Camistry - Smart Contract Audit Report
Camistry ($CEX) is a new community-driven DeFi token on the Binance Smart Chain that is an automatic liquidity providing protocol.
Notes on the Contract:
Audit Findings Summary
- The total supply of the token is set to 10 billion $CEX [10,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 26.6% of the total $CEX token supply is in possession of the owner.
- 19.38% of the total supply has been sent to the Burn address.
- 11.36% of the total supply is stored in an Unverified contract.
- 4% of the total supply is in Pancakeswap liquidity.
- Of that liquidity, 99.99% of the LP tokens are stored in an Unverified contract.
- 3.85% of the total supply is stored in an GnosisSafeProxy contract.
- The next five holders own a cumulative 6.23% of the total supply.
- There is a 1% Transfer tax on all transactions for any "non-excluded" address that participates in a transfer with Pancakeswap.
- The tokens collected from Transfer tax are stored in the contract and, once a threshold value is met, are used to fund Pancakeswap liquidity.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold as determined by the owner is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair. The amount of tokens that are used to perform this liquidity add cannot exceed the maximum transfer amount of the contract.
- The recipient of the newly created LP tokens is the owner. The team is responsible for locking these newly acquired LP tokens.
- The contract features antiwhale logic which prevents a user from trading more than the maximum transaction amount and prevents a user from trading before the specified start block time set by the owner has elapsed.
- The contract features a blacklist which prevents specified accounts from being able to participate in transfers.
- The contract features a cool down mechanism when buying from or selling to Pancakeswap, which disallows a user from making another trade until after the cool down time (set by the operator) has elapsed since the user's previous trade. This also disallows flash loans from being utilized against the liquidity pool.
- As the contract is deployed with Solidity v0.8.x it is protected from overflows.
- The contract utilizes an Operator role. The assigned operator address has access to certain functionality of the contract.
- Ownership has not been renounced.
- The operator can enable/disable all buying and selling with Pancakeswap at any time. The owner is exempt from this restriction when both buying and selling are disabled. The contract address is exempt from this restriction when only selling is disabled.
- The operator can exclude accounts from the Transfer tax.
- The operator can enable/disable automatic liquidity adds at any time.
- The operator can update the threshold value of tokens needed to perform automatic liquidity adds to any value at any time.
- The operator can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred to or from Pancakeswap when antiwhale functionality is toggled on.
- The operator can update the cool down time to any amount of time under 8 hours, as well as disable the cool down functionality altogether.
- The operator can exclude accounts from the antiwhale and cool down mechanisms.
- The operator can add any account to the blacklist.
- The operator can update the Pancakeswap Router address at any time.
- The operator can transfer their role to any address at any time.
- The owner can update the start block time (which is enforced in the antiwhale logic) to any value at any time.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Date: November 2nd, 2021
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + [Int] IUniswapV2Factory - [Ext] feeTo - [Ext] feeToSetter - [Ext] getPair - [Ext] allPairs - [Ext] allPairsLength - [Ext] createPair # - [Ext] setFeeTo # - [Ext] setFeeToSetter # + [Int] IUniswapV2Pair - [Ext] name - [Ext] symbol - [Ext] decimals - [Ext] totalSupply - [Ext] balanceOf - [Ext] allowance - [Ext] approve # - [Ext] transfer # - [Ext] transferFrom # - [Ext] DOMAIN_SEPARATOR - [Ext] PERMIT_TYPEHASH - [Ext] nonces - [Ext] permit # - [Ext] MINIMUM_LIQUIDITY - [Ext] factory - [Ext] token0 - [Ext] token1 - [Ext] getReserves - [Ext] price0CumulativeLast - [Ext] price1CumulativeLast - [Ext] kLast - [Ext] mint # - [Ext] burn # - [Ext] swap # - [Ext] skim # - [Ext] sync # - [Ext] initialize # + [Int] IUniswapV2Router01 - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] removeLiquidity # - [Ext] removeLiquidityETH # - [Ext] removeLiquidityWithPermit # - [Ext] removeLiquidityETHWithPermit # - [Ext] swapExactTokensForTokens # - [Ext] swapTokensForExactTokens # - [Ext] swapExactETHForTokens ($) - [Ext] swapTokensForExactETH # - [Ext] swapExactTokensForETH # - [Ext] swapETHForExactTokens ($) - [Ext] quote - [Ext] getAmountOut - [Ext] getAmountIn - [Ext] getAmountsOut - [Ext] getAmountsIn + [Int] IUniswapV2Router02 (IUniswapV2Router01) - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens # - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens # - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Int] functionStaticCall - [Int] functionStaticCall - [Int] functionDelegateCall # - [Int] functionDelegateCall # - [Prv] _verifyCallResult + [Lib] SafeBEP20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + [Int] IBEP20 - [Ext] totalSupply - [Ext] decimals - [Ext] symbol - [Ext] name - [Ext] getOwner - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + BEP20 (Context, IBEP20, Ownable) - [Pub] # - [Ext] getOwner - [Pub] name - [Pub] decimals - [Pub] symbol - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _beforeTokenTransfer # + CamistryToken (BEP20) - [Pub] # - modifiers: BEP20 - [Ext] ($) - [Int] _transfer # - modifiers: antiWhale - [Prv] swapAndLiquify # - modifiers: lockTheSwap,transferTaxFree - [Prv] swapTokensForBnb # - [Prv] addLiquidity # - [Pub] maxTransferAmount - [Pub] isExcludedFromFees - [Pub] isExcludedFromAntiWhale - [Pub] isExcludedFromLimitSwap - [Pub] isBlacklisted - [Pub] updateMaxTransferAmountRate # - modifiers: onlyOperator - [Pub] updateMinAmountToLiquify # - modifiers: onlyOperator - [Pub] setExcludeFromFees # - modifiers: onlyOperator - [Pub] excludeMultipleAccountsFromFees # - modifiers: onlyOperator - [Pub] setExcludedFromAntiWhale # - modifiers: onlyOperator - [Pub] setExcludedFromLimitSwap # - modifiers: onlyOperator - [Pub] UpdateLimitSwap # - modifiers: onlyOperator - [Pub] UpdateTimeLimitSwap # - modifiers: onlyOperator - [Pub] updateSwapAndLiquifyEnabled # - modifiers: onlyOperator - [Pub] updateCEXSwapRouter # - modifiers: onlyOperator - [Pub] UpdateStartBlockSwap # - modifiers: onlyOwner - [Pub] setSelling # - modifiers: onlyOperator - [Pub] setBuying # - modifiers: onlyOperator - [Ext] blacklistAddress # - modifiers: onlyOperator - [Pub] operator - [Pub] transferOperator # - modifiers: onlyOperator