Avatar Token - Smart Contract Audit Report
Summary
Avatar Token is a new ERC20 token that is used to support the team's blockchain based gaming platform.
We audited the project team's AvatarToken contract using code provided to us by the project team.
Notes on the Contract:Audit Findings Summary
- As the contract has not yet been deployed to the mainnet, there was no token allocation for our team to analyze.
- The contract features a maximum supply variable, however it is not enforced within the contract's logic.
- We recommend that the team modifies their mint function to include a statement that requires the sum of the totalsupply and minted amount be less than the maximum supply value.
- The owner has the ability to mint tokens to any address at any time.
- Any user can burn their own tokens to reduce the total supply.
- There is a buy fee and a sell fee applied on all transactions when the UniswapV2Pair is either the sender or the recipient. The fees that are collected on transfers are sent directly to the team's "taxAddress".
- The owner has the ability to modify the buy fee to any percentage less than 5% and modify the sell fee to any percentage less than 8%.
- The owner has the ability to update the "taxAddress" to any address at any time.
- The contract features an earnRewards() function that can only be called by the teams assigned manager. When called, the manager (or Awarder) can mint any amount of tokens as a reward to the "winner" address less than the maximum reward cap of 45 million tokens.
- The owner has the ability to assign any address to the manager role at any time.
- The contract complies with the ERC20 standard.
- As the project is deployed with Solidity v0.8.0, it is protected from overflows.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have control over the total token supply via minting.
- Date: September 8th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Int] IManager
- [Ext] p2per
- [Ext] battlefields
- [Ext] trainingfields
- [Ext] evolvers
- [Ext] markets
- [Ext] awarders
- [Ext] farmOwners
- [Ext] timesBattle
- [Ext] timeLimitBattle
- [Ext] generation
- [Ext] priceCard
- [Ext] feeChangeSpirit
- [Ext] feeSummon
- [Ext] feeUpgradeGeneration
- [Ext] taxAddress
- [Ext] rateBattleReward
- [Ext] rateBattleExp
- [Ext] rateBattleLoseRate
- [Ext] feeMarketTaker
- [Ext] feeMarketMaker
- [Ext] p2pRate
- [Ext] feeTransferNFT
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ AvatarToken (Ownable, ERC20)
- [Pub] ($)
- modifiers: ERC20
- [Ext] mint #
- modifiers: onlyOwner
- [Pub] burn #
- [Ext] setTaxAddress #
- modifiers: onlyOwner
- [Ext] setPlayToEarnReward #
- modifiers: onlyOwner
- [Ext] setManager #
- modifiers: onlyOwner
- [Ext] setSellFeeRate #
- modifiers: onlyOwner
- [Ext] setBuyFeeRate #
- modifiers: onlyOwner
- [Int] _transfer #
- [Ext] earnRewards #
- modifiers: onlyAwarders