HECO Farms

The project implements an individual contract for each farm and pool. These contracts interact with the same vault. It is a multi-chain platform and 🚨 unfortunately a few contracts are found unverified on some of the chains [ex BSC, OKC]. In most implementations, the same code is implemented, but in some the blacklist functionality is added.

Although, taking into account the amount of resources that we should allocate to the review of each of the contracts of each of the chains, and considering that the review may not be valid for future pools added, we would initially rate the project as [not eligible] but considering the below, the rating will be [high risk].

• 🚨 Receipt Tokens Ownership has not been renounced.
• 🚨 Vault Ownership has not been renounced.
• 🚨 Funds deposited in the vault can be withdrawn by the gov (or from any address that is given the whitdraw role) at any time directly and/or indirectly.
• 🚨Vault contract can be paused.
• 🚨 Users can be blacklisted and unable to make new deposits and withdraw previously made deposits.
• ⚠️ Project uses its own router which seems to be a fork of Uniswap V2 (0.225% swap fee). Ensure that you perform a small test transaction first and check that the Router contract matches the one here:
  • AVAX 0x14f800...9895
  • BSC 0x6A1A6B...4F01
  • ETH 0x69cd48...39e0
  • HECO 0x00efb9...a694
  • OKC 0x56cdde...1707

RugDoc KYC: Project owner has KYC’d to us, and has signalled his transparency and commitment to this project and shall retain full responsibility over them and any actions taken by them.

• ✅ KYC'd with RugDoc

We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours.

Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.

Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

The DUSD stablecoin is part of a lending protocol, Demeter, in HECO. The protocol appears to offer staking options as well to distribute its governance token. While its lending options appears to be a fork of Venus (BSC) which involves multiple complex contracts that manages the collateral factors of each users, monitors user DUSD minting, repayment, liquidation eligibility, price feed monitoring, governance, and etc.

We reserve the right to not review projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and requires tons of peer reviews and audits from top audit companies. Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

Description

Blockchain Monster Hunt (BCMH) is the world’s first multi-chain game that runs entirely on the blockchain itself. Inspired by Pokémon-GO, BCMH allows players to continuously explore brand-new locations on the blockchain to hunt and battle monsters. Each block on the blockchain is a unique digital space where a limited number of Monsters (of the same DNA gene and rarity) may exist. Players and collectors can hunt or battle for a chance to capture these unique Monsters and to earn coins.

Max Mintable / Minted (At time of listing)

• 16,500  / 0%

Mint Price

• Unknown

Launch Details

• Initial NFT Offering
  • First Genesis Hunt starts at 25. Oct 2021 @ Polygon Chain

• Genesis Monsters cannot be caught or created within the game, and come with the following benefits:

• Exclusive staking pool, separate from the rest of the Blockchain Monster Universe
• Genesis Monsters are required to engineer (breed) new Monsters – and Genesis Monsters can be lent to those that need them for breeding with the in-game NFT Flash Loan feature
• Increased chance of catching other Monsters in battle
• Total supply 16,500 Genesis Monsters, within 22 species

Contract

• ✅ Verified
• ⚠️ Token contract is behind an upgradeable proxy

Community Hypestatus

• 49,851 Follower @ Twitter
• 39,428 Members @ Discord
• 9,200 Follower @ Medium
• 6,819 Members @ Telegram

Panther fork

• ✅ Max 4% deposit fees
• ⚠️ Masterchef currently not behind a timelock
• ✅ Correctly accounts for transfer taxes on any token pool
• 2% referral (max 20%)
• 5% of emission rewards minted to dev address
• ⚠️ Transfer-tax liquidity tokens can be sent to the operator wallet. Please clarify with the project on how they plan to use this.
• 0.4% transfer tax (max 4%)
• 2.5% anti-whale (fixed)
• Antibot: 1 txn every 20 blocks.

⚠️ TRIPLE CHECK the contract you interact with matches the one reviewed here (0xb63ab342...a7dd).

The project focuses on Cross-chain swaps, yield farming, auto-compounding vaults, staking, referral program, lottery and more.

We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours.

Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.

Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

🚨PancakeSwap fork with migrator code intact🚨

• ⚠️ Masterchef currently not behind a timelock.
• 🚨 Has the SYRUP bug with the CREAM token when staking in the BUT Cream pool 2.0.
• ⚠️ Does not support deflationary/transfer-tax token pools, just clarify with project that none will be added
• 1/10th of emission rewards minted to dev address.
• ⚠️The project have your own AMM. The Router and Factory are clean clone of PCS Router and Factory, ensure that you perform a small test transaction first and check that the Router contract matches the one reviewed here.

⚠️ TRIPLE CHECK the contract you interact with matches the one reviewed here (0x89a3BfA...2935)

⚠️ Note: Vault, Board and Referral contracts have not been reviewed.

We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours.

Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.

Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

Uses an upgradeable proxy, which means there is a high risk of hard rugs.

That being said, it's possible that this has a lot more mitigating factors due to the fact that it's likely that it's owned by or closely connected to Mdex, a cornerstone project in Mainland China / the HECO universe.

They give out single staking Mdex rewards, while Mdex phased their single staking rewards out.

If you look at a list of their partnerships, they're mostly all Tier 1 VC's in China, and/or the same ones that associate with Mdex, on top of having Certik audits, etc.

Burgerswap on BSC has white labeled their service for xburger as well.  So not your typical low grade trash project using proxies, but technically according to our scoring system, you should use extreme caution

Cornerstone AMM and project for HECO (The Pancakeswap or Uniswap of HECO) and have expanded to BSC.  Several billion $ worth of TVL on both chains at the time of this review, and they have many novel features / concepts like liquidity mining instead of just yield farming.  Super integrated into the Mainland China crypto space, with deep ties to Huobi and many other type gigantic crypto entities.

Multiple audits from Tier 1 companies (Slowmist, Certik Fairyproof)

Leveraged yield farm that got their LP funds stuck in PancakeSwap

Cross chain auto compounding vault. Interacts with an unverified contract. Has certik audit on Github repository contracts...but not the verified contract.

first goose fork on huobi chain, clean fork deposit fees up to 100% possible, timelock in place

Cornerstone vault project from BSC that has expanded to multiple chains.  As with most vaults, they have elevated governance powers to be able to modify and change strategies which theoretically would allow them to execute malicious contracts, locked behind a 6 hour timelock.  That being said, the team is one of the most open and transparent teams and has a talented dev team and only one operational incident in their history which they reimbursed users for.  They have multiple Certik Audits and a DefiYield audit.

As with all vaults, they contain a higher level of risk since they are building a product on top of other underlying products and introduce more vectors to attack, but due to its operational history and all the factors mentioned, we are marking this project as Grey.

Cornerstone vault project from BSC that has expanded to multiple chains.  Unlike most other vaults that have governance powers to be able to modify and swap strategies to malicious ones, Autofarm vaults generally do not have the ability to hard rug as long as you verify the strat is non-malicious beforehand.  Once you deposit into a verified safe strat, there is no way for them to steal your underlying funds without additional interaction on your end.

For the auto-compounding portion, there is a theoretical vector for them to swap out the router they use and steal a portion of the compounded harvests, but due to their operational history, most people have given them a pass on this.  Your theoretical max loss if this were to happen is just the loss of some compound profits vs other vaults where your theoretical max loss would be 100% if their keys were compromised or they decided to be malicious.

The team has only one operational incident in their history which they reimbursed users for.  They have multiple Certik Audits, a SlowMist audit, and a Vidar audit.

As with all vaults, they contain a higher level of risk since they are building a product on top of other underlying products and introduce more vectors to attack, but due to its operational history and all the factors mentioned, we are marking this project as Low Risk.