ANONTOKEN - Smart Contract Audit Report

Summary

ANONTOKEN Audit Report ANONTOKEN ($ANT) is a new BEP20 token on the Binance Smart Chain that features automatic liquidity adds and pays holders dividends in BNB.

We reviewed the ANONTOKEN contract that is deployed at 0xD283cE7Acd177f7cf6caBB7ce5B11fDA3605659e on the Binance Smart Chain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 1 quadrillion [1,000,000,000,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 75.2% of the total supply belongs to the owner.
  • 18.8% of the total supply belongs to a token vesting contract behind a proxy.
  • 5% of the total supply has been sent to the 0x..dead address.

  • There is a Liquidity Fee and BNB Rewards Fee on all transfers when interacting with Pancakeswap (given that the transferring address is not excluded from fees). A separate fee structure can be set by the team to apply different fee amounts depending on whether the user is buying or selling during the transfer.
  • The fees charged on transactions are stored in the contract and once a threshold value of tokens (determined by the owner) is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold value of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The LP tokens received through this process are sent to the the owner. We recommend that the team locks these newly acquired LP tokens.
  • The tokens collected from the BNB Rewards Fee are swapped for BNB and are used to fund dividend rewards for all eligible users.

  • A user must hold 10,000 tokens to be eligible for dividends.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • The contract features a maximum transaction amount, which imposes a limit to the number of tokens that can be transferred when selling to Pancakeswap. The maximum transaction amount is set to 500 billion tokens (0.05%) of the total supply.
  • Although the Safemath library is utilized, the contract is deployed with Solidity v0.8.10 which has built-in overflow checks. Safemath could be safely removed to reduce contract size and increase gas savings.

  • Ownership Controls:
  • The owner can set the Liquidity Fee and BNB Rewards Fee for both fee structures to any percentages at any time.
  • The owner can exclude any address from transfer fees and dividends at any time.
  • The owner can update the amount of tokens a user must hold to be eligible for dividends to any value.
  • The owner can enable/disable automatic liquidity adds and update the threshold value needed to trigger it at any time.
  • The owner can update the maximum transaction amount when selling to Pancakeswap to any value at any time.
  • The owner can disable trading at any time. Only users that have been added to a whitelist by the owner can participate in transfers when trading is set to disabled.
  • The owner can add any address to a blacklist which will prevent them from participating in transfers.
  • The owner can update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
  • The owner can update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
  • The owner can update the Dividend Tracker, Automated Market Maker Pair, and PancakeswapV2Router addresses at any time.

Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team as they have substantial control in the ecosystem and own a large portion of the total supply.
  • Date: December 9th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe owner can set each fee percentage up to 100%.WARNING
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] distributeDividends ($)
    - [Ext] withdrawDividend #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 +  DividendPayingToken (ERC20, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] distributeDividends ($)
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  ANONTOKEN (ERC20, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] setBotlist #
       - modifiers: onlyOwner
    - [Ext] setBNBRewardsFee #
       - modifiers: onlyOwner
    - [Ext] setLiquditysFee #
       - modifiers: onlyOwner
    - [Ext] setSellFees #
       - modifiers: onlyOwner
    - [Ext] setSwapTokensAtAmount #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders
    - [Ext] setMaxSellTxAMount #
       - modifiers: onlyOwner
    - [Ext] setSwapEnabled #
       - modifiers: onlyOwner
    - [Pub] approve #
       - modifiers: antiBot
    - [Pub] transferFrom #
       - modifiers: antiBot
    - [Pub] increaseAllowance #
       - modifiers: antiBot
    - [Pub] decreaseAllowance #
       - modifiers: antiBot
    - [Ext] setTradingEnabled #
       - modifiers: onlyOwner
    - [Ext] setAllowedTransfer #
       - modifiers: onlyOwner
    - [Ext] setMinBalanceForRewards #
       - modifiers: onlyOwner
    - [Pub] transfer #
       - modifiers: antiBot
    - [Int] _transfer #
    - [Prv] addLiquidity #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #

 +  ANONTOKENDividendTracker (DividendPayingToken, Ownable)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer
    - [Pub] withdrawDividend
    - [Ext] setMinBalanceForRewards #
       - modifiers: onlyOwner
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner