces(address)
d505accf => permit(address,address,uint256,uint256,uint8,bytes32,bytes32)
ba9a7a56 => MINIMUM_LIQUIDITY()
c45a0155 => factory()
0dfe1681 => token0()
d21220a7 => token1()
0902f1ac => getReserves()
5909c0d5 => price0CumulativeLast()
5a3d5493 => price1CumulativeLast()
7464fc3d => kLast()
6a627842 => mint(address)
89afcb44 => burn(address)
022c0d9f => swap(uint256,uint256,address,bytes)
bc25cf77 => skim(address)
fff6cae9 => sync()
485cc955 => initialize(address,address)
ad5c4648 => WETH()

PAGE 13 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Inheritance Graph

PAGE 14 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Smart Contract – Manual Analysis


Function Description Tested Verdict

provides information about the total token


Total Supply Yes Passed
supply

provides account balance of the owner's


Balance Of Yes Passed
account

executes transfers of a specified number of


Transfer Yes Passed
tokens to a specified address

allow a spender to withdraw a set number of


Approve Yes Passed
tokens from a specified account

returns a set number of tokens from a spender to


Allowance Yes Passed
the owner

is an action in which the project buys back its

Buy Back tokens from the existing holders usually at a NA NA


market price

executes transfers of a specified number of


Burn NA NA
tokens to a burn address

executes creation of a specified number of


Mint NA NA
tokens and adds it to the total supply

circulating token supply adjusts (increases or

Rebase decreases) automatically according to a token's NA NA


price fluctuations

stops specified wallets from interacting with the


Blacklist Yes Passed
smart contract function modules

stops or locks all function modules of the smart


Lock NA NA
contract

PAGE 15 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Review

v Active smart contract owner: 0xe8bf6e4ea3239c10382e7644407824e46196ab9f

v Be aware that active smart contract owner privileges constitute an elevated impact to

smart contract’s safety and security.

v Smart contract owner can blacklist certain wallets from interacting with the contract

function modules.

v Owner can-not lock or burn user assets.

v Owner can-not stop or pause the smart contract.

v Owner can-not mint tokens after launch.

v The smart contract utilizes “SafeMath” function to avoid common smart contract

vulnerabilities.

string private _name = "Crypto Fantasy League";

string private _symbol = "CFL";

library SafeMath {
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");

function sub(uint256 a, uint256 b) internal pure returns (uint256) {


return sub(a, b, "SafeMath: subtraction overflow");

uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");

return c;

function div(uint256 a, uint256 b) internal pure returns (uint256) {


return div(a, b, "SafeMath: division by zero");

function mod(uint256 a, uint256 b) internal pure returns (uint256) {


return mod(a, b, "SafeMath: modulo by zero");

PAGE 16 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

v The smart contract has 1 low severity issue which may or may not create any functional

vulnerability.

"resource": " /CFL.sol",

"owner": "_generated_diagnostic_collection_name_#0",

"severity": 8, (! Low Severity)

" Import directive or contract/interface/library definition.”,

"source": "solc",

PAGE 17 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Smart Contract – SWC Attacks

SWC ID Description Verdict

SWC-101 Integer Overflow and Underflow Passed

SWC-102 Outdated Compiler Version Passed

SWC-103 Floating Pragma ! Low

SWC-104 Unchecked Call Return Value Passed

SWC-105 Unprotected Ether Withdrawal Passed

SWC-106 Unprotected SELFDESTRUCT Instruction Passed

SWC-107 Re-entrancy Passed

SWC-108 State Variable Default Visibility Passed

SWC-109 Uninitialized Storage Pointer Passed

SWC-110 Assert Violation Passed

SWC-111 Use of Deprecated Solidity Functions Passed

SWC-112 Delegate Call to Untrusted Callee Passed

SWC-113 DoS with Failed Call Passed

SWC-114 Transaction Order Dependence Passed

SWC-115 Authorization through tx.origin Passed

SWC-116 Block values as a proxy for time Passed

SWC-117 Signature Malleability Passed

SWC-118 Incorrect Constructor Name Passed

PAGE 18 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

SWC-119 Shadowing State Variables Passed

SWC-120 Weak Sources of Randomness from Chain Attributes Passed

SWC-121 Missing Protection against Signature Replay Attacks Passed

SWC-122 Lack of Proper Signature Verification Passed

SWC-123 Requirement Violation Passed

SWC-124 Write to Arbitrary Storage Location Passed

SWC-125 Incorrect Inheritance Order Passed

SWC-126 Insufficient Gas Griefing Passed

SWC-127 Arbitrary Jump with Function Type Variable Passed

SWC-128 DoS With Block Gas Limit Passed

SWC-129 Typographical Error Passed

SWC-130 Right-To-Left-Override control character (U+202E) Passed

SWC-131 Presence of unused variables Passed

SWC-132 Unexpected Ether balance Passed

SWC-133 Hash Collisions With Multiple Variable Length Arguments Passed

SWC-134 Message call with hardcoded gas amount Passed

SWC-135 Code With No Effects (Irrelevant/Dead Code) Passed

SWC-136 Unencrypted Private Data On-Chain Passed

PAGE 19 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Smart Contract - Risk Status & Radar Chart

Risk Severity Status

! Critical None critical severity issues identified

! High None high severity issues identified

! Medium None medium severity issues identified

! Low 1 low severity issue identified

Passed 41 functions and instances verified and passed

Score out of 100

Compiler Check
100

95

90

85
Interface Safety Static Analysis
80

75

Manual Analysis Software Analysis

Compiler Check 90

Static Analysis 90

Software Analysis 95

Manual Analysis 92

Interface Safety 94

PAGE 20 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Auditor’s Verdict
InterFi team has performed a line-by-line manual analysis and automated review of the smart

contract. The smart contract was analyzed mainly for common smart contract vulnerabilities,

exploits, and manipulation hacks.

Crypto Fantasy League’s smart contract source code has LOW RISK SEVERITY.

Crypto Fantasy League has PASSED the smart contract audit.

Note for stakeholders

v Be aware that active smart contract owner privileges constitute an elevated impact on smart

contract’s safety and security.

v Make sure that the project team’s KYC/identity is verified by an independent firm, e.g., InterFi.

v Always check if the contract’s liquidity is locked. A longer liquidity lock plays an important role

in project’s longevity. It is recommended to have multiple liquidity providers.

v Examine the unlocked token supply in the owner, developer, or team’s private wallets.

Understand the project’s tokenomics, and make sure the tokens outside of the LP Pair are

vested or locked for a longer period of time.

v Ensure that the project’s official website is hosted on a trusted platform, and is using an active

SSL certificate. The website’s domain should be registered for a longer period of time.

PAGE 21 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

Important Disclaimer
InterFi Network provides contract auditing and project verification services for blockchain projects.

The purpose of the audit is to analyse the on-chain smart contract source code, and to provide

basic overview of the project. This report should not be transmitted, disclosed, referred to, or

relied upon by any person for any purposes without InterFi’s prior written consent.

InterFi provides the easy-to-understand assessment of the project, and the smart contract

(otherwise known as the source code). The audit makes no statements or warranties on the security

of the code. It also cannot be considered as an enough assessment regarding the utility and safety

of the code, bug-free status, or any other statements of the contract. While we have used all the

data at our disposal to provide the transparent analysis, it is important to note that you should not

rely on this report only — we recommend proceeding with several independent audits and a public

bug bounty program to ensure the security of smart contracts. Be aware that smart contracts

deployed on a blockchain aren’t resistant from external vulnerability, or a hack. Be aware that

active smart contract owner privileges constitute an elevated impact to smart contract’s safety

and security. Therefore, InterFi does not guarantee the explicit security of the audited smart

contract.

The analysis of the security is purely based on the smart contracts alone. No applications or

operations were reviewed for security. No product code has been reviewed.

This report should not be considered as an endorsement or disapproval of any project or team.

The information provided on this report does not constitute investment advice, financial advice,

trading advice, or any other sort of advice and you should not treat any of the report’s content as

such. Do conduct your own due diligence and consult your financial advisor before making any

investment decisions.

PAGE 22 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

About InterFi Network


InterFi Network provides intelligent blockchain solutions. InterFi is developing an ecosystem that is

seamless and responsive. Some of our services: Blockchain Security, Token Launchpad, NFT

Marketplace, etc. InterFi’s mission is to interconnect multiple services like Blockchain Security,

DeFi, Gaming, and Marketplace under one ecosystem that is seamless, multi-chain compatible,

scalable, secure, fast, responsive, and easy-to-use.

InterFi is built by a decentralized team of UI experts, contributors, engineers, and enthusiasts from

all over the world. Our team currently consists of 6+ core team members, and 10+ casual

contributors. InterFi provides manual, static, and automatic smart contract analysis, to ensure

that project is checked against known attacks and potential vulnerabilities.

To learn more, visit https://interfi.network

To view our audit portfolio, visit https://github.com/interfinetwork

To book an audit, message https://t.me/interfiaudits

PAGE 23 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE


SOCIAL @interfinetwork WEB interfi.network

PAGE 24 | SMART CONTRACT SECURITY AUDIT OF CRYPTO FANTASY LEAGUE

You might also like