1Doge - Smart Contract Audit Report
Summary
1Doge is a new community-driven deflationary token on the Binance Smart Chain that is an automatic liquidity providing protocol that pays out static rewards to holders.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is initially set to one billion $1Doge [1,000,000,000].
- No minting or burn functions are present, although holders can send their tokens to the 0x...dead address if desired. The team intends to burn 9.8% of the total token supply upon deployment and include the burn address in token reflections to act as a deflationary mechanism.
- At the time of writing this report, 100% of the total supply is in possession of the owner as the project was recently deployed.
- There is a 'tax fee', 'liquidity fee', and 'sell fee' on all transactions for any "non-excluded" address that participates in a transfer. The owner has the ability to modify these fees to any percentage at any time.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through taxes are removed from the circulating supply.
- The liquidity fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund Pancakeswap liquidity. This functionality can be enabled/disabled by the owner.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold as determined by the owner/admin is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the token contract address which will cause the LP tokens to be lost within the contract address to act as a token locking mechanism.
- The 'sell fee' is applied any time a holder conducts a transfer with the Pancakeswap V2 Pair as the recipient. The owner/admin has the ability to change this fee to any amount at any time.
- There is a "BuyBack Wallet" which is the address that is used to support the contract's 'buybackandBurn' function. The wallet will receive BNB through disruptive transfers and will then subsequently buy $1Doge tokens with that BNB and send them to the burn address. Our team had a recommendation to improve this function with an additional check to rebalance the amount if the buyback wallet were ever excluded from reflections.
- The contract features cooldown logic that activates when transfers of 0.05% of the total supply or more are being made. Upon deployment, the timer is set to be 4 hours, however the owner/admin has the ability to modify this amount of time at any point.
- The contract uses logic that prevents addresses from owning over 0.01% of the total $1Doge supply within 3 minutes from launch to avoid early buyers and bots from accumulating a majority of the available supply right at the time of launch.
- The contract features 'Blacklisting' functionality which allows the owner (or admin) to designate specific addresses that will not be able to participate in token transfers. The status of an address can be modified by the owner at any time.
- The contract also includes an integer casting library which is not used throughout the primary 1Doge token contract.
- In addition to there ownership priveledges being present, the owner of the contract can also add "Admin" addresses which are also able to utilize the functionality that is typically reserved for the "owner". Therefore if ownership is renounced, the team's designated addresses will retain control of certain functions within the contract despite the owner being the zero address.
- The owner and admins have the ability to set a "Disruptive Transfer Fee" which is not actually a fee, but rather a threshold of value to check if enough BNB is being sent during disruptive transfer.
- The owner and admins can enable and disable fees at any time.
- The owner and admins have the ability to whitelist addresses where they are exempt from taxes during transactions at any time.
- The owner of the contract has the ability to set and change the "Team Wallet" at any time.
- The owner of the contract (and Admins) can exclude and include accounts from transfer fees and reflection distribution.
- The owner (and Admins) have the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- This maximum transaction amount does not apply to the owner (and Admins) during transactions where the owner/admin is either the sender or the recipient.
- Ownership has not been renounced.
- The contract utilizes SafeMath libraries along with following the BEP20 standard.
- No external threats were identified.
- We recommend that the team renounces ownership after a successful launch, and communicates any "Admin" roles / changes as frequently as they occur.
- Buyback functionality may be susceptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the buyback system.
- Please ensure trust in the team prior to investing as they have substantial control within the ecosystem.
- Further, ensure trust in the team as they have control of the Buyback Wallet's BNB balance.
- Date: July 26th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IUniswapV2Factory
- [Ext] createPair #
+ [Int] IUniswapV2Pair
- [Ext] sync #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
+ [Lib] SafeCast
- [Int] toUint128
- [Int] toUint64
- [Int] toUint32
- [Int] toUint16
- [Int] toUint8
- [Int] toUint256
- [Int] toInt256
+ Wallet
+ testDoge (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] distruptiveTransfer ($)
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcluded
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Ext] excludeAccount #
- modifiers: onlyOwner
- [Ext] includeAccount #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] collectFee #
- [Prv] _getReflectionRate
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] swapEthForTokens #
- [Prv] buyAndBurnToken #
- modifiers: lockTheSwap
- [Prv] addLiquidity #
- [Ext] deliver #
- [Ext] setTaxless #
- modifiers: onlyOwnerAndAdmin
- [Ext] setBlacklist #
- modifiers: onlyOwnerAndAdmin
- [Ext] setSwapAndLiquifyEnabled #
- modifiers: onlyOwnerAndAdmin
- [Ext] setFeeActive #
- modifiers: onlyOwnerAndAdmin
- [Ext] setRedistributionFee #
- modifiers: onlyOwnerAndAdmin
- [Ext] setLiquidityFee #
- modifiers: onlyOwnerAndAdmin
- [Ext] setSellFee #
- modifiers: onlyOwnerAndAdmin
- [Ext] setTeamWallet #
- modifiers: onlyOwner
- [Ext] setAdmin #
- modifiers: onlyOwner
- [Ext] setMaxTransferAmount #
- modifiers: onlyOwnerAndAdmin
- [Ext] setMinTokensBeforeSwap #
- modifiers: onlyOwnerAndAdmin
- [Ext] setCooldonwEnabled #
- modifiers: onlyOwnerAndAdmin
- [Ext] setCooldown #
- modifiers: onlyOwnerAndAdmin
- [Ext] setDistruptiveTransfer #
- modifiers: onlyOwnerAndAdmin
- [Ext] launch #
- modifiers: onlyOwner
- [Ext] ($)