10PCT Crypto - Smart Contract Audit Report

Summary

10PCT Audit Report 10PCT Crypto ($10PCT) is a new community-driven DeFi token on the Ethereum Blockchain that is an automatic liquidity providing protocol that pays out static rewards to holders and implements a charity fund.

For this audit, our team reviewed the 10PCT Token contract that was provided to us on the 10PCT Crypto Team's GitHub, at commit: 7d02d7fa76504e5ed86bd575b95ed8400d255aa5.

Notes on the Contract:
  • The total supply of the token is set to 100 trillion $10PCT [100,000,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, the contract has not been deployed to the mainnet so we did not have a token holder distribution to analyze.

  • There is a 'Tax Fee', 'Liquidity Fee', and 'Charity Fee' on all transactions for any "non-excluded" address that participates in a transfer.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the 'Tax Fee' are removed from the circulating supply.
  • The tokens that are collected from the 'Liquidity Fee' and 'Charity Fee' that is charged on transactions will be stored in the contract address. Once the contract balance reaches a threshold value of 5,000,000 $10PCT tokens, a portion of the tokens (determined by the owner) will be swapped for ETH that will be used to provide Uniswap Liquidity and fund the various charity wallets.
  • Liquidity-adds are conducted automatically by selling half of the tokens allocated to liquidity, and pairing the received ETH with the token, and adding it to the liquidity pool corresponding to the 10PCT-ETH pair.
  • The recipient of the newly created LP tokens is the owner of the contract. The team is responsible for locking these newly acquired LP tokens.
  • An additional portion of the tokens (determined by the owner) is also swapped for ETH with the purpose of funding the team-controlled Charity wallets.
  • As the project is implemented with Solidity v0.8.7, it is protected from overflows.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the Tax fee, Liquidity fee, and Charity fee to any percentages at any time.
  • The owner can exclude and include accounts from transfer fees and reward distribution.
  • The owner can enable/disable the automatic swapping functionality at any time.
  • The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction. The maximum transaction amount cannot be set to an amount lower than 100,000,000,000,000, which happens to be the token's total supply, rendering this function ineffective.
  • The owner can call the Manualswap() and Manualsend() functions at any time. ManualSwap will manually swap $10PCT tokens in the contract for ETH which is then stored in the contract balance. ManualSend will transfer the ETH from the contract to the various charity wallets.
  • This maximum transaction amount does not apply to the owner during transactions where the owner is either the sender or the recipient.
  • The owner can add new Charity wallets and remove them at any time.
  • The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
  • The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
  • We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
Audit Findings Summary
  • No external threats were identified.
  • There are potential risks that exist for holders regarding the team's ability to retain control of the contract.
  • If the team plans to renounce ownership, we recommend that they do so without ever calling the faulty lock functionality.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and have control of the ETH that is collected from fees.
  • Date: October 20th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] geUnlockTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  TenPCT (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] isIncludedInCharityWallet
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Pub] includeInCharityWallet #
       - modifiers: onlyOwner
    - [Ext] excludeFromCharityWallet #
       - modifiers: onlyOwner
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Ext] setCharityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Ext] _setMaxTxAmount #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] _getETHBalance
    - [Ext]  ($)
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Ext] manualSwap #
       - modifiers: onlyOwner
    - [Ext] manualSend #
       - modifiers: onlyOwner
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #