1inch Farming is a DeFi conglomerate with several product offerings, including a popular liquidity aggregator. We were approached to perform a security assessment for their upcoming ERC20 extension proposal. The proposal standardizes the new extension
ERC20Farmable, which is essentially an ERC20 token that supports yield farming.
We carefully reviewed the scoped contracts and we discovered 6 findings. Fortunately, no issues in the business logic were found. Of the 6 findings, 1 was of low impact and the remaining findings were informational in nature. Overall, we applaud 1inch for their attention to detail and diligence in maintaining high code quality standards.
The ERC20Farmable project is being proposed as an efficient and thoughtful alternative to other staking contracts. It allows users to reap rewards from their holdings while still being in control of their tokens. For this audit, the contracts themselves were relatively straightforward.
During this audit, we exercised increased scrutiny towards potential code maturity issues. The 1inch farming project is to be submitted to OpenZeppelin as an ERC-20 extension. Even minor findings could have a widespread impact, as these contracts could eventually be used by a large number of downstream projects. Thus, we audited the scoped contracts to the highest level of detail.