DeSports - Smart Contract Audit Report

Summary

DeSports ($DeS) is a new community-driven Defi token on the Binance Smart Chain that pays out static rewards to holders.

DeSports's Token contract is deployed at 0xca86A2F8fc5A215c45A596c8bA5bB15D6D208101 on the BSC mainnet.

Notes on the Contract:
The total supply of the token is set to 1 quadrillion $DeS [1,000,000,000,000,000].
No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.

There is a 'Tax Fee' and a 'Liquidity Fee' on all transactions for any address that participates in a transfer. The owner has the ability to modify these fees to any percentage up to 20% at any time. Additionally, the protocol gives the owner the ability to set a different fee structure that applies when holders are selling or buying from Pancakeswap. These "sell" and "buy" fees can be modified by the owner to any percentage up to 20% at any time.
In addition to the fees above, the owner can specify addresses that will be subject to a "Special Fee" structure that is determined by the owner. These fees can also be set to any percentage up to 20% at any time. These fees can vary depending on whether the user is buying, selling, or transferring tokens to another holder. This functionality may also be purposed as a form of a blacklist mechanism where the owner can set fees for certain users to a large amount where users will be unable to participate in transfers.
Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the "tax fee" are removed from the circulating supply.
Each time that a $DeS Holder sells tokens to PancakeSwap, the transaction details are stored in the "SellHistory" array which is used to aggregate sell information over a certain period of time which is later used to determine the average sell amount which is used in calculations for the buyback functionality.
On each transfer that occurs while the minimum threshold (determined by the owner) is met, the protocol will determine an amount of BNB to apply toward buying $DeS tokens that will subsequently be burned. The owner has some control in regarding the amount of BNB that is used during buybacks as they can update the variables that are used when determining the minimum and maximum buyback ranges. The owner has the ability to enable and disable the Buyback functionality at any time.
The liquidity fee that is charged on transactions is used to buy BNB via the "swaptokens" function which will be stored in the contract address. Upon each BNB purchase made by the contract address, a percentage (determined by the owner) will be sent to the 'marketing address'. This percentage of the BNB can be modified by the owner to any value up to 6% at any time.
Although the swap and liquify verbiage exists in the code, there are no "automatic liquidity adds" supported by the protocol; as the buyback mechanism is used instead.

The owner of the contract can exclude and include accounts from fees and reward distribution.
The owner has the ability to update the address associated with the Pancakeswap router to a new address at any time. The owner can also update the ‘Marketing’ wallet at any time.
The owner has the ability to set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction. The owner can also include and exclude accounts from this transaction limit.
This maximum transaction amount does not apply to the owner during transactions where the owner is either the sender or the recipient.
The contract includes a "PrepareForPresale" function that allows the owner to set fees to 0, and set the max transaction amount to 100% of the total token supply. There is also an "afterPresale" function where the fees are restored and the maximum transaction amount is set to 0.3% of the total token supply.
Ownership has not been renounced.
As the project is deployed with Solidity v0.8.4, it is protected from overflows.
Audit Findings Summary
No external threats were identified.
We recommend that the team renounces ownership.
Buyback functionality may be susceptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the buyback system.
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Further, ensure trust in the team as they have control of the contract's BNB balance that is accumulated from fees.
Date: September 13th, 2021
Updated: September 21st, 2021 to reflect the new mainnet deployment, which removed the price impact restrictions.

Audit Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Flash Loans	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Oracles	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Function Graph

ERC20 Token Graph

Inheritence Chart

Multi-file Token

Functions Overview


 ($) = payable function
 # = non-constant function
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] getUnlockTime
    - [Pub] getTime

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  DeSports (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] minimumTokensBeforeSwapAmount
    - [Pub] buyBackSellLimitAmount
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokens #
       - modifiers: lockTheSwap
    - [Prv] buyBackTokens #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] swapETHForTokens #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Pub] excludeFromSwapAndLiquify #
       - modifiers: onlyOwner
    - [Pub] includeInSwapAndLiquify #
       - modifiers: onlyOwner
    - [Prv] _getSellBnBAmount
    - [Prv] _removeOldSellHistories #
    - [Ext] SetBuyBackMaxTimeForHistories #
       - modifiers: onlyOwner
    - [Ext] SetBuyBackDivisor #
       - modifiers: onlyOwner
    - [Pub] GetBuyBackTimeInterval
    - [Ext] SetBuyBackTimeInterval #
       - modifiers: onlyOwner
    - [Ext] SetBuyBackRangeRate #
       - modifiers: onlyOwner
    - [Pub] GetSwapMinutes
    - [Ext] SetSwapMinutes #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Ext] setBuyFee #
       - modifiers: onlyOwner
    - [Ext] setSellFee #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setBuyBackSellLimit #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Ext] setMarketingDivisor #
       - modifiers: onlyOwner
    - [Ext] setNumTokensSellToAddToBuyBack #
       - modifiers: onlyOwner
    - [Ext] setMarketingAddress #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] setBuyBackEnabled #
       - modifiers: onlyOwner
    - [Pub] setAutoBuyBackEnabled #
       - modifiers: onlyOwner
    - [Ext] prepareForPreSale #
       - modifiers: onlyOwner
    - [Ext] afterPreSale #
       - modifiers: onlyOwner
    - [Prv] transferToAddressETH #
    - [Pub] changeRouterVersion #
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Ext] setAddressFee #
       - modifiers: onlyOwner
    - [Ext] setBuyAddressFee #
       - modifiers: onlyOwner
    - [Ext] setSellAddressFee #
       - modifiers: onlyOwner

Go Home