DogeX Token - Smart Contract Audit Report

Summary

DogeX Audit Report DogeX ($DogeX) is a new community-driven token on the Binance Smart Chain that pays out static token rewards to holders, implements a buyback mechanism, and includes functionality to control the token's financial ecosystem to prevent dips below a certain threshold that is updated daily.

For this audit, we reviewed the project's contract which has been deployed at 0x1F6819D87bD6e10cae34883175232EE9774e00b2 on the BSC mainnet. We also reviewed the team's buyback.py Python script, as well as the higherlow.py script from their private Github.

Notes on the Contract:
  • The total supply of the token is initially set to one quadrillion $DogeX [1,000,000,000,000,000].
  • No minting or burn functions are present; however, holders can send tokens to the 0x...Dead address if desired. If the owner does not exclude the dead address after deploying, it will participate in the reward distribution (as a regular holder) and increase proportionally to the rewards it receives. This is often used as a deflationary mechanism.

  • There is a "Reflection", "Buyback", and "Marketing" fee on all transactions for any address that participates in a transfer (given that the transferring address is not excluded from fees). A separate fee structure can be set by the team to apply different fee amounts depending on whether the holder is buying or selling during the transfer.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the "Reflection Fee" are removed from the circulating supply.
  • The "Buyback Fee" and "Marketing Fee" that is charged during transfers is stored in the contract and automatically swapped to buy BNB from PancakeSwap. The newly received BNB balance is then distributed between the Buyback Wallet, Marketing Wallet, and Maintenance Wallet according to the allocation that has been set by the team.
  • The contract features a "Higher Low" mechanism which occurs on a daily basis at a random time between 8pm and 11pm EST. During this time, a new 'Price Floor' is established. The Price Floor prevents holders from selling their tokens below a certain price.
  • The contract features a "Randomized Buyback" which conducts buybacks at a random interval of time (either 1, 2, 3, 4, or 5 minutes) whenever the $DogeX price reaches the Price Floor by using BNB that was accumulated from fees to buy tokens.
  • The contract features a "Golden Hour" which allows holders to buy tokens without being charged taxes/fees for one hour.
  • The contract features a "Dip Day" mechanism which occurs every 7 days where the contract makes a "Fuel Stop" and the price floor is ignored (limited to a specified percentage below the previous floor, which is determined by the owner).
  • The contract includes logic that automatically identifies addresses as bots if a purchase is made during the initial blocks that trading is opened (determined by the owner).
  • The contract has a built in limit to the 'price impact' that can be caused as a result of a sell.
  • The contract utilizes SafeMath libraries along with following the ERC20 standard.
  • We worked with the DogeX Team to ensure the contract has optimal gas efficiency.
  • As the project is deployed with Solidity v0.8.4, it is protected from overflows.

  • Ownership Controls:
  • The owner of the contract has the ability to modify the "Marketing", "Buyback", and "Reflection" fees to any amount at any time, as long as the sum of the fees are less than 50 (representing the percent value that is charged during transactions).
  • The owner can exclude and include accounts from transfer fees.
  • The owner has the ability to update the "Tax Free Blocks" which determines the duration of time that taxes are disabled for buying during "Golden Hour".
  • The owner has the ability to update the "Dip Day" which determines the duration of time that must pass in before a new "Fuel Stop". During the fuel stop, the price floor is ignored (by up to a certain percentage determined by the team).
  • The owner has the ability to add and remove addresses from the 'bots' array at any time. Addresses that have been identified as bots are unable to sell their tokens.
  • The owner has the ability to enable and disable the randomized price floor ("Higher Low") at any time. Addresses that have been identified as bots are unable to sell their tokens.
  • The owner has the ability to enable and disable the reliance of their price oracle at any time. If the price oracle is not enabled, the BNB price is defaulted to a value that is determined by the owner and can be updated at any time. The team has disclosed that the manual value was added so that it can be used in the event that the price oracle crashes.
  • The owner has the ability to update the address associated with the Oracle Price Feed at any time.
  • The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during transactions.
  • The owner can modify the price impact to a new percent at any time (as long as the value is greater than zero, as to avoid limiting selling entirely).
  • The owner can modify the percentage of the BNB allocation that is sent to the Marketing Wallet and Buyback wallet during buybacks.
  • At any time, the operator of the 'Marketing Wallet' can manually swap tokens and transfer BNB out of the contract balance at any time; which will subsequently be distributed to the Buyback Wallet, Marketing Wallet, and Maintenance Wallet according to the allocation percentage that has been set.
  • As the contract has not been deployed, ownership has not been renounced.
Audit Findings Summary
  • No external threats were identified during our analysis of the token contract.
  • No issues were identified within either of the Python scripts that our team reviewed.
  • We recommend the team renounces ownership after a successful launch.
  • Ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Further, ensure trust in the team prior to investing as they have control of the BNB collected from the Marketing and Maintenance Fees.
  • Date: August 31st, 2021
  • Updated: September 6th, 2021 to reflect the updated contract and mainnet deployment address.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 + [Int] AggregatorV3Interface 
    - [Ext] decimals
    - [Ext] description
    - [Ext] version
    - [Ext] getRoundData
    - [Ext] latestRoundData

 +  Context 
    - [Int] _msgSender

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] createPair #

 + [Int] IUniswapV2Router02 
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidityETH ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 +  IERC20Extented (IERC20)
    - [Ext] decimals
    - [Ext] name
    - [Ext] symbol

 +  DOGEX (Context, IERC20, IERC20Extented, Ownable)
    - [Pub]  #
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Pub] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #
    - [Prv] tokenFromReflection
    - [Prv] removeAllFee #
    - [Prv] setBotFee #
    - [Prv] restoreAllFee #
    - [Prv] _approve #
    - [Ext] getLatestPrice
    - [Ext] getTokenPrice
    - [Ext] getPreviousClose
    - [Prv] _transfer #
    - [Int] updatePreviousDay #
    - [Int] updatePreviousClose #
    - [Int] updatePreviousPrice #
    - [Prv] swapTokensForEth #
       - modifiers: lockTheSwap
    - [Prv] sendETHToFee #
    - [Prv] openTrading #
    - [Ext] manualswap #
    - [Ext] manualsend #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandardBuy #
    - [Prv] _transferStandardSell #
    - [Prv] _reflectFee #
    - [Prv] _takeBuyback #
    - [Prv] _takeMarketing #
    - [Ext]  ($)
    - [Prv] _getValuesSell
    - [Prv] _getTValuesSell
    - [Prv] _getRValuesSell
    - [Prv] _getValuesBuy
    - [Prv] _getTValuesBuy
    - [Prv] _getRValuesBuy
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Ext] includeInFee #
       - modifiers: onlyOwner
    - [Ext] removeBot #
       - modifiers: onlyOwner
    - [Ext] addBot #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Ext] setPercents #
       - modifiers: onlyOwner
    - [Ext] setTaxes #
       - modifiers: onlyOwner
    - [Ext] setPriceImpact #
       - modifiers: onlyOwner
    - [Ext] setDipDay #
       - modifiers: onlyOwner
    - [Ext] setManualETHvalue #
       - modifiers: onlyOwner
    - [Prv] initializePriceandClose #
    - [Ext] updateOraclePriceFeed #
       - modifiers: onlyOwner
    - [Ext] setBlockWindow #
       - modifiers: onlyOwner
    - [Ext] setAllowableDip #
       - modifiers: onlyOwner
    - [Ext] setPresaleRouterAndAddress #
       - modifiers: onlyOwner
    - [Ext] endPresale #
       - modifiers: onlyOwner
    - [Ext] enablePriceOracle #
       - modifiers: onlyOwner
    - [Ext] disablePriceOracle #
       - modifiers: onlyOwner
    - [Ext] disableRandomizedFloor #
       - modifiers: onlyOwner
    - [Ext] enableRandomizedFloor #
       - modifiers: onlyOwner
    - [Ext] setFloor #
       - modifiers: onlyOwner
    - [Ext] updateTaxFreeBlocks #
       - modifiers: onlyOwner
    - [Ext] updatePairSwapped #
       - modifiers: onlyOwner