Fabulous - Smart Contract Audit Report

Summary

Fabulous Audit Report Fabulous is a new token with frictionless fee redistribution, liquidity adds, and BNB rewards.

We audited Fabulous's token contract at 0x3f2E8028238DA42A7E35160D9C4949DF1e5ebBD4 on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to one quadrillion.
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.

  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through taxes are removed from the circulating supply.
  • A portion of the fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund PancakeSwap liqudity.
  • Liquidity-adds are funded by selling half of the tokens collected as the liquidity fee, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The newly created LP tokens are stored in the contract and claimable by the team at any time. We recommend that this liquidity is locked at the time of acquisition.
  • A final portion of the fees charged on transfers is used to fund BNB rewards, which are distributed to a limited number of addresses determined by the team once a threshold value is met.
  • A user must hold a certain amount of tokens decided by the team in order to qualify for rewards.
  • Qualifying users must wait 24 hours between claiming rewards; this wait time duration can be set by the team to any value at any time.
  • The BNB reward is calculated based on the amount of FAB tokens a user is holding divided by a factor which can be set by the team to any value at any time.
  • If the user's calculated BNB reward passes a certain threshold, a percentage of it will be sent to the charity wallet controlled by the team; this percentage is uncapped and can be set by the team to any value at any time.
  • A user can also execute the BNB reward distribution logic manually at any time.
  • There is a maximum amount a user can send in a transaction, but Uniswap and admins determined by the owner are exempt.

  • The owner is able to transfer all the BNB, BEP20 tokens, FAB tokens, or LP tokens in the contract to the owner's wallet address at any time.
  • The owner is able to include or exclude any address from reflection rewards, and fees at any time.
  • The owner is able to set the tax and liquidity fee percentages to a value 10 or less at any time.
  • The owner is able to set the fee percentage for BNB rewards to any value at any time.
  • The owner is able to toggle the swap and liquify functionality and the BNB reward system at any time.
  • The owner is able to set the max transaction amount to any value at any time.
  • The owner is able to remove any address from the array of address to receive BNB rewards at any time.
  • The owner is able to set the minimum amount of tokens to be held by users in order to qualify for BNB rewards to any value at any time.
  • The owner is able to set the maximum BNB reward until there is a charity cut to any value at any time.

  • The team has worked with us to optimize these contracts for gas efficiency.
  • The contract utilizes Solidity v0.8.4 to prevent overflows along with following the BEP20 standard.

Audit Findings Summary
  • No security issues from outside attackers were identified.
  • Calls to _transfer() are at risk of hitting the block gas limit if the addressesToReward array grows too large. The team must ensure the maximum number of addresses eligible for rewards is no more than a few hundred to prevent transfers from failing.
  • Ensure trust in the team as they have substantial control in the ecosystem and will receive the LP tokens from liquidity-adds.
  • Given the high level of owner control, we recommend renouncing ownership.
  • Date: July 9th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  NAME (Context, IERC20, Ownable)
    - [Pub]  #
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Pub] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #
    - [Ext] increaseAllowance #
    - [Ext] decreaseAllowance #
    - [Ext] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Ext] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Ext] addAdminAccount #
       - modifiers: onlyOwner
    - [Ext] removeAdminAccount #
       - modifiers: onlyOwner
    - [Ext] excludeFromFee #
       - modifiers: onlyOwner
    - [Ext] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Ext] setConvertBNBFeePercent #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] _takeBNB #
    - [Prv] calculateTaxFee
    - [Prv] calculateConvertBNBFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Ext] isAdminAccount
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokensForEthAndSwapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] _tokenTransfer #
    - [Prv] distributeBNBReward #
    - [Ext] distributeBNBRewardManual #
    - [Prv] removeIndexFromRewardArray #
    - [Ext] removeIndexFromRewardArrayOwnerOnly #
       - modifiers: onlyOwner
    - [Ext] setBNBBuyResetThresholdPercent #
       - modifiers: onlyOwner
    - [Ext] setSupplyAmountCompareForBNBRewards #
       - modifiers: onlyOwner
    - [Ext] addExemptWalletFromBNBRewards #
       - modifiers: onlyOwner
    - [Ext] removeExemptWalletFromBNBRewards #
       - modifiers: onlyOwner
    - [Ext] setMinimumBNBInContractToReward #
       - modifiers: onlyOwner
    - [Ext] setTokenHoldingMinForBNBrewards #
       - modifiers: onlyOwner
    - [Ext] setBNBMaxUntilCharityCut #
       - modifiers: onlyOwner
    - [Ext] setMinimumAmountToHoldForRewards #
       - modifiers: onlyOwner
    - [Ext] setMaxNumOfTransersToDoForReward #
       - modifiers: onlyOwner
    - [Ext] setRewardSystemEnabledOrDisabled #
       - modifiers: onlyOwner
    - [Ext] setHoursForRewardTimer #
       - modifiers: onlyOwner
    - [Ext] setNewPercentOfCharityCut #
       - modifiers: onlyOwner
    - [Ext] setNewCharityWallet #
       - modifiers: onlyOwner
    - [Ext] viewCurrentBNBinContract
    - [Ext] rescueAllBNBSentToContractAddress #
       - modifiers: onlyOwner
    - [Ext] rescueAmountBNBSentToContractAddress #
       - modifiers: onlyOwner
    - [Ext] rescueAllBEP20SentToContractAddress #
       - modifiers: onlyOwner
    - [Ext] rescueAmountBEP20SentToContractAddress #
       - modifiers: onlyOwner
    - [Prv] payableAddress
    - [Ext] rescueAllContractToken #
       - modifiers: onlyOwner
    - [Ext] rescueAmountContractToken #
       - modifiers: onlyOwner
    - [Ext] setRouterAddress #
       - modifiers: onlyOwner
    - [Ext] setPairAddress #
       - modifiers: onlyOwner
    - [Prv] _transferStandard #
    - [Ext]  ($)