Devolution Token - Smart Contract Audit Report
Devolution ($DEVO) is a new community-driven DeFi token that provides automatic liquidity adds.
Notes on the Contract:
Audit Findings Summary
- The total supply of the token is set to 1 billion $DEVO [1,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing the report, 84.58% of the total supply is stored in a token locking contract behind a proxy.
- 9.06% of the total supply is stored in an unverified contract.
- 5% of the total supply is stored in a GnosisSafeProxy contract.
- The owner must manually enable trading in order for any trading to take place on the platform. Only accounts that are excluded from fees can trade when trading is set to disabled. Once trading is enabled, it can never be disabled.
- There is a liquidity, buyback, operations, inGame, team, and burn fee on all transactions for any non-excluded address that participates in a transfer with Uniswap. A separate fee structure can be set by the team to apply different fee amounts depending on whether the user is buying or selling during the transfer.
- The liquidity, buyback, operations, and team fees charged during transfers with Uniswap are stored in the contract address balance. Once a threshold value (determined by the owner) is met, the tokens are swapped for ETH and sent back to the contract address.
- A percentage of the ETH is then split between the team's Marketing wallet, Team wallet, and Buyback wallet based on the fee allocation (set by the owner) of the contract.
- The remaining ETH is used to automatically provide liquidity. Liquidity-adds are automatically done by selling the tokens collected as liquidity fees, pairing the received ETH with the token, and adding it as liquidity to the pair.
- The LP tokens received through this process are sent to the Liquidity Wallet set by the team. The stability of the liquidity pool can be at risk if these LP tokens are not locked.
- The tokens collected from the burn fee are sent to the Burn address.
- The tokens collected from the inGame fee are sent to the team's inGameWallet.
- As the project is deployed with Solidity v0.8.x, it is protected from overflows.
- The owner can modify the liquidity, buyback, operations, inGame, team, and burn fee to any percentages as long as the combined total fee percentage is 20% or less. This applies to both the buy and sell fee structures.
- The owner can exclude any address from fees at any time.
- The owner can utilize the buyBackTokens() function to swap any amount of ETH in the contract for $DEVO tokens and subsequently send those tokens to the burn address.
- The owner can withdraw any ERC20 tokens erroneously sent to the contract before trading is enabled.
- The owner can enable/disable the utilization of a maximum transaction amount when buying from or selling to Uniswap.
- The owner can update the maximum transaction amount to any value up to 5,000,000 tokens (0.5% of the total supply), and can exclude accounts from this maximum transaction amount even if the feature is enabled.
- The owner can enable/disable automatic liquidity adds at any time.
- The owner can update the threshold value of tokens needed to perform automatic liquidity adds to any value between 10,000 and 5,000,000 tokens (0.001% and 0.5% of the total supply).
- The owner can update the UniswapV2Router and Automated Market Maker Pair contract addresses at any time.
- The owner can update the Marketing wallet and Liquidity wallet to any addresses at any time.
- No external threats were identified.
- Please ensure trust in the team as they have some control in the ecosystem.
- Date: November 2nd, 2021
- Updated: November 11th, 2021 to reflect the tokens mainnet address.
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + Context - [Int] _msgSender - [Int] _msgData + [Int] IUniswapV2Pair - [Ext] name - [Ext] symbol - [Ext] decimals - [Ext] totalSupply - [Ext] balanceOf - [Ext] allowance - [Ext] approve # - [Ext] transfer # - [Ext] transferFrom # - [Ext] DOMAIN_SEPARATOR - [Ext] PERMIT_TYPEHASH - [Ext] nonces - [Ext] permit # - [Ext] MINIMUM_LIQUIDITY - [Ext] factory - [Ext] token0 - [Ext] token1 - [Ext] getReserves - [Ext] price0CumulativeLast - [Ext] price1CumulativeLast - [Ext] kLast - [Ext] mint # - [Ext] burn # - [Ext] swap # - [Ext] skim # - [Ext] sync # - [Ext] initialize # + [Int] IUniswapV2Factory - [Ext] feeTo - [Ext] feeToSetter - [Ext] getPair - [Ext] allPairs - [Ext] allPairsLength - [Ext] createPair # - [Ext] setFeeTo # - [Ext] setFeeToSetter # + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Int] IERC20Metadata (IERC20) - [Ext] name - [Ext] symbol - [Ext] decimals + ERC20 (Context, IERC20, IERC20Metadata) - [Pub]
# - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _beforeTokenTransfer # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + Ownable (Context) - [Pub] # - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner + [Lib] SafeMathInt - [Int] mul - [Int] div - [Int] sub - [Int] add - [Int] abs - [Int] toUint256Safe + [Lib] SafeMathUint - [Int] toInt256Safe + [Int] IUniswapV2Router01 - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] removeLiquidity # - [Ext] removeLiquidityETH # - [Ext] removeLiquidityWithPermit # - [Ext] removeLiquidityETHWithPermit # - [Ext] swapExactTokensForTokens # - [Ext] swapTokensForExactTokens # - [Ext] swapExactETHForTokens ($) - [Ext] swapTokensForExactETH # - [Ext] swapExactTokensForETH # - [Ext] swapETHForExactTokens ($) - [Ext] quote - [Ext] getAmountOut - [Ext] getAmountIn - [Ext] getAmountsOut - [Ext] getAmountsIn + [Int] IUniswapV2Router02 (IUniswapV2Router01) - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens # - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens # - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + DeVolution (ERC20, Ownable) - [Pub] ($) - modifiers: ERC20 - [Ext] ($) - [Pub] enableTrading # - modifiers: onlyOwner - [Ext] removeLimits # - modifiers: onlyOwner - [Ext] updateSwapTokensAtAmount # - modifiers: onlyOwner - [Ext] updateMaxAmount # - modifiers: onlyOwner - [Ext] updateBuyFees # - modifiers: onlyOwner - [Ext] updateSellFees # - modifiers: onlyOwner - [Pub] excludeFromMaxTransaction # - modifiers: onlyOwner - [Ext] updateSwapEnabled # - modifiers: onlyOwner - [Pub] excludeFromFees # - modifiers: onlyOwner - [Pub] setAutomatedMarketMakerPair # - modifiers: onlyOwner - [Prv] _setAutomatedMarketMakerPair # - [Ext] updateMarketingWallet # - modifiers: onlyOwner - [Ext] updateLiquidityWallet # - modifiers: onlyOwner - [Pub] isExcludedFromFees - [Int] _transfer # - [Prv] swapTokensForEth # - [Prv] addLiquidity # - [Pub] setRouterVersion # - modifiers: onlyOwner - [Prv] swapBack # - [Ext] buyBackTokens # - modifiers: onlyOwner - [Ext] withdrawStuckETH # - modifiers: onlyOwner