| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | Decisions are made based on block-related environment variables which can be manipulated by a malicious miner. This is extremely unlikely to occur. | WARNING |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Ecto Token - Audit Report
Summary
Ectoplasm Token ($ECTO) is a new token on the Binance Smart Chain that is intended to be used to support the "LittleGhosts" ecosystem. The ECTO token provides automatic liquidity adds, funds the 'marketing' and 'team' wallets, and pays holders of the token in the form of BNB dividends.
Overview of the Contract:Audit Findings Summary
- The initial total supply of the token upon deployment is set to one trillion [1,000,000,000,000] $ECTO.
- No minting or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- As the token has not been deployed, there is not a token allocation for our team to comment on as part of this audit.
- There is a "Marketing Fee", "Liquidity Fee", "TokenOne Dividend Fee", and "TokenTwo Dividend Fee" on all transfers (given that the transferring address is not excluded from fees). The owner has the ability to set each fee percentage to any amount less than or equal 6% at any time (Maximum total fees can be 24%).
- The owner has the ability to end the 'presale' phase of the contract which will set the default percentage for the fees. The marketing fee is set to 7%, the liquidity fee is 0, and the dividend fees are set to 4% each; total fees will equal 15%.
- The contract includes the option for the owner to enable a "buy discount". When enabled by the owner, users will by taxed half of the total fees during token purchases from pancakeswap.
- The fees charged on transactions are stored in the contract and, once a threshold value of ECTO (determined by the owner) is met, the tokens collected from fees are distributed proportionally for the purpose of the various fee related mechanisms.
- When the 'marketing' is enabled by the owner, the 'Marketing Fee' tokens are swapped for BNB. 66% of the BNB is sent to the "team" wallet and 34% of the BNB is sent to the "marketing" wallet; both wallets are controlled by the team.
- When 'buyback and liquify' is enabled by the owner, a psuedo-random number is generated to determine whether the transaction should proceed with either a buyback, or a liquidity add. If it is a buyback, then a psuedo-random percentage of the BNB in the contract balance will be used to buy ECTO tokens which are immediately transferred to the 'marketing wallet'. We recommend that the team monitors this mechanism for suspicious activity as it might be susceptible to front-running (under certain rare conditions). We also advise the team to set a limit BNB value that can be applied during a buyback.
- If a liquidity add is selected, then liquidity is automatically added by selling half of the tokens collected as liquidity fees, pairing the received BNB with the token, and adding it as liquidity to the Pancakeswap pair.
- The "marketing wallet" will receive the LP tokens that are created through this process. We recommend that the team implements a system to lock these LP tokens as soon as they are acquired.
- When a 'dividend tracker' is enabled by the owner, the portion of tokens collected from the 'TokenOne and/or TokenTwo Dividend' fees are swapped for BNB that is applied toward funding the BNB dividend rewards for those who are eligible.
- A user must hold 10,000,000 (10 million) ECTO tokens to be eligible for dividends. The owner can update this requirement value to any amount at any time.
- Once dividends are distributed, they will need to be claimed.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- A user can manually claim dividends as an individual.
- There is a wait-time of 1800 seconds (30 minutes) between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- There are multiple instances where multiplication is applied to the result of a division during several calculations within the contract. In Solidity, division can lead to integer truncation, so dividing and subsequently multiplying can cause your results to lose precision, thus becoming less accurate. We recommend performing all multiplication before division wherever possible.
- Some gas optimizations can be achieved through marking functions external instead of public. There are also some public variables that could be declared constant.
- The contract utilizes the SafeMath library to prevent overflows along with following the ERC20 standard.
Ownership Controls:- The owner has the ability to renounce ownership of their role by transferring it to the zero address. Ownership has not been renounced.
- The owner can enable the trading of ECTO tokens, and once enabled, it cannot be disabled.
- The owner can set and update a "maximum wallet amount" to any amount of tokens at any time. This will restrict a holder from buying tokens if the transaction will put their balance above the limit.
- The owner can set and update a "maximum sell amount" to any amount of tokens at any time. This will prevent a holder from sending tokens to PancakeSwap if the transaction amount is larger than the limit.
- The owner can update the various fee percentages to any amount (less than or equal to 6%) at any time.
- The owner can exclude addresses from fees at any time.
- The owner can set and update the "maximum buy" and "maximum sell" transaction amount which will impose a limit to the number of tokens that can be transferred during a transaction with PancakeSwap.
- The owner can toggle the automatic swapping features of the contract. When disabled, the fees would continue to accumulate in the contract address and no dividends would be distributed, nor would liquidity be added.
- The owner can update the minimum token threshold for swapping tokens in the contract balance.
- The owner can update the minimum token threshold of BNB that must be held in the contract address to trigger a token buybackAndLiquify.
- The owner can enable and disable the "buy discount" which reduces fees charged on tranfers.
- The owner can set and update a value for the "sell transaction multiplier" which has no impact, as is not referenced in any other function.
- The owner can toggle "burnEnabled" which has no impact, as is not referenced in any other function.
- The owner can toggle the buyback, marketing, and dividend paying functionality.
- The owner can update the minimum token balance requirement to be eligible for dividends at any time.
- The owner can update the Dividend Trackers and UniswapV2Router contract addresses at any time.
- The owner can manually process the both dividend trackers at any time.
- The owner can exclude any address from dividends at any time.
- The owner can set a new 'automated market maker pair' at any time.
- The owner can update the addresses for the 'Marketing' and 'Team' wallets at any time.
- The owner can update the maximum amount of gas used for processing to any value at any time.
- The owner can update the amount of time a user must wait between claiming dividends to any value (in seconds).
- Please ensure trust in the team as they have substantial control in the ecosystem.
- We recommend adding proper 'require' parameters on the ownership-restricted setter functions to avoid locking out users due to improper values being set for the following mechanisms: "MaxBuyTransaction", "MaxWalletTokens", "MinimumBalanceForDividends", "ClaimWait", and "GasForProcessing".
- Buyback functionality may be susceptible to front-running; The team should monitor this mechanism and if suspicious activity is detected, the team can disable the buyback system.
- Date: November 22nd, 2021
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ ReentrancyGuard
- [Pub] #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] lock #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Int] IDividendPayingToken
- [Ext] dividendOf
- [Ext] distributeDividends ($)
- [Ext] withdrawDividend #
+ [Int] IDividendPayingTokenOptional
- [Ext] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Ext] accumulativeDividendOf
+ DividendPayingToken (ERC20, IDividendPayingToken, IDividendPayingTokenOptional)
- [Pub] #
- modifiers: ERC20
- [Ext] ($)
- [Pub] distributeDividends ($)
- [Pub] distributeDividends #
- [Pub] withdrawDividend #
- [Ext] setDividendTokenAddress #
- [Int] _withdrawDividendOfUser #
- [Pub] dividendOf
- [Pub] withdrawableDividendOf
- [Pub] withdrawnDividendOf
- [Pub] accumulativeDividendOf
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _setBalance #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] IterableMapping
- [Pub] get
- [Pub] getIndexOfKey
- [Pub] getKeyAtIndex
- [Pub] size
- [Pub] set #
- [Pub] remove #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] SafeMathInt
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
- [Int] toUint256Safe
+ [Lib] SafeMathUint
- [Int] toInt256Safe
+ Ecto (ERC20, Ownable, ReentrancyGuard)
- [Pub] #
- modifiers: ERC20
- [Ext] ($)
- [Ext] whitelistPresale #
- modifiers: onlyOwner
- [Ext] prepareForPartherOrExchangeListing #
- modifiers: onlyOwner
- [Ext] setMaxBuyTransaction #
- modifiers: onlyOwner
- [Ext] setMaxSellTransaction #
- modifiers: onlyOwner
- [Ext] updateTokenTwoDividendToken #
- modifiers: onlyOwner
- [Ext] updateTokenOneDividendToken #
- modifiers: onlyOwner
- [Ext] updateTeamWallet #
- modifiers: onlyOwner
- [Ext] updateMarketingWallet #
- modifiers: onlyOwner
- [Ext] setMaxWalletTokens #
- modifiers: onlyOwner
- [Ext] setSwapTokensAtAmount #
- modifiers: onlyOwner
- [Ext] setSellTransactionMultiplier #
- modifiers: onlyOwner
- [Ext] afterPreSale #
- modifiers: onlyOwner
- [Ext] setTradingIsEnabled #
- modifiers: onlyOwner
- [Ext] setBuyBackAndLiquifyEnabled #
- modifiers: onlyOwner
- [Ext] setTokenOneDividendEnabled #
- modifiers: onlyOwner
- [Ext] setTokenTwoDividendEnabled #
- modifiers: onlyOwner
- [Ext] setMarketingEnabled #
- modifiers: onlyOwner
- [Ext] setBurnEnabled #
- modifiers: onlyOwner
- [Ext] setBuyDiscount #
- modifiers: onlyOwner
- [Ext] updateTokenOneDividendTracker #
- modifiers: onlyOwner
- [Ext] updateTokenTwoDividendTracker #
- modifiers: onlyOwner
- [Ext] updateTokenOneDividendRewardFee #
- modifiers: onlyOwner
- [Ext] updateTokenTwoDividendRewardFee #
- modifiers: onlyOwner
- [Ext] updateMarketingAndGhostFee #
- modifiers: onlyOwner
- [Ext] updateBuyBackAndLiquidityFee #
- modifiers: onlyOwner
- [Ext] updateUniswapV2Router #
- modifiers: onlyOwner
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] excludeFromDividend #
- modifiers: onlyOwner
- [Ext] excludeMultipleAccountsFromFees #
- modifiers: onlyOwner
- [Pub] setAutomatedMarketMakerPair #
- modifiers: onlyOwner
- [Prv] _setAutomatedMarketMakerPair #
- modifiers: onlyOwner
- [Ext] updateGasForProcessing #
- modifiers: onlyOwner
- [Ext] updateMinimumBalanceForDividends #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getTokenOneClaimWait
- [Ext] getTokenTwoClaimWait
- [Ext] getTotalTokenOneDividendsDistributed
- [Ext] getTotalTokenTwoDividendsDistributed
- [Pub] getIsExcludedFromFees
- [Ext] withdrawableTokenOneDividendOf
- [Ext] withdrawableTokenTwoDividendOf
- [Ext] tokenOneDividendTokenBalanceOf
- [Ext] tokenTwoDividendTokenBalanceOf
- [Ext] getAccountTokenOneDividendsInfo
- [Ext] getAccountTokenTwoDividendsInfo
- [Ext] getAccountTokenOneDividendsInfoAtIndex
- [Ext] getAccountTokenTwoDividendsInfoAtIndex
- [Ext] processDividendTracker #
- modifiers: onlyOwner
- [Int] rand
- [Ext] claim #
- modifiers: nonReentrant
- [Ext] getLastTokenOneDividendProcessedIndex
- [Ext] getLastTokenTwoDividendProcessedIndex
- [Ext] getNumberOfTokenOneDividendTokenHolders
- [Ext] getNumberOfTokenTwoDividendTokenHolders
- [Int] _transfer #
- [Prv] swapAndLiquify #
- [Prv] addLiquidity #
- [Prv] buyBackAndBurn #
- [Prv] swapTokensForBNB #
- [Prv] swapTokensForDividendToken #
- [Prv] swapAndSendTokenOneDividends #
- [Prv] swapAndSendTokenTwoDividends #
- [Prv] transferToWallet #
- [Prv] transferDividends #
+ TokenOneDividendTracker (DividendPayingToken, Ownable)
- [Pub] #
- modifiers: DividendPayingToken
- [Int] _transfer
- [Pub] withdrawDividend
- [Ext] setDividendTokenAddress #
- modifiers: onlyOwner
- [Ext] updateMinimumTokenBalanceForDividends #
- modifiers: onlyOwner
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Pub] getAccountAtIndex
- [Prv] canAutoClaim
- [Ext] setBalance #
- modifiers: onlyOwner
- [Pub] process #
- [Pub] processAccount #
- modifiers: onlyOwner
+ TokenTwoDividendTracker (DividendPayingToken, Ownable)
- [Pub] #
- modifiers: DividendPayingToken
- [Int] _transfer
- [Pub] withdrawDividend
- [Ext] setDividendTokenAddress #
- modifiers: onlyOwner
- [Ext] updateMinimumTokenBalanceForDividends #
- modifiers: onlyOwner
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Pub] getAccountAtIndex
- [Prv] canAutoClaim
- [Ext] setBalance #
- modifiers: onlyOwner
- [Pub] process #
- [Pub] processAccount #
- modifiers: onlyOwner