Any Printer - Smart Contract Audit Report

Summary

AnyPrinter Audit Report AnyPrinter is a new dividend paying token with fee collection for liquidity adds and a buyback system for burning supply.

For this audit, we reviewed the AnyPrinter contract provided to us by the project team.

Audit Findings

Buyback functionality may be susceptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the buyback system. Setting the buyback threshold to a relatively low value can also mitigate susceptibility to front-running.

Please ensure trust in the team prior to investing as they have some control in the ecosystem.
Date: January 23th, 2022.

Finding #1 - AnyPrinter - Informational

Description: Several functions are declared public, but are never called internally. Several state variables can never be modified, but are not declared constant.
Functions:
setAutomatedMarketMakerPair, setFree, unSetFree, checkFree, getCirculatingSupply

State Variables:
BASE, DEAD_NON_CHECKSUM, ZERO, _totalSupply 

Recommendation: We recommend declaring these functions external and declaring these state variables constant for additional gas savings on each call.

Contract Overview

  • The total supply of the token is set to 1 billion $ANYP (1,000,000,000).
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • Initially, 100% of the total supply will be held by the owner.

  • There is a maximum transaction amount of 20 million $ANYP (2% of the total supply) on all transfers where neither the sender nor the recipient is excluded.
  • There is a maximum wallet amount of 20 million $ANYP (2% of the total supply) on all transfers where the recipient is not excluded.
  • There is a Liquidity fee, "Reflection" fee, Marketing fee, and Buyback fee on all transfers where neither the sender nor the recipient is excluded from fees.
  • The fees that are charged on transfers are stored in the contract address balance. Once a threshold value of $ANYP (specified by the team) is met, the tokens collected as fees are swapped for ETH for the purpose of being distributed to the Dividend Distributor Contract, buyback process, team wallets, and to support the automatic Uniswap liquidity adding mechanism.
  • The swap process threshold is checked everytime a user liquidates any $ANYP.
  • Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received ETH with the token, and adding it as liquidity to the ETH pair.
  • The liquidity tokens received through this process are sent to the team's wallet. We recommend that the team locks these newly acquired LP tokens.
  • The portion of the tokens collected from the Marketing fee and swapped for ETH are sent to the team's Marketing wallet.
  • The portion of the tokens collected from the Reflection fee and swapped for ETH are sent to the Dividend Distributor Contract by use of the deposit function. The ETH that is received by the contract is stored in the contract address until dividends are distributed.
  • The final portion of the tokens collected from the buyback fee and swapped for ETH are held in the contract balance. Once a threshold value of ETH (specified by the team) is exceeded in the contract balance, it is used to purchase $ANYP back from the liquidity pool.
  • The contract's automatic buyback functionality is disabled by default and requires a buyback amount, maximum total buyback limit, and cooldown period.
  • We recommend the buyback threshold be set to a relatively low value to mitigate susceptibilty to front-running.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Alternatively, a user can manually claim dividends.
  • Users can grant other users the abilty to claim their rewards.
  • Claimed dividends are sent to the user's wallet address.

  • The owner can assign any address to an Authorized role which can be used to maintain control over various role-restricted functions within the contract.
  • The owner can exempt users from the maximum wallet amount at any time.
  • The owner can toggle the blacklistMode at any time.
  • The blacklistMode functionality limits the available reward addresses of which users can claim rewards from.
  • The owner can update the UniswapV2Router and Automated Market Maker Pair addresses at any time.
  • The owner can withdraw the entire contract balance at any time.
  • The owner can withdraw the dividend reward balance at any time.
  • The owner can transfer any foreign tokens stored in the contract to any address.

  • Authorized addresses can toggle and set the buyback settings at any time.
  • Authorized addresses can set the maximum wallet and transaction amount at any time.
  • Authorized addresses can toggle and set the swap and liquify threshold at any time.
  • Authorized addresses can toggle the transfer fee functionality at any time.
  • Authorized addresses can grant users eligibility to collect dividends at any time.
  • Authorized addresses can set each fee amount to any value at any time; a seperate fee structure may be applied for buys and for sells.
  • Authorized addresses can update any of the fee addresses at any time.
  • Authorized addresses can exempt addresses from transfer fees at any time.
  • Authorized addresses can exempt users from the transaction limit at any time.
  • As the contracts are developed with Solidity 0.8.x, they are protected from overflow/underflow attacks along with following the BEP20 standard.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The owner can set total fees up to 100%.
  • Authorized addresses can withdraw any ETH or tokens from either contract address at any time.
  • The team's Liquidity wallet is the recipient of the LP tokens generated from the automatic liquidity add process.
  • WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Logical IssuesN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Function Graph

    BEP20 Token Graph

    Inheritence Chart

    Multi-file Token

    Functions Overview

    												
    ($) = payable function
     # = non-constant function
    
     + [Lib] SafeMath 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  Auth 
        - [Pub]  #
        - [Pub] authorize #
           - modifiers: onlyOwner
        - [Pub] unauthorize #
           - modifiers: onlyOwner
        - [Pub] isOwner
        - [Pub] isAuthorized
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     + [Int] IDEXFactory 
        - [Ext] createPair #
        - [Ext] getPair
    
     + [Int] IDEXRouter 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     + [Int] IDividendDistributor 
        - [Ext] setShare #
        - [Ext] deposit ($)
    
     +  DividendDistributor (IDividendDistributor, Auth)
        - [Pub]  #
           - modifiers: Auth
        - [Ext]  ($)
        - [Pub] getTotalRewards
        - [Pub] getTotalRewardsToUser
        - [Pub] checkCanClaimDividendOfUser
        - [Pub] setReward #
           - modifiers: onlyOwner
        - [Pub] setPathReward #
           - modifiers: onlyOwner
        - [Pub] setBlacklistMode #
           - modifiers: onlyOwner
        - [Ext] changeRouterVersion #
           - modifiers: onlyOwner
        - [Ext] setShare #
           - modifiers: onlyToken
        - [Ext] deposit ($)
           - modifiers: onlyToken
        - [Int] distributeDividend #
        - [Pub] makeApprove #
           - modifiers: onlyOwner
        - [Ext] claimDividend #
        - [Ext] claimDividendOfUser #
        - [Ext] setClaimDividendOfUser #
        - [Pub] getUnpaidEarnings
        - [Int] getCumulativeDividends
        - [Int] addShareholder #
        - [Int] removeShareholder #
        - [Ext] Sweep #
           - modifiers: onlyOwner
        - [Ext] transferForeignToken #
           - modifiers: onlyOwner
    
     +  AnyPrinter (IBEP20, Auth)
        - [Pub]  #
           - modifiers: Auth
        - [Ext]  ($)
        - [Ext] totalSupply
        - [Ext] decimals
        - [Ext] symbol
        - [Ext] name
        - [Ext] getOwner
        - [Pub] balanceOf
        - [Ext] allowance
        - [Pub] approve #
        - [Ext] approveMax #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Int] _transferFrom #
        - [Int] _basicTransfer #
        - [Int] checkTxLimit
        - [Int] shouldTakeFee
        - [Pub] getTotalFee
        - [Int] takeFee #
        - [Int] shouldSwapBack
        - [Pub] setAutomatedMarketMakerPair #
           - modifiers: onlyOwner
        - [Prv] _setAutomatedMarketMakerPair #
        - [Int] swapBack #
           - modifiers: swapping
        - [Int] shouldAutoBuyback
        - [Int] triggerAutoBuyback #
        - [Int] buyTokens #
           - modifiers: swapping
        - [Ext] Sweep #
           - modifiers: onlyOwner
        - [Ext] transferForeignToken #
           - modifiers: onlyOwner
        - [Ext] setAutoBuybackSettings #
           - modifiers: authorized
        - [Ext] setMaxWallet #
           - modifiers: authorized
        - [Ext] setTxLimit #
           - modifiers: authorized
        - [Ext] setMinAmountToTriggerSwap #
           - modifiers: authorized
        - [Ext] setIsFeeOnTransferEnabled #
           - modifiers: authorized
        - [Ext] setIsDividendExempt #
           - modifiers: authorized
        - [Ext] setIsFeeExempt #
           - modifiers: authorized
        - [Ext] setIsTxLimitExempt #
           - modifiers: authorized
        - [Pub] setFree #
           - modifiers: onlyOwner
        - [Pub] unSetFree #
           - modifiers: onlyOwner
        - [Pub] checkFree
           - modifiers: onlyOwner
        - [Ext] setFees #
           - modifiers: authorized
        - [Ext] setFeeReceivers #
           - modifiers: authorized
        - [Ext] setSwapBackSettings #
           - modifiers: authorized
        - [Pub] getCirculatingSupply
        - [Ext] changeRouterVersion #
           - modifiers: onlyOwner