Bigcoin - Smart Contract Audit Report
Audit Summary
Bigcoin ($BIG) is a new BEP-20 token on the Binance Smart Chain that pays out static rewards to holders.
Audit Findings
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and currently own 100% of the total supply.
Date: January 15th, 2022.CoinToken.sol - Finding #1 - Low
Description: The owner can use the lock() function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the unlock() function.Risk/Impact: The unlock function has the potential to be used after ownership has been set to address(0), which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.function lock(uint256 time) public virtual onlyOwner { _previousOwner = _owner; _owner = address(0); _lockTime = block.timestamp + time; emit OwnershipTransferred(_owner, address(0)); } function unlock() public virtual { require( _previousOwner == msg.sender, "You don't have permission to unlock" ); emit OwnershipTransferred(_owner, _previousOwner); _owner = _previousOwner; }
Recommendation: We recommend that the unlock function be modified to set the previous owner variable equal to address(0) at the end of the unlock function to prevent it from being used more than once per lock.CoinToken.sol - Finding #2 - Gas Optimization
Description: The addLiquidity() function is never called in the contract.Recommendation: The project team should remove this function from the contract to optimize deployment costs.function addLiquidity(uint256 tokenAmount, uint256 ethAmount) private { // approve token transfer to cover all possible scenarios _approve(address(this), address(uniswapV2Router), tokenAmount); // add the liquidity uniswapV2Router.addLiquidityETH{value: ethAmount}( address(this), tokenAmount, 0, // slippage is unavoidable 0, // slippage is unavoidable owner(), block.timestamp); }
Contract Overview
Ownership Controls:
- The total supply of the token is set to 21 million $BIG [21,000,000].
- No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, 65.59% of the total supply belongs to the deployer.
- At the time of writing this report, 32.88% of the total supply belongs to a KIPS Locked Wallet.
- The next five holders own a cumulative 1.23% of the total supply.
- There is a Tax fee, Liquidity fee, Buyback fee, and Marketing fee on all transfers where neither the sender nor the recipient is excluded from fees.
- The tokens collected from the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
- The tokens collected from the Liquidity fee during transfers are stored in the contract address balance. Once the threshold value of tokens (determined by the owner) is met, the tokens are swapped for BNB. A portion of this BNB will be sent to the Liquidity Pool address set by the team. Another portion of the BNB received through this process is sent to the team's Marketing wallet.
- On each transfer that occurs while the minimum threshold (determined by the owner) is met, the protocol will spend 1% of its BNB balance toward buying $BIG tokens that are subsequently be burned.
- Although the SafeMath library is utilized, the contract is deployed with Solidity v0.8.x which has built-in overflow checks. SafeMath could be safely removed to reduce contract size and deployment costs.
- Ownership has not been renounced.
- The owner can modify the Tax fee, Buyback fee, and Marketing fee to any percentages at any time. The liquidity fee percentage is the sum of the Buyback fee percentage and Marketing fee percentage. The owner must exercise caution when modifying fees as the Liquidity fee is responsible for funding the BNB for the Liquidity Pool.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner can enable/disable automatic liquidity adds and the buyback functionality at any time.
- The owner can update the threshold number of tokens needed to trigger automatic liquidity adds
- The contract includes a Presale() function that allows the owner to set fees to 0, disable automatic liquidity adds, and set the max transaction amount to 100% of the total token supply.
- The owner can update the team's Marketing wallet to any address at any time.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] getUnlockTime
- [Pub] getTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ CoinToken (Context, IERC20, Ownable)
- [Pub] ($)
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcludedFromReward
- [Pub] totalFees
- [Pub] minimumTokensBeforeSwapAmount
- [Pub] buyBackUpperLimitAmount
- [Pub] deliver #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] swapTokens #
- modifiers: lockTheSwap
- [Prv] buyBackTokens #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] swapETHForTokens #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] calculateTaxFee
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Pub] isExcludedFromFee
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Ext] setTaxFee #
- modifiers: onlyOwner
- [Ext] setBuybackFee #
- modifiers: onlyOwner
- [Ext] setMaxTxAmount #
- modifiers: onlyOwner
- [Ext] setMarketingFee #
- modifiers: onlyOwner
- [Ext] setNumTokensSellToAddToLiquidity #
- modifiers: onlyOwner
- [Ext] setBuybackUpperLimit #
- modifiers: onlyOwner
- [Ext] setMarketingAddress #
- modifiers: onlyOwner
- [Pub] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Pub] setBuyBackEnabled #
- modifiers: onlyOwner
- [Ext] presale #
- modifiers: onlyOwner
- [Prv] transferToAddressETH #
- [Ext] ($)