BeanSwap
Search…
No migrator code
The PancakeSwap Masterchef contract, for all its advantages, has a critical vulnerability - the so-called Migrator code, which allows the contract owner to withdraw the funds blocked in it at his discretion. As a result of the fact that most of the PancakeSwap forks retained the Migrator code, dozens of projects created by outright scammers just to steal farmers' funds appeared on the market.
The GREENBEAN Masterchef contract does not have this vulnerability - the Migrator code is completely removed from it, so that no one can steal user funds.
You see the following code still present in the following link :
1
Migrate lp token to another lp contract. Can be called by anyone. We trust that migrator contract is good.
2
function migrate(uint256 _pid) public {
3
require(address(migrator) != address(0), "migrate: no migrator");
4
PoolInfo storage pool = poolInfo[_pid];
5
IBEP20 lpToken = pool.lpToken;
6
uint256 bal = lpToken.balanceOf(address(this));
7
lpToken.safeApprove(address(migrator), bal);
8
IBEP20 newLpToken = migrator.migrate(lpToken);
9
require(bal == newLpToken.balanceOf(address(this)), "migrate: bad");
10
pool.lpToken = newLpToken;
Copied!
Last modified 5mo ago
Copy link