BABY FOX TOKEN - Smart Contract Audit Report
BABY FOX TOKEN ($BFT) is a new BEP20 token on the Binance Smart Chain that pays out static rewards to holders.
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and currently own 86.75% of the total supply.
Date: January 5th, 2022.
Babyfox.sol - Finding #1 - LowDescription: The Pancakeswap Pair address is currently not excluded from rewards.
Risk/Impact: Extra tokens will be unaccounted for in the liquidity pool. These tokens will be prone to a theft-of-liquidity attack. The impact this would have on the project overall is very minor.
Recommendation: The project team should exclude the Pancakeswap Pair address from rewards using the excludeAccount() function.
- The total supply of the token is set to 100 trillion $BFT [100,000,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 86.75% of the total supply belongs to the owner.
- The next five holders own a cumulative 11.01% of the total supply.
- There is a Tax fee and a Burn fee on all transfers where neither the sender nor the recipient is excluded from fees.
- The tokens collected from the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
- The tokens collected from the Burn fee are sent to the 0x..dead address.
- The Pancakeswap Pair address is currently not excluded from rewards which will cause extra tokens to be unaccounted for in the liquidity pool. These extra tokens are prone to a theft-of-liquidity attack, however the impact this would have on the project overall is very minor. We strongly recommend that the team excludes the Pancakeswap Pair address from rewards to resolve this issue.
- The contract complies with the BEP-20 token standard.
- The contract utilizes the SafeMath library to prevent overflows/underflows.
- Some gas optimizations can be achieved through declaring functions external instead of public and some state variables constant. As the contract is already deployed, this is merely informational.
- Ownership has not been renounced.
- The owner can modify the Tax fee and Burn fee to any percentages at any time.
- The owner can exclude and include accounts from reward distribution.
- The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
- The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
- We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
|Arbitrary Storage Write||N/A||PASS|
|Centralization of Control||WARNING|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|Logical Issues||The Pancakeswap Pair address is currently not excluded from rewards which will cause extra tokens to be unaccounted for in the liquidity pool.||WARNING|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||WARNING|
($) = payable function # = non-constant function + Context - [Int] _msgSender - [Int] _msgData + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + Ownable (Context) - [Int]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Pub] geUnlockTime - [Pub] lock # - modifiers: onlyOwner - [Pub] unlock # + babyfox (Context, IERC20, Ownable) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Pub] isExcluded - [Pub] totalFees - [Pub] deliver # - [Pub] reflectionFromToken - [Pub] tokenFromReflection - [Ext] excludeAccount # - modifiers: onlyOwner - [Ext] includeAccount # - modifiers: onlyOwner - [Prv] _approve # - [Prv] _transfer # - [Prv] _transferStandard # - [Prv] _transferToExcluded # - [Prv] _transferFromExcluded # - [Prv] _transferBothExcluded # - [Prv] _reflectFee # - [Prv] _getValues - [Prv] _getTValues - [Prv] _getRValues - [Prv] _getRate - [Prv] _getCurrentSupply - [Prv] _burn # - [Prv] calculateTaxFee - [Prv] calculateBurnFee - [Prv] removeAllFee # - [Prv] restoreAllFee # - [Pub] _getTaxFee - [Pub] _getBurnFee - [Pub] _getMaxTxAmount - [Ext] _setTaxFee # - modifiers: onlyOwner - [Ext] _setBurnFee # - modifiers: onlyOwner