DAOvc - Smart Contract Audit Report

Summary

DAOvc Audit Report DAOvc Governance Token ($DAOvc) is a new token on the Ethereum blockchain that enables token holders to vote on proposals.

We audited DAOvc's governance token contract at 0x284b59cf2539544559c6efa11e2795e06d535345 on the Ethereum blockchain mainnet.

Overview of the Contract:
  • The initial total supply of the token is set to 100 million $DAOvc [100,000,000].
  • 75.86% of the token supply is in possession of an Unverified Contract.
  • 7.66% of the token supply is in possession of another Unverified Contract.
  • 6.34% of the token supply is in possession of a third Unverified Contract.
  • 2.40% of the token supply is currently held in a Bridge Contract.
  • There is currently 0.98% of the supply held in Uniswap-USDT liquidity.
  • Out of that liquidity, 44.40% is currently locked in a Uniswap v2 Token Locking Contract that will vest to the team on March 7th, 2022.
  • The remaining portion of the liquidity is unlocked.

  • The DAOvc token is designed to be a governance token where 1 token = 1 vote.
  • Another contract will be needed to collect votes and execute transactions on behalf of the governance token holders.
  • Token holders can delegate their voting rights to any address at any time. Holders who have delegated their voting rights may also remove their delegation at any time, and must do so if they wish to transfer an amount of tokens that are currently delegated.

  • The contract utilizes an "Access Control" contract which enables the deployer (ADMIN) of the contract to assign various roles to accounts.
  • Tokens can be minted by the accounts that are assigned to the "MINTER" Role.
  • Tokens can be burned by the accounts that are assigned to the "BURNER" Role. The BURNER has the ability to burn any amount of tokens from any address at any time.
  • The circulating supply can also be reduced if holders elect to transfer tokens to the 0x..dead address.
  • Accounts with the "SERVICE" Role have the ability to add and remove addresses from the "whitelist".
  • Whitelisted accounts have the ability to delegate votes beyond the number of maximum votes that otherwise applies to non-whitelisted addresses.

  • The "_totalSupply" state variable could have been declared constant to save some gas.
  • The following functions could have been declared external instead of public to save some gas: delegate(), getDelegatedTo(), removeDelegation(), addToWhiteList(), deleteFromWhiteList(), and mint().
  • The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.

Audit Findings Summary
  • No security threats were identified.
  • Ensure trust in the team prior to investing as they have significant control in the ecosystem.
  • Date: September 27th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  ERC20 (Context, IERC20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Lib] EnumerableSet 
    - [Prv] _add #
    - [Prv] _remove #
    - [Prv] _contains
    - [Prv] _length
    - [Prv] _at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at
    - [Int] add #
    - [Int] remove #
    - [Int] contains
    - [Int] length
    - [Int] at

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 +  AccessControl (Context)
    - [Pub] hasRole
    - [Pub] getRoleMemberCount
    - [Pub] getRoleMember
    - [Pub] getRoleAdmin
    - [Pub] grantRole #
    - [Pub] revokeRole #
    - [Pub] renounceRole #
    - [Int] _setupRole #
    - [Int] _setRoleAdmin #
    - [Prv] _grantRole #
    - [Prv] _revokeRole #

 +  DAOVCGovToken (ERC20, AccessControl)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] delegate #
    - [Pub] transfer #
    - [Pub] transferFrom #
    - [Pub] getDelegatedBy
    - [Pub] getDelegatedTo
    - [Pub] removeDelegation #
    - [Pub] addToWhiteList #
    - [Pub] deleteFromWhiteList #
    - [Pub] mint #
    - [Ext] burn #
    - [Int] _beforeTokenTransfer #