| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Block Ape Scissors - Smart Contract Audit Report
Summary
Block Ape Scissors ($BAS) is a new token contract on the Binance Smart Chain that contains the functionality of frictionless fee redistribution and an innovative design for allocating fees.
Notes on the BAS Token Contract:Audit Findings Summary
- The total supply of the token is initially set to one hundred million [100,000,000] $BAS.
- There are not any mint or burn functions present, although any of the fee addresses can be set to the burn address to act as a deflationary mechanism.
- At the time of writing, the owner of the contract is in posession of 35% of the total $BAS supply that the team claims will be used for marketing.
- 10.60% of the total supply is in the PancakeSwap V2 Liquidity Pool.
- 98.68% of that liquidity is in an unverified contract.
- There are 110 various vesting contracts that were created from a "private sale" that each contain anywhere from 0.01%-0.75% of the total token supply.
- The largest $BAS holder that is a non-contract address holds about 0.41% of the total supply.
- 0.23% of the total supply has been burned.
- There is a 'Holder Fee', 'Marketing Fee' 'Liquidity Fee', “Operations Fee”, “Buyback Fee”, “Prize Pool Fee”, ”Bounties Fee”, and “DAO Treasury Fee” on all transactions for any "non-excluded" address that participates in a transfer. The owner has the ability to modify these fees to any percentage ranging from 0% to 10% at any time. The total fees incurred on any transfer cannot exceed 10%.
- The owner can update the "Fee Allocations" to change the fee distribution for all 8 fees listed above.
- The liquidity fee does not automatically provide liquidity, but rather goes to an address of the team's choosing.
- The "Holder Fee" is redistributed to existing token holders instantly and automatically at the time of each transaction.
- The owner of the contract can exclude and include accounts from transfer fees and reward distribution.
- Ownership has not been renounced.
- Some functions could have been declared external instead of public to save some gas.
- The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.
Notes on the Vesting Contract:- This contract is used for vesting tokens to individual addresses.
- Upon deployment, the team will set the vesting unlock date for the tokens, and the address of the token to be used.
- Also upon deployment, the team will set the owner of the contract, who will later be able to claim the enclosed tokens.
- The team must manually send the tokens to be held in the contract to the contract after deployment.
- After the timestamp set upon deployment has passed, the owner of the contract will be able to claim all of the tokens held by the contract.
- Once the contract is deployed and the tokens are sent to the contract by the team, the team has no control over the contract or the tokens in it.
- The changeOwner() and withdraw() functions should be declared external instead of public to save some execution cost on each call.
- SafeMath is utilized to prevent overflow issues.
- No security threats were identified.
- Given that the owner holds more $BAS than the liquidity, this is considered an unhealthy token allocation.
- We recommend that the team renounces ownership to prevent the fee structure from being changed.
- Please ensure trust in the team prior to investing as they have substantial control within the ecosystem.
- Date: June 28th, 2021
- Updated: July 13th, 2021 to add the vesting.sol contract
Details: BAS Contract
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Prv] _verifyCallResult
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ BAS (Context, IERC20, Ownable)
- [Pub] #
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Ext] isExcludedFromRewards
- [Ext] isExcludedFromFees
- [Ext] totalFees
- [Ext] totalHolderFees
- [Ext] totalMarketingFees
- [Ext] totalLpFees
- [Ext] totalBuybackFees
- [Ext] totalOperationsFees
- [Ext] totalPrizePoolFees
- [Ext] totalDaoTreasuryFees
- [Ext] totalBountiesFees
- [Pub] distribute #
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] includeInFees #
- modifiers: onlyOwner
- [Pub] excludeFromRewards #
- modifiers: onlyOwner
- [Pub] includeInRewards #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _transferWithRewards #
- [Prv] _transferWithRecipientRewards #
- [Prv] _transferWithoutSenderRewards #
- [Prv] _transferWithoutRewards #
- [Prv] _updateHolderFee #
- [Prv] _updateMarketingFee #
- [Prv] _updateLpFee #
- [Prv] _updateOperationsFee #
- [Prv] _updateBuybackFee #
- [Prv] _updatePrizePoolFee #
- [Prv] _updateBountiesFee #
- [Prv] _updateDaoTreasuryFee #
- [Pub] rewardsFromToken
- [Pub] tokenWithRewards
- [Prv] _getValues
- [Prv] _getActualValues
- [Prv] _getRewardValues
- [Prv] _getRewardsRate
- [Prv] _getCurrentSupply
- [Prv] _getFee
- [Prv] _getHolderFee
- [Prv] _getMarketingFee
- [Prv] _getLpFee
- [Prv] _getOperationsFee
- [Prv] _getPrizePoolFee
- [Prv] _getBountiesFee
- [Prv] _getBuybackFee
- [Prv] _getDaoTreasuryFee
- [Ext] setTaxPercentage #
- modifiers: onlyOwner
- [Ext] setTaxAllocations #
- modifiers: onlyOwner
- [Ext] setMultiSigTaxAllocations #
- modifiers: onlyOwner
- [Ext] setMarketingAddress #
- modifiers: onlyOwner
- [Ext] setLpStakingAddress #
- modifiers: onlyOwner
- [Ext] setOperationsMultiSigAddress #
- modifiers: onlyOwner
- [Ext] setBuybackMultiSigAddress #
- modifiers: onlyOwner
- [Ext] setPrizePoolMultiSigAddress #
- modifiers: onlyOwner
- [Ext] setBountiesMultiSigAddress #
- modifiers: onlyOwner
- [Ext] setDaoTreasuryMultiSigAddress #
- modifiers: onlyOwner
Details: BAS Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ VestingContract
- [Pub] #
- [Pub] changeOwner #
- [Pub] withdraw #