AnonToken - Smart Contract Audit Report


AnonToken Audit Report AnonToken ($AT) is a new BEP-20 token on the Binance Smart Chain that is an automatic liquidity providing protocol that pays out static rewards to holders.

We reviewed the Reflection contract at 0xdc4275A24a9A77Bc2Cc57aE9A2Bb2e044984b30b on the Binance Smart Chain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 100 million [100,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
  • At the time of writing this report, 17% of the total supply belongs to an upgradeable token locking contract and will vest to the team on January 31st, 2023.
  • The next five holders own a cumulative 35% of the total supply.
  • 3.41% of the total supply is in Pancakeswap BUSD liquidity.
  • Of that liquidity, 99.3% of the LP tokens are stored in the upgradeable token locking contract and will vest to the team on January 31st, 2023.

  • The owner must manually enable trading in order for trading to take place on the platform. Only accounts that are excluded from fees can trade when trading is set to disabled. Once trading is enabled, it can never be disabled.
  • There is a Tax fee, Liquidity fee, Marketing fee, and Buyback fee on all transfers where neither the sender nor the recipient is excluded from fees. A separate fee structure can be set by the team to apply different fee amounts depending on whether the user is buying or selling during the transfer.
  • The tokens collected from the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected from the Liquidity fee during transfers are stored in the contract address balance. Once the threshold number of tokens (determined by the owner) is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BUSD with the token, and adding it as liquidity to the BUSD pair.
  • The recipient of the newly created LP tokens is the owner. We recommend that the team locks these newly acquired LP tokens.
  • The tokens collected from the Marketing fee and Buyback fee are swapped for BUSD and sent to the team's Marketing wallet and Buyback wallet respectively.
  • A maximum wallet amount is enforced on all transfers which ensures that the recipient's token balance does not exceed the limit number of tokens (determined by the owner) after the transfer takes place.
  • The contract utilizes anti-sniper logic to identify addresses that are buying within 100 blocks since trading has been enabled by the owner. The address attempting the transfer will be added to a blacklist.
  • Although the SafeMath library is utilized, the contract is deployed with Solidity v0.8.10 which has built-in overflow checks. SafeMath could be safely removed to reduce contract size and deployment costs.
  • Some gas optimizations can be achieved through declaring functions external instead of public and some state variables constant. As this contract is already deployed, this is merely informational.
Ownership Controls:
  • The owner can modify the Tax fee, Liquidity fee, Marketing fee, and Buyback fee to any percentages at any time.
  • The owner can exclude and include accounts from transfer fees and reward distribution.
  • The owner can set and update a maximum buy amount and maximum sell amount which will impose a limit to the number of tokens that can be bought or sold to Pancakeswap during any given transfer.
  • The owner can update the maximum wallet amount to any amount at any time.
  • The owner can enable/disable automatic liquidity adds at any time.
  • The owner can update the threshold number of tokens that triggers an automatic liquidity add to any value at any time.
  • The owner can withdraw any BNB or BEP-20 tokens (except for the $AT token) from the contract address at any time.
  • The owner can manually add/remove accounts from a blacklist which will prevent them from being able to participate in transfers.
  • The owner can update the Pancakeswap Router address at any time.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Date: January 20th, 2022.
  • Updated: February 2nd, 2022 to reflect the contract's newly deployed mainnet address.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The owner can set each fee percentage up to 100%.
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    BEP20 Token Graph

    Multi-file Token

    ($) = payable function
     # = non-constant function
     + [Int] IUniswapV2Router01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
     + [Int] IUniswapV2Router02 (IUniswapV2Router01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
     + [Int] IUniswapV2Factory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Int] verifyCallResult
     + [Lib] SafeMath 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
     +  Reflection (Context, IERC20, Ownable)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] isExcludedFromReward
        - [Pub] totalFees
        - [Pub] deliver #
        - [Pub] reflectionFromToken
        - [Pub] tokenFromReflection
        - [Pub] excludeFromReward #
           - modifiers: onlyOwner
        - [Ext] includeInReward #
           - modifiers: onlyOwner
        - [Ext] excludeFromFee #
           - modifiers: onlyOwner
        - [Ext] setBlackList #
           - modifiers: onlyOwner
        - [Ext] includeInFee #
           - modifiers: onlyOwner
        - [Ext] setBuyFee #
           - modifiers: onlyOwner
        - [Ext] setSellFee #
           - modifiers: onlyOwner
        - [Ext] setNumTokensSellToAddToLiquidity #
           - modifiers: onlyOwner
        - [Ext] updateRouter #
           - modifiers: onlyOwner
        - [Ext] setMaxWallet #
           - modifiers: onlyOwner
        - [Ext] setMaxBuyAmount #
           - modifiers: onlyOwner
        - [Ext] setMaxSellAmount #
           - modifiers: onlyOwner
        - [Pub] setSwapAndLiquifyEnabled #
           - modifiers: onlyOwner
        - [Ext] claimStuckTokens #
           - modifiers: onlyOwner
        - [Ext]  ($)
        - [Prv] _reflectFee #
        - [Prv] _getValues
        - [Prv] _getTValues
        - [Prv] _getRValues
        - [Prv] _getRate
        - [Prv] _getCurrentSupply
        - [Prv] _takeLiquidity #
        - [Prv] _takeRewardAndMarketing #
        - [Prv] calculateTaxFee
        - [Prv] calculateLiquidityFee
        - [Prv] calculateBuyBackFee
        - [Prv] calculateMarketingFee
        - [Prv] removeAllFee #
        - [Prv] setBuy #
        - [Prv] setSell #
        - [Pub] isExcludedFromFee
        - [Prv] _approve #
        - [Prv] _transfer #
        - [Prv] swapAndConvert #
           - modifiers: lockTheSwap
        - [Prv] swapTokensForBNB #
        - [Prv] swapBNBForBUSD #
        - [Prv] swapTokensForBUSD #
           - modifiers: lockTheSwap
        - [Prv] addLiquidity #
        - [Prv] _tokenTransfer #
        - [Prv] _transferStandard #
        - [Prv] _transferToExcluded #
        - [Prv] _transferFromExcluded #
        - [Prv] _transferBothExcluded #