FamilyVerse - Smart Contract Audit Report

Audit Summary

FamilyVerse Audit Report FamilyVerse ($FMV) is a new BEP-20 token on the Binance Smart Chain that is an automatic liquidity providing protocol.

We reviewed the FamilyVerse contract at 0x1755a2E073b948E600d612b3448ABc61DF10ed94 on the Binance Smartchain mainnet.

Audit Findings

Please ensure trust in the team as they have substantial control in the ecosystem and currently own 100% of the total supply.
Date: January 26th, 2022.

Finding #1 - FamilyVerse - Informational

Description: Although the SafeMath library is utilized, the contract is implemented with Solidity v0.8.x which has built-in overflow checks.
Recommendation: SafeMath could be safely removed to reduce contract size and deployment costs.

Contracts Overview

  • The total supply of the token is set to 1 billion $FMV [1,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
  • At the time of writing this report, 100% of the total supply belongs to the owner.

  • The owner must manually enable trading in order for trading to take place on the platform. Only accounts that are excluded from fees can trade when trading is set to disabled. Once trading is enabled, it can never be disabled.
  • There is a Liquidity fee, Marketing fee, Buyback fee, and Dev fee on all transfers where neither the sender nor the recipient is excluded from fees. A separate fee structure can be set by the team to apply different fee amounts depending on whether the user is buying or selling during the transfer.
  • The tokens collected from fees during transfers with Pancakeswap are stored in the contract address balance. Once the threshold number of tokens (determined by the owner) is met, the tokens are swapped for BNB and sent back to the contract address.
  • A portion of the BNB received from this process is used to automatically provide liquidity. Liquidity-adds are automatically performed by selling the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
  • The LP tokens received through this process are sent to the Liquidity wallet controlled by the team. We recommend that the team lock these newly acquired LP tokens.
  • Another portion of the BNB is split between the team's Marketing wallet and Dev wallet respectively.
  • If the buyback fee on buys and sells are both set to 0, the remaining BNB in the contract will be sent to the Marketing wallet.
  • If the buyback fee on either buys or sells is not set to 0, the leftover BNB will remain in the contract.
  • The owner can call the buyBackTokens() function to swap any amount of BNB in the contract for $FMV tokens and subsequently send those tokens to the team's Buyback wallet.
  • The contract enforces a transfer delay which prevents a transfer from occurring if the user is attempting to buy from Pancakeswap more than one time per block.
  • The contract features an anti-sniper mechanism to identify addresses that are buying instantly after launch. The address attempting the transfer will be added to a blacklist.
Ownership Controls:
  • The owner can modify the Liquidity fee, Marketing fee, Buyback fee, and Dev fee for both buy and sell fee structures. The total fee percentages combined for each fee structure must be 15% or less.
  • The owner can exclude and include accounts from transfer fees.
  • The owner can call the forceSwapBack() function to manually trigger the token swapping and automatic liquidity add process. This function can only be called if the contract balance is more than 1% of the total token supply.
  • The owner can enable/disable the utilization of a maximum transaction amount when buying from or selling to Pancakeswap. The owner can set this value to any number greater than 5 million tokens.
  • The owner can exclude and include accounts from the maximum transaction amount at any time.
  • The owner can enable/disable the utilization of a maximum wallet amount which prevents a transfer from occurring if the buyer's balance will exceed 20 million tokens (2% of the total supply) after the transfer takes place.
  • The owner can enable/disable a gas limit restriction of 30 Gwei when buying from Pancakeswap.
  • The owner can disable the transfer delay functionality. Once disabled, it can never be re-enabled.
  • The owner can enable/disable automatic token swapping and liquidity add process, and set the threshold value that triggers it to any value between 10 thousand and 5 million tokens.
  • The owner can manually add/remove accounts from the anti-sniper blacklist which will prevent them from being able to participate in transfers.
  • The owner can update the Marketing wallet Liquidity wallet, and Dev wallet to any addresses at any time.
  • The owner can update the Automated Market Maker Pair contract address at any time.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The owner can set total fees on all transfers via Pancakeswap up to 15%.
  • The owner can blacklist any account from being able to participate in transfers.
  • The recipient of the LP tokens generated through the automatic liquidity add process is the team's Liquidity wallet.
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Logical IssuesN/APASS
    Multiple SendsN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Function Graph

    BEP20 Token Graph

    Inheritance Chart

    Multi-file Token

    Functions Overview

    ($) = payable function
     # = non-constant function
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
     + [Int] IUniswapV2Pair 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
        - [Ext] factory
        - [Ext] token0
        - [Ext] token1
        - [Ext] getReserves
        - [Ext] price0CumulativeLast
        - [Ext] price1CumulativeLast
        - [Ext] kLast
        - [Ext] mint #
        - [Ext] burn #
        - [Ext] swap #
        - [Ext] skim #
        - [Ext] sync #
        - [Ext] initialize #
     + [Int] IUniswapV2Factory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _beforeTokenTransfer #
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
     + [Lib] SafeMathInt 
        - [Int] mul
        - [Int] div
        - [Int] sub
        - [Int] add
        - [Int] abs
        - [Int] toUint256Safe
     + [Lib] SafeMathUint 
        - [Int] toInt256Safe
     + [Int] IUniswapV2Router01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
     + [Int] IUniswapV2Router02 (IUniswapV2Router01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
     +  FamilyVerse (ERC20, Ownable)
        - [Pub]  #
           - modifiers: ERC20
        - [Ext]  ($)
        - [Ext] enableTrading #
           - modifiers: onlyOwner
        - [Pub] isSniper
        - [Pub] manageSnipers #
           - modifiers: onlyOwner
        - [Ext] removeLimits #
           - modifiers: onlyOwner
        - [Ext] disableTransferDelay #
           - modifiers: onlyOwner
        - [Ext] updateSwapTokensAtAmount #
           - modifiers: onlyOwner
        - [Ext] updateMaxAmount #
           - modifiers: onlyOwner
        - [Pub] excludeFromMaxTransaction #
           - modifiers: onlyOwner
        - [Ext] updateSwapEnabled #
           - modifiers: onlyOwner
        - [Ext] updateBuyFees #
           - modifiers: onlyOwner
        - [Ext] updateSellFees #
           - modifiers: onlyOwner
        - [Pub] excludeFromFees #
           - modifiers: onlyOwner
        - [Pub] setAutomatedMarketMakerPair #
           - modifiers: onlyOwner
        - [Prv] _setAutomatedMarketMakerPair #
        - [Ext] updateMarketingWallet #
           - modifiers: onlyOwner
        - [Ext] updateDevWallet #
           - modifiers: onlyOwner
        - [Ext] updateLiquidifyWallet #
           - modifiers: onlyOwner
        - [Pub] isExcludedFromFees
        - [Int] _transfer #
        - [Prv] swapTokensForEth #
        - [Prv] addLiquidity #
        - [Prv] swapBack #
        - [Ext] forceSwapBack #
           - modifiers: onlyOwner
        - [Ext] buyBackTokens #
           - modifiers: onlyOwner