BABY FOX TOKEN - Smart Contract Audit Report

Summary

BABY FOX TOKEN Audit Report BABY FOX TOKEN ($BFT) is a new BEP20 token on the Binance Smart Chain that pays out static rewards to holders.

We reviewed the Babyfox contract at 0xD0ccb5fBe458ECC697220b354fA3ACD7fe64c6A2 on the Binance Smart Chain mainnet.

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and currently own 86.75% of the total supply.
Date: January 5th, 2022.

Babyfox.sol - Finding #1 - Low

Description: The Pancakeswap Pair address is currently not excluded from rewards.
Risk/Impact: Extra tokens will be unaccounted for in the liquidity pool. These tokens will be prone to a theft-of-liquidity attack. The impact this would have on the project overall is very minor.
Recommendation: The project team should exclude the Pancakeswap Pair address from rewards using the excludeAccount() function.

Contract Overview

  • The total supply of the token is set to 100 trillion $BFT [100,000,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 86.75% of the total supply belongs to the owner.
  • The next five holders own a cumulative 11.01% of the total supply.

  • There is a Tax fee and a Burn fee on all transfers where neither the sender nor the recipient is excluded from fees.
  • The tokens collected from the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected from the Burn fee are sent to the 0x..dead address.
  • The Pancakeswap Pair address is currently not excluded from rewards which will cause extra tokens to be unaccounted for in the liquidity pool. These extra tokens are prone to a theft-of-liquidity attack, however the impact this would have on the project overall is very minor. We strongly recommend that the team excludes the Pancakeswap Pair address from rewards to resolve this issue.
  • The contract complies with the BEP-20 token standard.
  • The contract utilizes the SafeMath library to prevent overflows/underflows.
  • Some gas optimizations can be achieved through declaring functions external instead of public and some state variables constant. As the contract is already deployed, this is merely informational.
Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the Tax fee and Burn fee to any percentages at any time.
  • The owner can exclude and include accounts from reward distribution.
  • The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
  • The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
  • We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The team can set each fee up to 100%.
  • The owner is currently in possession of 86.75% of the total supply.
  • WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Logical IssuesThe Pancakeswap Pair address is currently not excluded from rewards which will cause extra tokens to be unaccounted for in the liquidity pool.WARNING
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety WARNING

    Function Graph

    ERC20 Token Graph


    Inheritance Chart

    Multi-file Token


    Functions Overview

    
     ($) = payable function
     # = non-constant function
     
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Prv] _functionCallWithValue #
    
     +  Ownable (Context)
        - [Int]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Pub] geUnlockTime
        - [Pub] lock #
           - modifiers: onlyOwner
        - [Pub] unlock #
    
     +  babyfox (Context, IERC20, Ownable)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] isExcluded
        - [Pub] totalFees
        - [Pub] deliver #
        - [Pub] reflectionFromToken
        - [Pub] tokenFromReflection
        - [Ext] excludeAccount #
           - modifiers: onlyOwner
        - [Ext] includeAccount #
           - modifiers: onlyOwner
        - [Prv] _approve #
        - [Prv] _transfer #
        - [Prv] _transferStandard #
        - [Prv] _transferToExcluded #
        - [Prv] _transferFromExcluded #
        - [Prv] _transferBothExcluded #
        - [Prv] _reflectFee #
        - [Prv] _getValues
        - [Prv] _getTValues
        - [Prv] _getRValues
        - [Prv] _getRate
        - [Prv] _getCurrentSupply
        - [Prv] _burn #
        - [Prv] calculateTaxFee
        - [Prv] calculateBurnFee
        - [Prv] removeAllFee #
        - [Prv] restoreAllFee #
        - [Pub] _getTaxFee
        - [Pub] _getBurnFee
        - [Pub] _getMaxTxAmount
        - [Ext] _setTaxFee #
           - modifiers: onlyOwner
        - [Ext] _setBurnFee #
           - modifiers: onlyOwner