DESCRIPTION
The audit focuses on PumpBTC Contracts, enabling users to stake Wrapped Bitcoin tokens into the PumpStaking contract and mint pumpBTC tokens at a 1:1 ratio. These assets are then unwrapped into BTC for staking and rewards on Babylon. The protocol offers standard and instant unstake options with fees.
The scope includes only the contracts in the contracts folder, excluding other files and assuming dependencies are reliable.
Our iterative audit process covers the initial version and subsequent versions addressing discovered issues. We utilize automated scans, manual verification, and business logic analysis to identify security issues and provide optimization recommendations.
We identified that the codebase contains a high-risk issue, promptly addressed by the PumpBTC team. Additionally, we have put forth recommendations to further strengthen the code logic, along with notes that should be taken into consideration. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.
KEY FINDINGS
In total, we find 1 potential issues in the smart contract. We also have 3 recommendations and 3 notes, as follows:
| ID | Severity | Description | Category | Status |
|---|---|---|---|---|
| 1 | High | Potential precision loss in the stake function | DeFi Security | Fixed |
| 2 | - | Remove redundant code | Recommendation | Acknowledged |
| 3 | - | Add checks on the new staking limit | Recommendation | Fixed |
| 4 | - | Follow CEI pattern in the PumpStaking contract | Recommendation | Fixed |
| 5 | - | Potential precision loss in the unstakeInstant function | Note | - |
| 6 | - | About the off-chain logic | Note | - |
| 7 | - | Potential centralization risks | Note | - |
More details are provided in the audit report.