Understanding MasterChef Contract Risks: DEX Security Basics

DeFi stands for “decentralized finance” but many users often overestimate just how decentralized much of the infrastructure is.

While the core networks that yield farming protocols run on like Ethereum and BNB Chain are sufficiently decentralized and censorship-resistant, the same cannot be said for many DeFi protocols. In fact, some of the most popular DeFi protocols with massive amounts of TVL can often have administrative controls that allow centralized actors to access funds in ways users might not realize.

It’s important to note that many of these administrative controls are safety mechanisms and moderation controls put in place by protocols for good reason. However, it’s also a best practice for users to identify all potential risk factors before participating in DeFi to fully grasp the investments they are making.

One of the common administrative controls used throughout DeFi is MasterChef contracts. In this blog, we’ll cover what these contracts are, the potential risk factors they can enable, and how users can use our DeFi dashboard antivirus features to identify portfolio exposure to centrally controlled smart contracts.

What is a MasterChef Contract?

A MasterChef contract is a type of DeFi smart contract that usually governs the liquidity mining functions of a decentralized exchange (DEX). It allows administrators with access to the MasterChef contract to customize exactly what the project’s liquidity pools are able to do.

These liquidity pools are extremely important because they represent the fundamental infrastructure of a decentralized exchange. Liquidity pools allow users to provide capital to the exchange in return for fees and protocol liquidity mining incentives, while also allowing other users of the exchange to seamlessly swap between multiple coins via automated market-making (AMM) technology.

Think of liquidity pools as a “vault” and its corresponding DEX as a bank. All the functions of the bank are dependent on the capital that is deposited in its vault. A MasterChef contract, therefore, is what the operators of a DEX will use to manage their vault.

While MasterChef contracts have become fairly prevalent across DeFi, users should understand that they are not a requirement for operating a DEX. The term MasterChef came into popular use because it was the name of the liquidity pool management contract originally used by the popular Uniswap fork SushiSwap (now Sushi.com) when it first launched in 2020. MasterChef was actually one of the core innovations separating Sushi as a competitor when the exchange launched.

While managing a DEX’s capital reserves is obviously an important job, it is also one that comes with users placing great trust in the operator of the exchange. This was pointed out early on by risk-conscious DeFi users when Sushi first gained momentum:

DeFi farmers, note that if you’re thinking of using @SushiSwap, the MasterChef contract still has its owner key intact and this yields a LOT of power including sucking your LP tokens. Although this is disclosed, this is a huge risk and a lot of trust.

— Reuben Yap (@reubenyap) August 28, 2020

Nonetheless, Sushi was able to capture and maintain capital by being trustworthy with the power of the MasterChef contract. The success of the exchange and its open source nature led to subsequent forks of the codebase, with PancakeSwap, BNB Chain’s dominant DEX, being the most notable.

PancakeSwap and the majority of other Sushi forks kept the innovation of the MasterChef contract, which leads to where we are today where “MasterChef” is no longer tied to Sushi and has become common parlance amongst DeFi users for a DEX contract with management control over LP funds.

Potential MasterChef Contract Risks

As early DeFi farmers pointed out, MasterChef contracts are incredibly powerful and can be used to execute devastating rug pulls when exploited by malicious actors. The variety of backdoors that can be hidden in MasterChef contracts is infinite. Let’s cover the major loopholes applied in this contract type in order to deceive users:

• Withdrawal Permissions: These contracts may grant devs the ability to withdraw all tokens managed by a MasterChef.
• Pausing Permissions: Pausing withdrawals of user-staked funds leaves users without any way to execute an emergency withdrawal. It might be acceptable to pause any token withdrawals from a MasterChef for security purposes, for example, when the contract is breached. But under any conditions, users should be able to call emergency withdrawal, which allows the retrieval of staked funds without a preference for earned rewards.
• Deposit & Withdrawal Fee Management: Users can lose their staked tokens and accumulated yield farming rewards if a fee is too high. Consider a situation where a MasterChef contract can set the 48-hour withdrawal fee to 100%. In this case, you will not be able to retrieve your invested funds.
• Hidden Malicious Token Approvals: It’s a red flag if there is a function in the MasterChef contract that contains approvals to a suspicious address when it is absolutely not needed for standard MasterChef operations. Basically, no functions besides migrate() are supposed to include a token approval. If you see otherwise, the project could be planning an exploit.
• Dangerous LP Migrations: Although it is a normal functionality used by major DeFi protocols like SushiSwap and PancakeSwap, LP migrations can be misused when projects abuse it as a DeFi scam vector. This function allows migrating LP tokens from any selected pool to a new LP contract. The key to identifying exploit potential is investigating what address is set as a migrator. Is it a trusted destination? If not, all liquidity provided by users can be stolen.
• Approved User Funds Drain: In some cases, a MasterChef contract can be used to drain wallets from users based on token approvals.
• Incorrect Liquidity Mining Emissions: This is usually a developer’s mistake when, on some blockchains, they make the emission dependent on the block and not on time. This causes the dynamic generation of blocks to cause a miscalculation of accrual of bonuses.

Risk Analysis With De.Fi

Being able to analyze a MasterChef contract or the permissions granted within a DEX’s overall smart contract code is no easy task. This is why De.Fi developed our free smart contract scanner.

DeFi users can use Scanner to run automated audits on projects, tokens, NFTs, or even liquidity pool contract addresses. Simply enter the contract address you would like to analyze and Scanner will produce a security report in a matter of minutes highlighting any potential risk issues you should be aware of:

Scanner is part of our De.Fi Security Suite which also includes Shield, a wallet permissions check and revoke tool. This can be used to ensure that you have not interacted with potentially malicious smart contracts in the past. If you have, revoking permissions takes only a few clicks.

Users can also freely access a treasure trove of security analysis via our Audit Database. It’s web3’s largest database of DeFi project audits with over 9000 security reports from blockchain experts. If you’re considering interacting with a DeFi protocol, chances are you can find a security report within our database.

For the latest security news, don’t forget to follow our De.Fi Security X profile. We’ll keep you notified of any security incidents as they happen, giving you the time you need to respond appropriately. Educate yourself and stay safe with De.Fi!