Security Audit Report for PancakeSwap Cross Farming Contracts

PancakeSwap launched a cross farming project. It involves allowing users to deposit LP tokens on EVM-compatible chains to the MasterChefV2 contract on the Binance Smart Chain network using the cBridge SGN network as the cross-chain message forwarder. The core contracts covered in this audit include cross farming contracts of the PancakeSwap Protocol. The audit scope is limited to contracts within the projects/cross-chain/contracts/ folder, excluding other contracts and files. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope. Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations. In summary, we did not find any critical issues within the audited codebase. However, we have identified four non-critical issues that should be addressed. Additionally, we have put two recommendations to further strengthen the code logic. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.