# Timelock on Our Contracts **PLEASE NOTE THIS SECTION HAS NOT BEEN UPDATED TO OEC VERSION.** Recently we are aware of frequent flash-loan attack on Binance Smart Chain network. While the team has taken extra caution reviewing our contract code base in-depth and consulted multiple professional security agencies, we have enforced the following to ensure safety of our contracts. 1. We have **prevented** contracts calling our contracts in our code, which will essentially eliminate the possibility of flash-loan attack because attackers has to call our contract using his/her own contract. 2. We are considering use delayed price feed. 3. We are considering to use multiple price oracle. ## A notes on FarmHero upgradable contracts and timelocks We have witnessed several project, including uranium on Binance Smart Chain, bunny, who have smart contract design bug found but not able to fix timely, which caused lost of client funds. It's to our best interest to protect the funds safety so we deploy our contracts using upgradable proxy. Also it worths mention that mature team such as cream.finance and pancake have migrated their contracts to upgradable as well. ### MasterChef We have timelocked (48 hrs) our MasterChef contract's Proxy Admin by setting the owner of the ProxyAdmin contract to the timelock contract. Therefore, any execution to update the masterchef contract will be delaying 48 hours on chain. | Contract | Address | | ----------------------- | ------------------------------------------ | | ProxyAdmin | 0x53DeD22F02789B6811E10c5326730E62Cb328Cf9 | | Timelock (48 hrs) | 0x32A67309C356D8Db401eb159Bca11aDc6a48cae0 | | MasterChef (Yield Farm) | 0xDAD01f1d99191a2eCb78FA9a007604cEB8993B2D | | Hero (token) | 0x9B26e16377ad29A6CCC01770bcfB56DE3A36d8b2 | #### How to Verify: 1. You can check the current ProxyAdmin of our MasterChef Contract [here via BscScan](https://bscscan.com/address/0x53DeD22F02789B6811E10c5326730E62Cb328Cf9#readContract): put in our masterchef contract address and try get ProxyAdmin, you will see that currently the proxyAdmin of our masterChef contract is indeed 0x53DeD22F02789B6811E10c5326730E62Cb328Cf9. ![](https://3186635380-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgLsNCrfSZIdgX5aH1D%2Fsync%2F55441034c703e4039e84bb6a95f2ea21744d3321.png?generation=1628176624479756\&alt=media) 1. Also scroll down you can see that the owner of this ProxyAdmin is 0x32A67309C356D8Db401eb159Bca11aDc6a48cae0, which is our timelock contract. ![](https://3186635380-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgLsNCrfSZIdgX5aH1D%2Fsync%2F8bfbea49e9bab3288d77aee3f6072289f222cedc.png?generation=1628176624712990\&alt=media) 1. Click in to the [Timelock contract](https://bscscan.com/address/0x32a67309c356d8db401eb159bca11adc6a48cae0), you can see that current delay is 172800 seconds, which is 48 hours. ![](https://3186635380-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgLsNCrfSZIdgX5aH1D%2Fsync%2F50741b77db5c1da7c43c98f99ffbb4d4a7007f18.png?generation=1628176625115796\&alt=media) ### Game Contracts These contracts does **not** hold any client fund but only pot prize. Also game rules are subject to change according to community opinions. We deploy them using upgradable proxy. ### Staking Contract We forked it from EPS project on bsc. It stakes USDc rewards to $HONOR holders $HONOR and we will add **timelocks to the proxy owner** once our protocol goes into stable mode. \*\* attaching the latest transaction to change ProxyAdmin