The Yield Farmer’s Masterchef checklist (or how not to get rugged)
Hi there student,
Today we are going to talk about things you need to do before committing your capital into a Yield Farming platform. Obviously, some widely used platforms can be deemed fairly safe so most people skip this part, but for some of you that are looking for higher yields in lesser known platforms, it’s important that you know at least the basic checklist in order to minimize the risk of being rugged.
Be alarmed, these new platforms offering you xxxxx% of returns are really risky, and even if you read this checklist you will be exposed to rug-pull risks. I myself have been rugged a few times, and sometime it happens out of nowhere. But still, let’s get you prepared so you can avoid the obvious ones! This lesson is based on the BSC mainnet, but it’s quite easily applicable to other mainnets (just change bscscan.com to its equivalent).
- Find the Masterchef contract
The most important one is to find the Masterchef contract. The Masterchef contract is the governing contract of the token (“the owner”) and have so much power over it. Most of the time the rug pull mechanism starts with the Masterchef contract, so it’s a good idea to have a look at it. But how to find it?
- Go to the bscscan.com and type your token’s contract into it:
- Click read contract and then look for getOwner
- Click on the contract below and you will be on the owner’s page.
- Click on “contract” again and then “code”. Here you have two cases:
Or the masterchef contract is included in the contract source code as below: Then you can look for the part where it says “Masterchef is the master of xx token. He can make xx and is a fair guy”. All of them say this as they are forks of PancakeSwap. Your Masterchef contract is from this to the bottom of the contract.
In some other cases you have the Masterchef contract separated in a Masterchef.sol file (easier to check).
So congratulations, you got to the Masterchef contract! Now what?
2. Check for the setMigrator function.
This HAS to be removed by the owner. All PancakeSwap/Sushi forks have this function at the beginning, because PancakeSwap/Sushi have it. And while it’s fairly safe to say that PCS or Sushi won’t use them to rug, this migrator contract give full power to these new project to rug easily. So if you see the below in the Masterchef contract, run!
// Set the migrator contract. Can only be called by the owner.
function setMigrator(IMigratorChef _migrator) public onlyOwner {
migrator = _migrator;
}// Migrate lp token to another lp contract. Can be called by anyone. We trust that migrator contract is good.
function migrate(uint256 _pid) public {
require(address(migrator) != address(0), “migrate: no migrator”);
PoolInfo storage pool = poolInfo[_pid];
IBEP20 lpToken = pool.lpToken;
uint256 bal = lpToken.balanceOf(address(this));
lpToken.safeApprove(address(migrator), bal);
IBEP20 newLpToken = migrator.migrate(lpToken);
require(bal == newLpToken.balanceOf(address(this)), “migrate: bad”);
pool.lpToken = newLpToken;
}
3. Check for any mint functions.
Just do control+F and search for “mint”, and see if you find anything that were not explained to you in the project’s docs. If you find something inconsistent or weird, just ask the admins on their telegram or discord. They should be able to address any mint functions, and if not, that’s also a red flag! Not all mint functions are dangerous, some are part of the project’s tokenomics, but just keep an eye out for hidden ones.
4. Check for a Timelock.
Timelocks are not necessary for all projects and some devs don’t like them as it delays their updates. However, I feel for new projects it’s a good way to give comfort to users: any changes made in the contract owned by Timelock will be delayed by a certain amount of time. Which means it gives you time to pull your funds out of the platform if you see a fishy changes pending.
How to check if your project is Timelocked? We need to check the owner of the Masterchef contract. So exactly how we came from the token to Masterchef, from the Masterchef contract you are going to click:
- “Contract”,
- “Read Contract” and then look for “owner”.
- And then click on the contract address you found
If that address is just a wallet and doesn’t have any contracts, then your project have no Timelock. If it has a contract, go to:
- “Contract”
- “Read Contract”
- And look for “delay”
The number is in seconds so divide by 3600 to see how many hours of Timelock you have. The default is 6 hours, but I prefer projects with a 24 hours timelock (86400 delay)
5. Check the LP tokens.
One other thing you could check is if the initial LP token was burnt or locked. You can ask this to the admins of the projects for the proof that the LP token was burnt:
If the LP token is not burnt or locked, the owner of the token can call a removeLiquidity function of PancakeSwap, basically draining the pool.
So this is it, these are the basic checklist that you should do for all project you want to stake your money in. However you must all bear in mind this: this is really the basics of the basics as a checklist, it’s barely enough to avoid rug pulls! If established, audited platforms’ yield are not enough to you and you keep looking for high yield, new platforms, you must know that you always risk a rug pull. You’ve been warned!
Now that you know how to check whether a project is a high risk rug pull or moderately safe, next time, we can talk about strategies to farm in a new platform. So stay tuned students!
