[Audit Report] SuperWalk - xGRND Staking

Reported at
3 more properties
Report realeased on Oct 20, 2022

About xGRND Staking

The project is an implementation of the ERC-4626 tokenized vault. The user can deposit the asset token and receive the reward-bearing token(xGRND) accordingly. The contract owner can deposit the reward and set the reward period and reward rate. By default, the reward period is set to 8 hours(28800 seconds), which means that every 8 hours the contract emits rewards. The emitted reward is distributed to users pro rata their deposit amount of asset token.
Users who deposit the asset token into the contract can request to withdraw their tokens. The withdrawal request is enqueued to the contract’s mapping. To receive the enqueued asset token, users have to wait until the unstaking period is passed. After the unstaking period, the user can call the collectGrnd function. The function transfers the user’s token and dequeue withdrawal requests from the mapping.
The contract owner has the privilege to set reward rate and period, furthermore, withdraw rewards. The contract can be paused or unpaused by the contract owner and is upgradeable using a proxy pattern.

Purpose of this report

This report was prepared to audit the security of the xGRND staking contract developed by the Superwalk team. HAECHI AUDIT conducted the audit focusing on whether the system created by the Superwalk team is soundly implemented and designed as specified in the published materials, in addition to the safety and security of the staking contract.
In detail, we have focused on the following
Correctness of reward calculation.
Correctness of period calculation.
Storage variable access control.
Adequate implementation of ERC4626 spec.
Existence of known smart contract vulnerabilities.
*The audited code can be non-disclosure as the client requests.
HAECHI AUDIT is a flagship service of HAECHI LABS, the leader of the global blockchain industry. We bring together the best Web2 and Web3 experts. Security Researchers with expertise in cryptography, leaders of the global best hacker team, and blockchain/smart contract experts are responsible for securing your Web3 service.
We have secured over $60b worth of crypto assets across 400+ global crypto projects — L1/L2 projects, defi protocols, P2E games, and bridges — notably 1inch, SushiSwap, Badger DAO, SuperRare, Klaytn and Chainsafe. HAECHI AUDIT is the only blockchain technology company selected for the Samsung Electronics Startup Incubation Program in recognition of our expertise. We have also received technology grants from the Ethereum Foundation and Ethereum Community Fund.
Secure your smart contracts with HAECHI AUDIT.
Official website: