DO TOKEN - Smart Contract Audit Report
Summary
DO TOKEN ($DO) is a new BEP-20 token on the Binance Smart Chain with automatic liquidity adds and a buyback system for burning supply that pays out dividends to holders in BUSD.
Notes on the Contract:Ownership Controls:
- The total supply of the token is set to 2 trillion $DO [2,000,000,000,000].
- No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, there are 123 total token holders. The token allocation is as follows:
- 95.64% of the total supply belongs to the owner.
- 2.76% of the total supply is split between 8 unverified contracts.
- The next five holders own a cumulative 0.0891% of the total supply.
- There is a tax fee charged on all transfers via Pancakeswap that gets stored in the contract balance; fees can be increased during a sell to PancakeSwap up to a value proportional to the time left in the buyback multiplier period (if any).
- Once the threshold number of tokens (determined by the team) in the contract balance is met, the tokens are swapped for BNB for the purpose of funding Pancakeswap liquidity, dividend rewards, and wallets controlled by the team.
- Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The newly created LP tokens are sent to the team's Liquidity wallet. We recommend that the team locks these newly acquired LP tokens.
- The tokens collected from the Reflection fee are swapped for BNB and are used to fund dividend rewards for all eligible users.
- The tokens collected from the Marketing fee, Dev fee, and Charity Fee are swapped for BNB and are allocated to the team's Marketing wallet, Dev wallet, and Charity wallet respectively.
- If the amount of BNB in the contract reaches the autobuyback threshold number of tokens (determined by the team), and the number of blocks (also determined by the team) has passed since this functionality has last occurred, the BNB will be swapped for $DO tokens and sent to the burn address.
- Any user that holds any amount of $DO tokens are eligible to claim dividends once the amount of dividends they are due reaches a minimum threshold value determined by the team.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait time between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
Audit Findings Summary
- The owner can assign multiple addresses to an 'Authorized' role. The assigned addresses have access to specific functions in the contract.
- Authorized addresses can set the total fees when selling to Pancakeswap up to 25%, and total fees when buying from Pancakeswap up to 100%.
- Authorized addresses can set the percentage of the fees allocated to any fund (Liquidity, Marketing, Buyback, Dividends, Dev, and Charity) at any time.
- Authorized addresses can exclude any address from transfer fees and dividends at any time.
- Authorized addresses can update the minimum number of rewards needed that determines when a user can claim their dividends.
- Authorized addresses can set a maximum transaction limit, which is enforced on all transfers, to any value greater than 2 billion tokens. Authorized addresses can also exclude accounts from this maximum transaction limit.
- Authorized addresses can automatically trigger a buyback at any time.
- Authorized addresses can set or disable the buyback fee multiplier at any time.
- Authorized addresses can disable the autobuyback system and set the threshold BNB value to trigger a buyback.
- Authorized addresses can disable the automatic liquidity adds at any time and set any threshold value related to it.
- Authorized addresses can update the team's Liquidity wallet, Marketing wallet, Charity wallet, and Dev wallet to any addresses at any time.
- Authorized addresses can update the maximum amount of gas used for processing to a value up to 750,000 at any time.
- Authorized addresses can update the amount of time a user must wait between claiming dividends to any value at any time.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and currently own a large portion of the total supply.
- Date: January 16th, 2022
- Updated: February 14th, 2022 to reflect the contract's newly deployed mainnet address.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | The team can set total fees when selling to Pancakeswap up to 25%, and total fees when buying from Pancakeswap up to 100%. | WARNING |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Auth
- [Pub] #
- [Pub] authorize #
- modifiers: onlyOwner
- [Pub] unauthorize #
- modifiers: onlyOwner
- [Pub] isOwner
- [Pub] isAuthorized
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IDEXFactory
- [Ext] createPair #
+ [Int] IDEXRouter
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IDividendDistributor
- [Ext] setDistributionCriteria #
- [Ext] setShare #
- [Ext] deposit ($)
- [Ext] process #
+ DividendDistributor (IDividendDistributor)
- [Pub] #
- [Ext] setDistributionCriteria #
- modifiers: onlyToken
- [Ext] setShare #
- modifiers: onlyToken
- [Ext] deposit ($)
- modifiers: onlyToken
- [Ext] process #
- modifiers: onlyToken
- [Int] shouldDistribute
- [Int] distributeDividend #
- [Ext] claimDividend #
- [Pub] getUnpaidEarnings
- [Int] getCumulativeDividends
- [Int] addShareholder #
- [Int] removeShareholder #
+ DoToken (IBEP20, Auth)
- [Pub] #
- modifiers: Auth
- [Ext] ($)
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Pub] balanceOf
- [Ext] allowance
- [Pub] approve #
- [Ext] approveMax #
- [Ext] transfer #
- [Ext] transferFrom #
- [Int] _transferFrom #
- [Int] _basicTransfer #
- [Int] checkTxLimit
- [Int] shouldTakeFee
- [Pub] getTotalFee
- [Pub] getMultipliedFee
- [Int] takeFee #
- [Int] shouldSwapBack
- [Int] swapBack #
- modifiers: swapping
- [Int] shouldAutoBuyback
- [Ext] triggerZeusBuyback #
- modifiers: authorized
- [Ext] clearBuybackMultiplier #
- modifiers: authorized
- [Int] triggerAutoBuyback #
- [Int] buyTokens #
- modifiers: swapping
- [Ext] setAutoBuybackSettings #
- modifiers: authorized
- [Ext] setBuybackMultiplierSettings #
- modifiers: authorized
- [Int] launched
- [Pub] launch #
- modifiers: authorized
- [Ext] setTxLimit #
- modifiers: authorized
- [Ext] setIsDividendExempt #
- modifiers: authorized
- [Ext] setIsFeeExempt #
- modifiers: authorized
- [Ext] setIsTxLimitExempt #
- modifiers: authorized
- [Ext] setFees #
- modifiers: authorized
- [Ext] setFeeReceivers #
- modifiers: authorized
- [Ext] setSwapBackSettings #
- modifiers: authorized
- [Ext] setTargetLiquidity #
- modifiers: authorized
- [Ext] setDistributionCriteria #
- modifiers: authorized
- [Ext] setDistributorSettings #
- modifiers: authorized
- [Pub] getCirculatingSupply
- [Pub] getLiquidityBacking
- [Pub] isOverLiquified