Bxie Infinity - Audit Report

Summary

Bxie Infinity ($BXS) is a new BEP20 token on the Binance Smart Chain.

We audited Bxie Infinity's token contract that is deployed at 0xF2E71B054B6b0F3C5513Af505E6c072008ECFaCD on the Binance Smart Chain mainnet.

Notes on the Contract:
  • The total supply of the token is initially set to 2.7 billion [2,700,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 100% of the total supply belongs to the owner as the contract was recently deployed.

  • If a user grants an approval for the "Mainchain Gateway" wallet controlled by the team to spend any amount of tokens on their behalf, the Mainchain Gateway wallet can repeatedly call the TransferFrom() function and send the granted amount of tokens to any wallet as the allowances are not properly updated after each transferFrom() call by the Mainchain Gateway wallet.
  • The owner can update the Mainchain Gateway wallet controlled by the team to any address at any time.
  • The owner can withdraw any BNB or BEP20 tokens from the contract address balance.
  • As the contract is deployed with Solidity v0.8.x, it is protected from overflows.
  • Some functions could have been declared external instead of public to save some gas, but as this is already deployed this is merely informational.
Audit Findings Summary
  • No external threats were identified.
  • WARNING: A team wallet can spend more tokens than allowed on another user's behalf if any approval has been granted by the user. The team claims that centralized controls such as this, are needed to support their game.
  • Ensure trust in the team as the owner has control over the total token supply.
  • Date: November 24th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlA team wallet can spend more tokens than allowed on another user's behalf if any approval has been granted by the user.WARNING/ACKNOWLEDGED
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety WARNING

Function Graph

ERC20 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 +  BXS (Ownable, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Ext] setGateway #
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Ext]  ($)
    - [Ext] sweepBNB #
       - modifiers: onlyOwner
    - [Ext] sweepToken #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #