EuroBallz - Smart Contract Audit Report

Summary

EuroBallz Audit Report EuroBallz is building a yield-farming platform that features a new token with frictionless fee redistribution and liquidity adds.

For this audit, we reviewed the project team's BallzToken, BallzChef, and Referral contracts at commit d8aeb009614c8a14386c0150caf41a187fa1887c on the team's private GitHub.

Notes on the Contracts:
  • The total supply of the BALLZ token is initially set to 1 token.
  • The mint function can only be accessed by the address set as the Ballz Farm.
  • Anyone can burn their own tokens at any time.
  • Initially, 100% of the total supply will be held by the owner.

  • There is a 6% tax fee, a 2% liquidity fee, a 1% burn fee, and a 1% referral fee on all transactions.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through taxes are removed from the circulating supply.
  • Half the tokens collected through the referral fee are sent to the referral address specified by the user at any time, and the other half is delivered back to the user; the referral address can be set by the user at any time.
  • In the case that the referral is invalid, the referral fee will be removed from teh circulating supply.
  • The burn fee that is charged on transactions is removed from the circulating supply.
  • The liquidity fee is stored in the contract and, once a threshold is met, used to fund Uniswap liquidity; this can be disabled by the owner at any time.
  • Liquidity-adds are funded by selling half of the tokens collected as liquidity fees, pairing the received ETH with the token, and adding it as liquidity to the ETH pair.
  • The LP tokens are delivered to the owner.

  • The owner can set the tax, burn, and marketing fees to any value up to 15% at any time.
  • The owner can also exclude anyone from fees or rewards at any time.
  • The owner can change the token threshold required to trigger a swap and liquify at any time.
  • There is a maximum transaction amount tokens, but this does not apply to the owner during transactions where the owner is either the sender or the recipient; the owner can set the max transaction amount to a value between 0.3% and 1% of the total supply at any time.
  • The owner is able to withdraw any ETH or any ERC20 token (except BALLZ) from the contract balance at any time.
  • The owner can set the Ballz Farm address to any address only one time.

  • The owner can use the BallzChef contract to add pools for LP tokens as long as the address is a valid ERC20 and a pool for it does not currently exist; the team must exercise caution when adding tokens to avoid fee-on-transfer and ERC777-compliant tokens (this is uncommon).
  • The owner can set the allocation points and the deposit fee for any existing pool at any time.
  • Users pay a deposit fee to deposit LP tokens into a pool; half of which will go to the fee address, and the other half will go to the vault address.
  • Users will receive a reward amount proportional to the allocation percentage assigned to the pool on each block; staking rewards can be calculated and transferred to the user at any time.
  • On deposit, a user can provide a referral address which will be eligible for rewards; 2% of the user's rewards will be minted to the referral address as long as the token mint limit has not been met.
  • On withdrawals, the pending rewards will be calculated and transferred, and the user will receive the desired amount of LP tokens; this amount cannot be more than the amount the user has deposited.
  • The user can also trigger an emergency withdraw, which will transfer all the user's deposited LP tokens to their wallet address, without calculating rewards.

  • The owner is able to set the emission rate for rewards to any value at any time.
  • The owner is able to set the address of the Referral contract to any address at any time.
  • The owner is able to set the referral commission rate to any value up to 5% at any time.
  • The owner can move the start block time to any future block number only before the Farm has started.

  • The team has worked with us to optimize these contracts for gas efficiency.
  • The contracts utilize the SafeMath library to prevent overflows along with following the ERC20 standard.
Audit Findings Summary
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as they have some control in the ecosystem.
  • Date: July 15th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BallzToken and BallzChef Contracts

ERC20 Token Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  ReentrancyGuard 
    - [Int]  #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  BallzToken (IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Ext] getOwner
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Prv] _approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] isExcludedFromFee
    - [Pub] totalFees
    - [Ext] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Ext] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setBurnFeePercent #
       - modifiers: onlyOwner
    - [Ext] setReferralFeePercent #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Ext] setNumTokensSellToAddToLiquidity #
       - modifiers: onlyOwner
    - [Ext] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext] setRouter #
       - modifiers: onlyOperatorTimelock
    - [Ext] setReferrer #
    - [Ext]  ($)
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getFeeValues
    - [Prv] _getRate
    - [Prv] _takeLiquidity #
    - [Prv] _reflectFee #
    - [Prv] _takeFee #
    - [Prv] _transfer #
    - [Pub] maxTxAmount
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Ext] recoverLockedTokens #
       - modifiers: onlyOwner
    - [Ext] mint #
       - modifiers: onlyFarm
    - [Ext] burn #
    - [Ext] setBallzFarm #
       - modifiers: onlyOwner

 + [Int] IReferral 
    - [Ext] recordReferral #
    - [Ext] getReferrer

 +  BallzChef (Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Ext] poolLength
    - [Ext] add #
       - modifiers: onlyOwner,nonDuplicated
    - [Ext] set #
       - modifiers: onlyOwner
    - [Pub] getMultiplier
    - [Ext] pendingBallz
    - [Pub] massUpdatePools #
    - [Pub] updatePool #
    - [Ext] deposit #
       - modifiers: nonReentrant
    - [Ext] withdraw #
       - modifiers: nonReentrant
    - [Ext] emergencyWithdraw #
       - modifiers: nonReentrant
    - [Int] safeBallzTransfer #
    - [Ext] setDevAddress #
       - modifiers: onlyOwner
    - [Ext] setFeeAddress #
       - modifiers: onlyOwner
    - [Ext] setVaultAddress #
       - modifiers: onlyOwner
    - [Ext] updateEmissionRate #
       - modifiers: onlyOwner
    - [Ext] setReferralAddress #
       - modifiers: onlyOwner
    - [Ext] setReferralCommissionRate #
       - modifiers: onlyOwner
    - [Int] payReferralCommission #
    - [Prv] mintCapped #
    - [Ext] updateStartBlock #
       - modifiers: onlyOwner
							

Referral Contract

ERC20 Token Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IReferral 
    - [Ext] recordReferral #
    - [Ext] getReferrer

 +  Referral (IReferral, Ownable)
    - [Pub] recordReferral #
       - modifiers: onlyOperator
    - [Pub] getReferrer
    - [Ext] updateOperator #
       - modifiers: onlyOwner