HoneyBeeFarm Smart Contract Audit
A detailed analysis of the HoneyBeeFarm yield farming DApp on the BNB Chain, covering its smart contract, frontend, security, and operational strengths.
Audit Prepared by Grok 4 Heavy | September 23, 2025
Yield Farming
Referral System
User-Friendly UI
Secure Design
π Overview
HoneyBeeFarm is a yield farming decentralized application (DApp) on the BNB Chain, allowing users to stake BNB to acquire "bees" that generate "honey" over time. Users can reinvest honey to purchase more bees (compounding) or sell it for BNB rewards. The contract includes a 15% referral bonus, a 5% marketing fee, and a CEO-controlled withdrawal mechanism with a timelock. The frontend, built with index.html, how-to-play.html, script.js, and styles.css, provides a bee-themed interface with wallet integration, responsive design, and interactive animations.
Contract Address: 0x94c0b532361ba646b6357A959a65938e3049B39C
Solidity Version: ^0.8.20
π Smart Contract Analysis
Core Mechanics
Users stake BNB via buyBees to acquire bees, stored in the hiveBees mapping. Bees generate honey at a rate of HONEY_TO_HARVEST_1BEE (864,000 units per bee per day), calculated in getHoneySinceLastHarvest using block.timestamp. Honey can be reinvested via harvestHoney or sold for BNB via sellHoney. The calculateTrade function uses a bonding curve with constants PSN (10,000) and PSNH (5,000) to balance marketHoney and contract balance.
Formula: (PSN * bs) / (PSNH + ((PSN * rs + PSNH * rt) / rt))
Referral System
The referral system allocates 15% of a user's honey to their referrer during harvestHoney. Referrers are set once in the referrals mapping, defaulting to ceoAddress if invalid (ref == msg.sender || ref == address(0) || hiveBees[ref] == 0). This encourages user growth while preventing abuse.
Economic Model
The contract offers a 10% daily return (3,650% APR), calculated based on honey production. A 5% marketing fee, computed via devFee, is deducted from buyBees and sellHoney and sent to ceoAddress. The marketHoney variable increases with each sale to stabilize rewards.
CEO Control
The onlyCEO modifier restricts sensitive functions to the ceoAddress. The withdrawal process uses a timelock mechanism: requestWithdraw initiates a request with a 1-hour delay (WITHDRAW_DELAY), emitting a WithdrawRequested event. After the delay, executeWithdraw transfers the funds, emitting a WithdrawExecuted event. The CEO can cancel the request via cancelWithdraw, emitting a WithdrawCancelled event. The openHive function initializes the contract.
Contract Initialization
The openHive function, called by the CEO, sets initialized = true and seeds marketHoney with 86,400,000,000, ensuring a controlled market start. The initialized check prevents premature interactions in key functions.
State Management
The contract uses mappings (hiveBees, claimedHoney, lastHarvest, referrals) for efficient user data storage. State updates in buyBees, harvestHoney, and sellHoney are performed before external calls to maintain integrity.
π Security Measures
Initialization Check
Functions like buyBees, sellHoney, and harvestHoney require initialized == true, set via openHive, preventing premature interactions.
Reentrancy Protection
State updates precede external calls in buyBees and sellHoney, following the Checks-Effects-Interactions pattern to mitigate reentrancy risks.
Safe Math
Solidity ^0.8.20 provides built-in overflow and underflow protection, ensuring arithmetic safety without external libraries.
Timestamp Handling
The getHoneySinceLastHarvest function caps rewards at HONEY_TO_HARVEST_1BEE using a min function with block.timestamp, ensuring predictable honey accumulation.
Timelock Mechanism
The withdrawal process includes a 14-days timelock (WITHDRAW_DELAY) via requestWithdraw, executeWithdraw, and cancelWithdraw. Events (WithdrawRequested, WithdrawExecuted, WithdrawCancelled) provide transparency for CEO withdrawals, enhancing trust.
Frontend Security
The frontend enforces HTTPS in init, disabling the connect button on non-secure protocols. Error handling in buyBees, harvestHoney, and sellHoney provides alerts for invalid inputs or network issues.
Access Control
The onlyCEO modifier restricts sensitive functions, ensuring only the ceoAddress can perform actions like initiating withdrawals or initializing the contract.
π» Frontend Analysis
Design and Usability
The frontend features a bee-themed design with gold gradients, floating bee animations, and button ripple effects. Tailwind CSS with clamp ensures responsive typography and layouts, stacking elements on mobile devices for clarity.
Wallet Integration
Web3Modal and WalletConnect enable seamless wallet connections on the BNB Chain (chainId 56). The fetchAccountData function verifies the network, and event listeners handle account and chain changes.
User Feedback
Transaction feedback includes alerts (e.g., "Bees purchased successfully!") and a loader animation (showLoader, hideLoader). Balances update every 30 seconds using view functions like getBalance.
Referral Interface
The updateReferralLink function generates shareable links, displayed in an input field with a copy button, simplifying participation in the 15% referral program.
Responsive Design
Media queries ensure elements like action buttons and timeline steps stack vertically on mobile devices. The how-to-play.html page uses clear, emoji-driven instructions for accessibility.
Interactive Features
The addInteractiveEffects function adds animations like floating bees and button ripples, enhancing user engagement across devices.
Interactive Animations
Responsive Layout
Real-Time Updates
Referral Sharing
πΊοΈ Operational Workflow
The user journey in HoneyBeeFarm follows a clear process:
Connect Wallet
Users connect via MetaMask or WalletConnect, verified for BNB Chain (chainId 56).
Stake BNB
Users stake BNB via buyBees to acquire bees, starting honey production.
Reinvest or Sell
Reinvest honey with harvestHoney or sell for BNB with sellHoney.
Refer Friends
Share referral links to earn 15% of friends' honey production.
π Gas Efficiency
The contract optimizes gas usage through efficient design:
- π― Uses
mappingforhiveBees,claimedHoney,lastHarvest, andreferrals, minimizing storage costs. - π― Marks functions like
calculateTrade,calculateHoneySell, andgetMyHoneyaspureorview, reducing gas for reads. - π― Combines state updates in
harvestHoneyandsellHoneyto minimize transaction overhead. - π― Frontend leverages view functions for gas-free balance updates every 30 seconds via
setInterval. - π― Uses a single storage slot for
marketHoney, reducing gas for market updates. - π― Avoids complex loops or recursive calls, ensuring predictable gas costs.
π Conclusion
HoneyBeeFarm delivers a robust yield farming experience on the BNB Chain. The smart contract's clear mechanics, referral system, timelock-protected withdrawals, and security measures, paired with a responsive and engaging frontend, create a compelling DApp. The 10% daily return and 15% referral bonuses incentivize participation, while gas-efficient design ensures scalability. With the suggested enhancements, HoneyBeeFarm is well-positioned to thrive in decentralized finance.