DeFiant - Smart Contract Audit Report
Summary
DeFiant ($DeFi) is a new community-driven BEP20 token on the Binance Smart Chain that is an automatic liquidity providing protocol that pays out static rewards to holders.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is set to 1 quadrillion $DeFi [1,000,000,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 40% of the total supply has been sent to the 0x..dead address.
- 38.77% of the total supply belongs to a Pinksale Finance Presale contract.
- The remaining 21.23% of the total supply belongs to the owner.
- There is currently a 5% tax fee, a 3% liquidity fee, and a 5% burn fee on all transfers however these percentages can updated by the team to any percentages at any time.
- The tokens collected through the tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
- The tax fee is increased based on the amount of tokens being sold to Pancakeswap in a single transaction. The breakdown is as follows:
- Between 1 trillion and 5 trillion tokens, the tax fee is increased by 7%.
- Between 5 trillion and 10 trillion tokens, the tax fee is increased by 12%.
- Between 10 trillion and 20 trillion tokens, the tax fee is increased by 17%.
- Between 20 trillion and 30 trillion tokens, the tax fee is increased by 22%.
- More than 30 trillion tokens, the tax fee is increased by 27%.
- The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value of tokens (determined by the owner) is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the owner. We recommend that the team locks these newly acquired LP tokens.
- The tokens collected from the burn fee are sent to the team's Marketing wallet.
- The contract prevents a user from selling tokens to Pancakeswap if that user has already done so within the last 10 selling transactions of the token.
- Although the Safemath library is utilized, the contract is deployed with Solidity v0.8.10 which has built-in overflow checks. Safemath could be safely removed to reduce contract size and increase gas savings.
Ownership Controls:- Ownership has not been renounced.
- The owner can modify the tax fee, liquidity fee, and burn fee to any percentages at any time.
- The owner can update the additional tax fee percentages and token thresholds to any values at any time.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner can set and update a maximum wallet amount at any time, which will prevent transfers from occurring if the recipient's token balance will exceed the limit set by the owner after the transaction takes place.
- The owner can enable/disable automatic liquidity adds at any time.
- The owner can update the threshold number of tokens needed to trigger automatic liquidity adds to any value.
- The owner can update the team's Marketing wallet and Pancakeswap Pair to any addresses at any time.
- The owner can update the Pancakeswap Router address at any time.
- The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
- The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
- We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and own a large portion of the total supply.
- Date: December 7th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | The owner can set fee percentages up to 100%. | WARNING |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] getUnlockTime
- [Pub] getTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ DeFiant (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] deliver #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] find_tier #
- [Prv] swapTokens #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] calculateTaxFee
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Pub] isExcludedFromFee
- [Prv] _checkforlastsell #
- [Int] _newEntity #
- [Prv] getEntityCount
- [Pub] getArr
- [Pub] isEntity
- [Prv] remove #
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Pub] setpinksale #
- modifiers: onlyOwner
- [Ext] setFees #
- modifiers: onlyOwner
- [Ext] setNumTokensSellToAddToLiquidity #
- modifiers: onlyOwner
- [Ext] setMarketingAddress #
- modifiers: onlyOwner
- [Ext] setpcsfortiers #
- modifiers: onlyOwner
- [Pub] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Pub] setmaxwallet #
- modifiers: onlyOwner
- [Ext] update_tiers #
- modifiers: onlyOwner
- [Prv] transferToAddressETH #
- [Ext] ($)