HECO Farms

*Paid Advertisement. Not financial advice. RugDoc is not responsible for the projects showcased here. DYOR and ape safu.

Filter by risk
No data was found

The project implements an individual contract for each farm and pool. These contracts interact with the same vault. It is a multi-chain platform and 🚨 unfortunately a few contracts are found unverified on some of the chains [ex BSC, OKC]. In most implementations, the same code is implemented, but in some the blacklist functionality is added.

Although, taking into account the amount of resources that we should allocate to the review of each of the contracts of each of the chains, and considering that the review may not be valid for future pools added, we would initially rate the project as [not eligible] but considering the below, the rating will be [high risk].

  • 🚨 Receipt Tokens Ownership has not been renounced.
  • 🚨 Vault Ownership has not been renounced.
  • 🚨 Funds deposited in the vault can be withdrawn by the gov (or from any address that is given the whitdraw role) at any time directly and/or indirectly.
  • 🚨Vault contract can be paused.
  • 🚨 Users can be blacklisted and unable to make new deposits and withdraw previously made deposits.
  • ⚠️ Project uses its own router which seems to be a fork of Uniswap V2 (0.225% swap fee). Ensure that you perform a small test transaction first and check that the Router contract matches the one here:
Posted on 13 July 2022 |

RugDoc KYC: Project owner has KYC’d to us, and has signalled his transparency and commitment to this project and shall retain full responsibility over them and any actions taken by them.

  • ✅ KYC'd with RugDoc

We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours.

Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.

Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

Posted on 25 December 2021 |

The DUSD stablecoin is part of a lending protocol, Demeter, in HECO. The protocol appears to offer staking options as well to distribute its governance token. While its lending options appears to be a fork of Venus (BSC) which involves multiple complex contracts that manages the collateral factors of each users, monitors user DUSD minting, repayment, liquidation eligibility, price feed monitoring, governance, and etc.

We reserve the right to not review projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and requires tons of peer reviews and audits from top audit companies. Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

Posted on 23 October 2021 |

Description

Blockchain Monster Hunt (BCMH) is the world’s first multi-chain game that runs entirely on the blockchain itself. Inspired by Pokémon-GO, BCMH allows players to continuously explore brand-new locations on the blockchain to hunt and battle monsters. Each block on the blockchain is a unique digital space where a limited number of Monsters (of the same DNA gene and rarity) may exist. Players and collectors can hunt or battle for a chance to capture these unique Monsters and to earn coins.

Max Mintable / Minted (At time of listing)

  • 16,500  / 0%

Mint Price

  • Unknown

Launch Details

  • Genesis Monsters cannot be caught or created within the game, and come with the following benefits:
  • Exclusive staking pool, separate from the rest of the Blockchain Monster Universe
  • Genesis Monsters are required to engineer (breed) new Monsters – and Genesis Monsters can be lent to those that need them for breeding with the in-game NFT Flash Loan feature
  • Increased chance of catching other Monsters in battle
  • Total supply 16,500 Genesis Monsters, within 22 species

Contract

  • ✅ Verified
  • ⚠️ Token contract is behind an upgradeable proxy

Community Hypestatus

  • 49,851 Follower @ Twitter
  • 39,428 Members @ Discord
  • 9,200 Follower @ Medium
  • 6,819 Members @ Telegram
Posted on 21 October 2021 |

Panther fork

  • ✅ Max 4% deposit fees
  • ⚠️ Masterchef currently not behind a timelock
  • ✅ Correctly accounts for transfer taxes on any token pool
  • 2% referral (max 20%)
  • 5% of emission rewards minted to dev address
  • ⚠️ Transfer-tax liquidity tokens can be sent to the operator wallet. Please clarify with the project on how they plan to use this.
  • 0.4% transfer tax (max 4%)
  • 2.5% anti-whale (fixed)
  • Antibot: 1 txn every 20 blocks.

⚠️ TRIPLE CHECK the contract you interact with matches the one reviewed here (0xb63ab342...a7dd).

Posted on 24 September 2021 |

The project focuses on Cross-chain swaps, yield farming, auto-compounding vaults, staking, referral program, lottery and more.

We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours.

Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.

Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

Posted on 07 September 2021 |

🚨PancakeSwap fork with migrator code intact🚨

  • ⚠️ Masterchef currently not behind a timelock.
  • 🚨 Has the SYRUP bug with the CREAM token when staking in the BUT Cream pool 2.0.
  • ⚠️ Does not support deflationary/transfer-tax token pools, just clarify with project that none will be added
  • 1/10th of emission rewards minted to dev address.
  • ⚠️The project have your own AMM. The Router and Factory are clean clone of PCS Router and Factory, ensure that you perform a small test transaction first and check that the Router contract matches the one reviewed here.

⚠️ TRIPLE CHECK the contract you interact with matches the one reviewed here (0x89a3BfA...2935)

⚠️ Note: Vault, Board and Referral contracts have not been reviewed.

Posted on 27 July 2021 |

SPONSORED AD

Update

Update 2: Galaxy Finance changed their token operator to a 24h timelock. This means that if they were intending to rug, they now need to wait a day before they could lock funds. This makes it a little bit safer, but the hard rug vector is still present. The devs also mentioned that they would look into deploying a wrapper around their contracts (which could mitigate the rug vector).

Update: Moving to high (hard rug) risk rating since the dev can update the router in the masterchef to take all funds out of the masterchef. There's also suspicious code in the emergency withdraw function which can send all withdrawn funds to the feeAddress. Project looks large and promising so this might not be with malicious intent but the code simply has too many negative aspects to keep this non-eligible.

Updated on 6 August 2021

We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours.

Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.

Since our resources are stretched thin and we don’t have the funding for these kind of massive endeavors, we may pass on projects that meet this level of complexity. DYOR.

Posted on 26 July 2021 |

Uses an upgradeable proxy, which means there is a high risk of hard rugs.

That being said, it's possible that this has a lot more mitigating factors due to the fact that it's likely that it's owned by or closely connected to Mdex, a cornerstone project in Mainland China / the HECO universe.

They give out single staking Mdex rewards, while Mdex phased their single staking rewards out.

If you look at a list of their partnerships, they're mostly all Tier 1 VC's in China, and/or the same ones that associate with Mdex, on top of having Certik audits, etc.

Burgerswap on BSC has white labeled their service for xburger as well.  So not your typical low grade trash project using proxies, but technically according to our scoring system, you should use extreme caution

Posted on 26 June 2021 |

Cornerstone AMM and project for HECO (The Pancakeswap or Uniswap of HECO) and have expanded to BSC.  Several billion $ worth of TVL on both chains at the time of this review, and they have many novel features / concepts like liquidity mining instead of just yield farming.  Super integrated into the Mainland China crypto space, with deep ties to Huobi and many other type gigantic crypto entities.

Multiple audits from Tier 1 companies (Slowmist, Certik Fairyproof)

Posted on 26 June 2021 |

Leveraged yield farm that got their LP funds stuck in PancakeSwap

Posted on 16 May 2021 |

Cross chain auto compounding vault. Interacts with an unverified contract. Has certik audit on Github repository contracts...but not the verified contract.

Posted on 16 May 2021 |

first goose fork on huobi chain, clean fork deposit fees up to 100% possible, timelock in place

Posted on 11 May 2021 |

Cornerstone vault project from BSC that has expanded to multiple chains.  As with most vaults, they have elevated governance powers to be able to modify and change strategies which theoretically would allow them to execute malicious contracts, locked behind a 6 hour timelock.  That being said, the team is one of the most open and transparent teams and has a talented dev team and only one operational incident in their history which they reimbursed users for.  They have multiple Certik Audits and a DefiYield audit.

As with all vaults, they contain a higher level of risk since they are building a product on top of other underlying products and introduce more vectors to attack, but due to its operational history and all the factors mentioned, we are marking this project as Grey.

Posted on 06 April 2021 |

Cornerstone vault project from BSC that has expanded to multiple chains.  Unlike most other vaults that have governance powers to be able to modify and swap strategies to malicious ones, Autofarm vaults generally do not have the ability to hard rug as long as you verify the strat is non-malicious beforehand.  Once you deposit into a verified safe strat, there is no way for them to steal your underlying funds without additional interaction on your end.

For the auto-compounding portion, there is a theoretical vector for them to swap out the router they use and steal a portion of the compounded harvests, but due to their operational history, most people have given them a pass on this.  Your theoretical max loss if this were to happen is just the loss of some compound profits vs other vaults where your theoretical max loss would be 100% if their keys were compromised or they decided to be malicious.

The team has only one operational incident in their history which they reimbursed users for.  They have multiple Certik Audits, a SlowMist audit, and a Vidar audit.

As with all vaults, they contain a higher level of risk since they are building a product on top of other underlying products and introduce more vectors to attack, but due to its operational history and all the factors mentioned, we are marking this project as Low Risk.

Posted on 19 March 2021 |

Search

🟢 For owners who have made impactful changes and would like an update to their farm review:

1️⃣ Use #update at @RugDocChat with your description and proof of changes and it will be forwarded to our scanners.

2️⃣ This does not guarantee a change in your review.

3️⃣ Owners who have difficulty solving the issues can consider our Consultation Package – please contact @BaymaxCrypto on Telegram to discuss.

Our mission here at RugDoc is to screen for hard rug code that results in 100% theft of ALL underlying funds for ALL participants.

This is the ONE part of the due diligence process that most people cannot simply do on their own as it costs thousands of dollars to hire a senior solidity developer to look over a farm for safety.

A project coin with terrible code can go up in price, and a project with good code and a good team can also go down in price.

Do NOT use our ratings to refer to your likelihood in making money if you invest in the project. They are ONLY in reference to code safety.

Everything else beyond code safety is YOUR responsibility to go do research on. We just make sure the casino you’re betting in won’t rob you before you even get to place a bet.

Our reviews for projects are organized into a few colors.

🟢 Least Risk
These projects are the least likely to hard or soft rug. Usually reserved for cornerstone projects of an ecosystem where it makes no financial sense for them to rug in any manner as they make more money just being legit.

🔵 Low Risk
These projects are usually established projects in an ecosystem that have a track record of success or have KYC’d to us or other authoritative sources in the real world. As a result, it is extremely unlikely for them to soft rug or hard rug their projects. The projects can still fail and the token price can go down, but usually more as a result of natural market forces.

⚪️ Some Risk
This is the default rating for projects with unknown teams but have code that is unlikely to have hard rug risk. Since the team is unknown and doesn’t have a track record of success, it’s entirely possible that they may try to soft rug by dumping tokens, abandoning the project, etc. Even a last minute contract swap to a malicious contract is possible. The only thing that is unlikely is a complete hard rug as long as you are 100% sure you deposit into the contract we review.

🟠 Medium Risk
Similar to Some Risk, but the underlying code itself is custom enough or complex enough that it warrants an elevated risk rating that needs deeper research. Make sure you read every point presented to make sure you’re comfortable with that before entering. Still unlikely to hard rug, but more chances of custom code behaving incorrectly and causing other issues.

🔴 High Risk
Project contains code or practices that are HIGHLY LIKELY to lead to catastrophic losses as they are right now. Make sure you read the description carefully as we will always warn what these issues are. If you see the words Hard Rug anywhere in the review, STAY FAR AWAY!

⚫️ Not Eligible
We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours. Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.