DecentraLotto - Smart Contract Audit Report
Summary
DecentraLotto ($DELO) is building a platform that features a new token with static rewards for holders, lottery system, and a staking platform in which users can participate and earn extra rewards.
Notes on Individual Contracts:
Decentra-Lotto Token contract:DELOStake contract:
- The total supply of the token is initially set to 82 billion $DELO.
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- As the $DELO token has not been deployed to the mainnet, our team did not have a token allocation to review.
- There is a 'Tax fee', 'Burn fee', 'Marketing fee', and 'Lotto fee' on all transfers (except for specific addresses that have been excluded by the owner). The owner has the ability to modify all fees to any percentage at any time. However, the Marketing fee must be less than 5%.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
- The tokens that are taxed for the Burn fee are instantly burned at the time of the transaction.
- The tokens that are taxed for the Marketing fee during transfers are stored in the contract. Once the threshold value of $DELO tokens (determined by the owner) is met, the contract will swap tokens from its balance for BNB. The BNB receive from this swap will be divided by the Marketing fee, and the quotient is sent to the team's "Marketing Wallet". The swapping functionality can be enabled/disabled by the owner at any time, and the threshold is currently set to 1 token upon deployment.
- The tokens that are taxed for the Lotto fee are sent to the "lotto address" at the time of the transaction.
- The contract utilizes SafeMath libraries along with following the BEP20 standard.
- The owner is able to withdraw any BNB that is stored in the contract address.
- The owner is able to exclude and include accounts from transfer fees and reward distribution.
- The owner is able to set and update a maximum transaction percent at any time, which will impose a limit on the number of tokens that can be transferred during any given transaction.
- The owner is able to use BNB that is stored in the contract address to buy $DELO tokens that will be sent directly to the burn address.
- The owner is able to update the Marketing Wallet, Lotto Wallet, and Pancakeswap Router address at any time.
- The owner is able to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
DecentraLottoDraw contract:
- Any wallet address is able to stake DELO tokens into the contract to earn rewards.
- Those who have staked DELO tokens can unstake at any time.
- There is a fee taken on deposits and withdrawals, which is distributed as rewards among the stakers in the platform.
- Anyone can deposit DELO tokens into the rewards pool at any time.
- Anyone can claim rewards at any time, as long as there are rewards available to distribute.
- The owner is able to set the DELO token address to any address at any time.
- The owner is able to set the staking/unstaking fees to any value at any time, as long as it is not more than 10%.
Audit Findings Summary:
- Anyone can buy tickets in BNB or any other token that is accepted by the platform while the current draw is in "Open" status and the draw deadline has not elapsed; discounts may be present for buying tickets in bulk.
- Any excess BNB is returned back to the purchaser.
- Tickets can also be purchased on behalf of others.
- The project team must exercise caution when adding accepted tokens to avoid ERC777-compliant tokens.
- As the platform intends to only add stable coins as appropriate tokens for purchase, when purchasing with stable coins, the price is calculated assuming 1 token = 1 USD.
- The contract uses UniswapV2 to get current pricing for BNB.
- Payments in accepted tokens are immediately swapped for BNB.
- The received BNB is swapped for DELO tokens and allocated to several funds (Liquidity, Marketing, Hedge, MegaDraw, Staking); any of these funds may be disabled and excluded from allocation at any time.
- When liquidity-adds are enabled, half of the tokens allocated towards the Liquidity fund are swapped back for BNB, paired with the remaining part of the tokens, and added as liquidity to the DELO-BNB pair.
- When the Marketing fund is enabled, the tokens allocated towards the Marketing fund are transferred to the marketing wallet address controlled by the team; note that at maximum 20% of the tokens can be allocated towards the Marketing fund.
- When the Hedge fund is enabled, the tokens allocated towards the Hedge fund are transferred to the recipient of the tickets.
- When the MegaDraw fund is enabled, the tokens allocated towards the MegaDraw fund are transferred to the MegaDraw wallet controlled by the team; note that there is no cap on the amount of tokens that can be sent to this wallet.
- When the Staking fund is enabled, the tokens allocated towards the Staking fund are delivered to the DELO Staking contract as rewards to be distributed among stakers.
- When the draw deadline has elapsed (initially set to 1 week), anyone is able to end the draw.
- Chainlink is used to generate random data securely from off-chain to select lottery winners. This is the industry standard and is resistant to manipulation.
- The contract balance must have enough LINK tokens in order to fulfill the randomness request; otherwise, no lottery winners will be able to be picked.
- Winners are chosen one-by-one and will receive half of the pot (the contract's DELO balance) each time a winner is selected. Winners are selected until the pot hits a minimum value, or until the maximum amount of winners determined by the project team has been reached.
- Once the distribution is complete, the next draw begins.
- The owner is able to set the maximum amount of winners to any value at any time.
- The owner is able to set the MegaDraw and Marketing wallet address to any address at any time.
- The owner is able to set the DELO staking address to any address at any time.
- The owner is able to set the BUSD and the WETH address to any address at any time.
- The owner is able to set the ticket price to any value at any time.
- The owner is able to set the discount rates for buying tickets in bulk to any value at any time.
- The owner is able to enable/disable and set the allocations amounts for the various funds (Liquidity, Marketing, Hedge, MegaDraw, Staking) at any time.
- The owner is able to remove any address as an accepted payment token at any time.
- The owner is able to withdraw all the BNB from the contract at any time.
- The owner is able to withdraw any token, except for DELO token, from the contract at any time.
- The owner is able to set the draw length to any value at any time.
- The owner is able to change the draw deadline of the current draw to any value at any time.
- As the Liquidity-add functionality buys back DELO tokens with BNB, it may be susceptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the liquidity-add system.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Date: September 27nd, 2021
- Updated: October 2nd, 2021 to reflect the latest GitHub Commit
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
DecentraLotto Token Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] geUnlockTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ DecentraLottoToken (Context, IERC20, Ownable)
- [Pub] #
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Pub] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] increaseAllowance #
- [Ext] decreaseAllowance #
- [Ext] isExcludedFromReward
- [Ext] totalFees
- [Ext] reflectionFromToken
- [Pub] tokenFromReflection
- [Ext] setRouterAddress #
- modifiers: onlyOwner
- [Ext] withdrawEth #
- modifiers: onlyOwner
- [Ext] buybackBurn #
- modifiers: onlyOwner
- [Ext] setLottoWallet #
- modifiers: onlyOwner
- [Ext] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] _transferBothExcluded #
- [Ext] excludeFromFee #
- modifiers: onlyOwner
- [Ext] includeInFee #
- modifiers: onlyOwner
- [Ext] setTaxFeePercent #
- modifiers: onlyOwner
- [Ext] setBurnFeePercent #
- modifiers: onlyOwner
- [Ext] setLottoFeePercent #
- modifiers: onlyOwner
- [Ext] setMarketingFeePercent #
- modifiers: onlyOwner
- [Ext] setMarketingAddress #
- modifiers: onlyOwner
- [Ext] setMaxTxPercent #
- modifiers: onlyOwner
- [Ext] setNumTokensSellToAddToMarketing #
- modifiers: onlyOwner
- [Ext] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Ext] ($)
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeMarketing #
- [Prv] _takeLotto #
- [Prv] calculateTaxFee
- [Prv] calculateLottoFee
- [Prv] calculateBurnFee
- [Prv] calculateMarketingFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Ext] isExcludedFromFee
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] swapTokens #
- modifiers: lockTheSwap
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] swapEthForTokens #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] transferToAddressETH # DELO Stake Contract
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
- [Int] ceil
+ Owned
- [Pub] #
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] transfer #
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] burnTokens #
+ DELOStake (Owned)
- [Pub] isContract
- [Ext] STAKE #
- [Ext] addDELO #
- modifiers: onlyOwner
- [Ext] addStakingfee #
- modifiers: onlyOwner
- [Ext] addUnStakingfee #
- modifiers: onlyOwner
- [Ext] ADDFUNDS #
- [Prv] _addPayout #
- [Ext] CLAIMREWARD #
- [Prv] pendingReward #
- [Ext] getPendingReward
- [Ext] WITHDRAW #
- [Prv] onePercent
- [Ext] yourStakedDELO
- [Ext] yourDELOBalance DecentraLotto Draw Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] decimals
- [Ext] symbol
- [Ext] deposit ($)
- [Ext] withdraw #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] geUnlockTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] DecentraLotto
- [Ext] CHARITY_WALLET
- [Ext] _burnFee
- [Ext] _charityFee
- [Ext] _liquidityFee
- [Ext] _maxTxAmount
- [Ext] _previousCharityFee
- [Ext] _tBurnTotal
- [Ext] _taxFee
- [Ext] allowance
- [Ext] approve #
- [Ext] balanceOf
- [Ext] buybackBurn #
- [Ext] decimals
- [Ext] decreaseAllowance #
- [Ext] excludeFromFee #
- [Ext] excludeFromReward #
- [Ext] geUnlockTime
- [Ext] includeInFee #
- [Ext] includeInReward #
- [Ext] increaseAllowance #
- [Ext] isExcludedFromFee
- [Ext] isExcludedFromReward
- [Ext] lock #
- [Ext] name
- [Ext] owner
- [Ext] reflectionFromToken
- [Ext] renounceOwnership #
- [Ext] setCharityFeePercent #
- [Ext] setCharityWallet #
- [Ext] setLiquidityFeePercent #
- [Ext] setMaxTxPercent #
- [Ext] setRouterAddress #
- [Ext] setSwapAndLiquifyEnabled #
- [Ext] setTaxFeePercent #
- [Ext] swapAndLiquifyEnabled
- [Ext] symbol
- [Ext] tokenFromReflection
- [Ext] totalDonated
- [Ext] totalFees
- [Ext] totalSupply
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] transferOwnership #
- [Ext] uniswapV2Pair
- [Ext] uniswapV2Router
- [Ext] unlock #
- [Ext] withdrawEth #
+ [Int] DELOStaking
- [Ext] ADDFUNDS #
+ RandomNumberConsumer (VRFConsumerBase)
- [Pub] #
- modifiers: VRFConsumerBase
- [Int] getRandomNumber #
+ DrawInterface
+ DecentraLottoDraw (Context, Ownable, RandomNumberConsumer, DrawInterface)
- [Pub] #
- modifiers: RandomNumberConsumer
- [Prv] _changeState #
- [Ext] setMaxWinners #
- modifiers: onlyOwner
- [Ext] setMarketingWallet #
- modifiers: onlyOwner
- [Ext] setMegadrawWallet #
- modifiers: onlyOwner
- [Ext] setDeloStakingAddress #
- modifiers: onlyOwner
- [Ext] setPegAddress #
- modifiers: onlyOwner
- [Ext] setWETHAddress #
- modifiers: onlyOwner
- [Ext] setRouterAddress #
- modifiers: onlyOwner
- [Ext] setTicketPrice #
- modifiers: onlyOwner
- [Ext] setDiscounts #
- modifiers: onlyOwner
- [Ext] setLiquidityDivisor #
- modifiers: onlyOwner
- [Ext] setMarketingDivisor #
- modifiers: onlyOwner
- [Ext] setHedgeDivisor #
- modifiers: onlyOwner
- [Ext] setStakingDivisor #
- modifiers: onlyOwner
- [Ext] setMegadrawDivisor #
- modifiers: onlyOwner
- [Ext] toggleTakeLiquidity #
- modifiers: onlyOwner
- [Ext] toggleTakeMarketing #
- modifiers: onlyOwner
- [Ext] toggleTakeHedge #
- modifiers: onlyOwner
- [Ext] toggleTakeStaking #
- modifiers: onlyOwner
- [Ext] toggleTakeMegadraw #
- modifiers: onlyOwner
- [Ext] removeStablePayment #
- modifiers: onlyOwner
- [Ext] withdrawBNB #
- modifiers: onlyOwner
- [Ext] withdrawToken #
- modifiers: onlyOwner
- [Ext] setDrawLength #
- modifiers: onlyOwner
- [Ext] updateLengthOfCurrentDraw #
- modifiers: onlyOwner
- [Ext] getWalletWinAmountForDraw
- [Ext] getDrawStats
- [Ext] getDrawStats
- [Ext] getDrawWalletStats
- [Ext] getDrawWalletStats
- [Ext] getCurrentPot
- [Prv] createNextDraw #
- [Pub] getNumberWinners
- [Pub] drawWinners #
- modifiers: isState
- [Int] winnersRemoveAt #
- [Int] fulfillRandomness #
- [Ext] endDrawAndGetRandom #
- modifiers: isState
- [Pub] getPriceForTickets
- [Ext] getDELOValueInPeg
- [Ext] getDELOValueInBNB
- [Ext] getBNBValueInDelo
- [Ext] getPEGValueInDelo
- [Pub] getTicketCostInDelo
- [Ext] buyTicketsBNB ($)
- modifiers: isState
- [Ext] buyTicketsStable #
- modifiers: isState
- [Prv] assignTickets #
- modifiers: isState
- [Prv] processTransaction #
- [Ext] ($)
- [Prv] swapTokensForEth #
- [Prv] swapTokensWithFeeForEth #
- [Prv] swapEthForDelo #
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] addLiquidity #