DogeDash - Smart Contract Audit Report
DogeDash is a new community-driven DeFi token on the Binance Smart Chain that pays out static rewards to holders.
Notes on the Contract:
- The total supply of the token is set to 100 billion $DogeDash [100,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 32.09% of the total supply is stored in a token locking contract that will incrementally vest to various team wallets.
- 14% of the tokens will be unlocked and vested to the team's marketing address within the next 30 days.
- 10.64% of the tokens will be unlocked and vested to the team's rewards address in 12 days.
- There are four different wallets with a vesting schedule to receive the remaining 7.45% in increments of 30 days over the next 120 days.
9.51% of the total supply has been sent to the Burn address. 3.54% of the total supply is in Pancakeswap liquidity. Of that liquidity, 91.21% of the LP tokens are stored in a token locking contract and will vest to the team on April 8th, 2022. 6.02% of the LP tokens belong to the team's marketing address. There is a distribution fee, burn fee, and marketing fee on all transactions for any "non-excluded" address that participates in a transfer. Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply. The tokens collected from the burn fee are sent to the burn address. The tokens collected from the marketing fee are sent to the team's marketing wallet. The contract utilizes SafeMath libraries along with following the BEP20 standard.
The owner can modify the distribution fee, burn fee, and marketing fee to any percentages at any time. The owner of the contract can exclude and include accounts from transfer fees and reward distribution. The owner can update the team's marketing wallet to any address at any time. The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function. The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures. We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
Audit Findings Summary
- No external threats were identified.
- There are potential risks that exist for holders regarding the team's ability to retain control of the contract.
- We recommend that the team renounces ownership without ever calling the lock() function.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Date: October 23rd, 2021
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + Context - [Int] _msgSender - [Int] _msgData + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + Ownable (Context) - [Int]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Pub] geUnlockTime - [Pub] lock # - modifiers: onlyOwner - [Pub] unlock # + DogeDash (Context, IERC20, Ownable) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Pub] isExcludedFromReward - [Pub] isExcludedFromFee - [Pub] totalRewards - [Prv] tokenFromReflection - [Pub] excludeFromReward # - modifiers: onlyOwner - [Ext] includeInReward # - modifiers: onlyOwner - [Pub] excludeFromFee # - modifiers: onlyOwner - [Pub] includeInFee # - modifiers: onlyOwner - [Ext] setDistributionFeePercent # - modifiers: onlyOwner - [Ext] setBurnFeePercent # - modifiers: onlyOwner - [Ext] setMarketingFeePercent # - modifiers: onlyOwner - [Pub] updateMarketingWallet # - modifiers: onlyOwner - [Ext] ($) - [Prv] _distributionToAllHolder # - [Prv] _getValues - [Prv] _getTValues - [Prv] _getRValues - [Prv] _getRate - [Prv] _getCurrentSupply - [Prv] _takeMarketingAndBurnToken # - [Prv] calculateDistributionFee - [Prv] calculateBurnAndMarketingFee - [Prv] removeAllFee # - [Prv] restoreAllFee # - [Prv] _approve # - [Prv] _transfer # - [Prv] _tokenTransfer # - [Prv] _transferStandard # - [Prv] _transferToExcluded # - [Prv] _transferFromExcluded # - [Prv] _transferBothExcluded #