4CHAN500 - Audit Report
4CHAN500 is a new token with liquidity adds and a buyback system for burning supply that pays users dividends in BUSD.We reviewed the 4CHAN500 contract that is deployed at 0x5325BaA42dC7604f427A8bDE6732F83C19028942 on the Binance Smartchain mainnet.
Notes on the Contract:
Audit Findings Summary
- The total supply of the token is set to 1 billion [1,000,000,000] $4CH5.
- No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, the top holder is in possession of 10.6% of the total supply.
- 5.24% of the total supply is in Pancakeswap liquidity.
- Of that liquidity, 48.47% of the LP tokens are stored in an unverified contract.
- 44.18% of the LP tokens have been sent to the Burn address.
- The next 5 holders own a cumulative 17.73% of the total supply.
- There is a tax fee charged on each transaction that gets stored in the contract balance; fees can be increased during a sell to PancakeSwap up to a value proportional to the time left in the buyback multiplier period (if any).
- Once a threshold value of tokens in the contract balance is met, a portion of the contract balance is swapped for BNB and distributed as dividends, and another portion is sent to the marketing wallet which is controlled by the project team.
- Another portion is allocated to funding PancakeSwap liquidity, unless the liquidity cap set by the team has already been met.
- Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The newly created LP tokens are sent to the "autoLiquidityReceiver" address set by the team. This address is currently set to the 0x..dead address but can be updated to a new address by the authorized role at any time.
- If the auto buyback functionality is enabled, and the amount of BNB in the contract reaches the autobuyback threshold value determined by the owner, the BNB will be swapped for $4CH5 tokens and sent to the burn address.
- Any user that holds any amount of $4CH5 tokens are eligible to claim dividends once the amount of dividends they are due reaches a minimum threshold value determined by team.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait-time between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- Ownership has been renounced, however the contract utilizes an authorized role. The assigned addresses have access to specific functions in the contract.
- Any authorized address is able to set the total fees charged on transactions to any value up to 25% at any time.
- Any authorized address is able to set the percentage of the fees allocated to any fund (liquidity, marketing, buyback, dividends) at any time.
- Any authorized address is able to exclude any address from dividends at any time.
- Any authorized address is able to update the minimum threshold value of rewards needed that determines when a user can claim their dividends.
- Any authorized address is able to set a maximum transaction limit which is enforced during sell transactions to PancakeSwap. Any authorized address can also exclude accounts from this maximum transaction limit.
- Any authorized address is able to automatically trigger a buyback at any time.
- Any authorized address is able to set or disable the buyback fee multiplier at any time.
- Any authorized address is able to disable the autobuyback system and set any the threshold BNB value to trigger a buyback.
- Any authorized address is able to disable the automatic liquidity adds at any time and set any threshold value related to it.
- Any authorized address is able to update the Dividend Distributor and PancakeSwap Router contract addresses at any time.
- Any authorized address is able to update the maximum amount of gas used for processing to a value up to 750,000 at any time.
- Any authorized address is able to update the amount of time a user must wait between claiming dividends to any value at any time.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Please be aware of the amount of liquidity available in proportion to the largest wallets.
- Date: November 20th, 2021
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + [Int] IBEP20 - [Ext] totalSupply - [Ext] decimals - [Ext] symbol - [Ext] name - [Ext] getOwner - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + Auth - [Pub]
# - [Pub] authorize # - modifiers: onlyOwner - [Pub] unauthorize # - modifiers: onlyOwner - [Pub] isOwner - [Pub] isAuthorized - [Pub] transferOwnership # - modifiers: onlyOwner + [Int] IDEXFactory - [Ext] createPair # + [Int] IDEXRouter - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + [Int] IDividendDistributor - [Ext] setDistributionCriteria # - [Ext] setShare # - [Ext] deposit ($) - [Ext] process # + DividendDistributor (IDividendDistributor) - [Pub] # - [Ext] setDistributionCriteria # - modifiers: onlyToken - [Ext] setShare # - modifiers: onlyToken - [Ext] deposit ($) - modifiers: onlyToken - [Ext] process # - modifiers: onlyToken - [Int] shouldDistribute - [Int] distributeDividend # - [Ext] claimDividend # - [Pub] getUnpaidEarnings - [Int] getCumulativeDividends - [Int] addShareholder # - [Int] removeShareholder # + Fourchan (IBEP20, Auth) - [Pub] # - modifiers: Auth - [Ext] ($) - [Ext] totalSupply - [Ext] decimals - [Ext] symbol - [Ext] name - [Ext] getOwner - [Pub] balanceOf - [Ext] allowance - [Pub] approve # - [Ext] approveMax # - [Ext] transfer # - [Ext] transferFrom # - [Int] _transferFrom # - [Int] _basicTransfer # - [Int] checkTxLimit - [Int] shouldTakeFee - [Pub] getTotalFee - [Pub] getMultipliedFee - [Int] takeFee # - [Int] shouldSwapBack - [Int] swapBack # - modifiers: swapping - [Int] shouldAutoBuyback - [Ext] triggerZeusBuyback # - modifiers: authorized - [Ext] clearBuybackMultiplier # - modifiers: authorized - [Int] triggerAutoBuyback # - [Int] buyTokens # - modifiers: swapping - [Ext] setAutoBuybackSettings # - modifiers: authorized - [Ext] setBuybackMultiplierSettings # - modifiers: authorized - [Int] launched - [Pub] launch # - modifiers: authorized - [Ext] setTxLimit # - modifiers: authorized - [Ext] setIsDividendExempt # - modifiers: authorized - [Ext] setIsFeeExempt # - modifiers: authorized - [Ext] setIsTxLimitExempt # - modifiers: authorized - [Ext] setFees # - modifiers: authorized - [Ext] setFeeReceivers # - modifiers: authorized - [Ext] setSwapBackSettings # - modifiers: authorized - [Ext] setTargetLiquidity # - modifiers: authorized - [Ext] setDistributionCriteria # - modifiers: authorized - [Ext] setDistributorSettings # - modifiers: authorized - [Pub] getCirculatingSupply - [Pub] getLiquidityBacking - [Pub] isOverLiquified