Fatcat - Audit Report

Summary

Fatcat is a new community-driven DeFi token with automatic liquidity adds that pays users dividends in BUSD.

We reviewed the Fatcat contract that is deployed at 0xb7de4ED46d6a53E7d4cC7dBeAB88d6946bD6cE0D on the Binance Smartchain mainnet.

Notes on the Contract:

The total supply of the token is set to 1 billion [1,000,000,000].
No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
At the time of writing this report, 74.89% of the total supply belongs to an unverified contract.
The next two holders own a cumulative 25% of the total supply.

There is a tax fee, liquidity, fee, burn fee, and marketing fee charged on all transactions for any "non-excluded" address that participates in a transfer with Pancakewap. A separate fee structure can be set by the team to apply different fee amounts depending on whether the user is buying or selling during the transfer.
The tokens collected from the tax fee, liquidity fee, and marketing fee are stored in the contract address balance. Once a threshold value of tokens (determined by the owner) is met, the tokens are swapped for BNB. A portion of that BNB are distributed as dividends, another portion is sent to the team's marketing wallet, and the final portion is used to fund Pancakeswap liquidity.
Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
The recipient of the newly created LP tokens is the owner. We recommend that the team locks these newly acquired LP tokens.
The tokens collected from the burn fee are sent to the Burn address.
The contract features a maximum wallet amount which ensures that a user's token balance does not exceed an amount tokens (determined by the owner) after a buying transaction.

Any user that holds any amount of $FATCAT tokens are eligible to claim dividends once the amount of dividends they are due reaches a minimum threshold value determined by team.
Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
Alternatively, a user can manually claim dividends as an individual.
There is a wait-time between claiming dividend rewards.
Claimed dividends are sent to the user's wallet address.

Ownership Controls:
The owner can set the total fees charged on transactions to any value up to 35% for both fee structures.
The owner can exclude any address from transfer fees and dividends at any time.
The owner can set the threshold value that triggers automatic liquidity adds to any value between 100 million and 10 trillion tokens (0.00001% and 1% of the total supply).
The owner can manually trigger automatic liquidity adds at any time.
The owner can update the maximum wallet amount to any value between 5 trillion and 1 quadrillion tokens (0.5% and 100% of the total supply).
The owner can withdraw any BEP20 tokens and BNB from the contract address at any time.
The owner can update the Dividend Manager, the Pancakeswap Pair, and the Pancakeswap Router addresses at any time.
The owner can update the team's marketing wallet at any time.
The owner can update the amount of gas used for processing to a value between 200,000 and 750,000 at any time.
The owner can update the amount of time a user must wait between claiming dividends to a value between 15 minutes and 24 hours (in seconds).
Audit Findings Summary
No external threats were identified.
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and own a large portion of the total supply.
Date: November 30th, 2021

External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Centralization of Control	The team can set total fees up to 35%.	WARNING
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Flash Loans	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Oracles	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Lib] IterableMapping 
    - [Int] get
    - [Int] getIndexOfKey
    - [Int] getKeyAtIndex
    - [Int] size
    - [Int] set #
    - [Int] remove #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeMathConversion 
    - [Int] toUint256Safe
    - [Int] toInt256Safe

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] withdrawDividend #

 +  SharedConstants 

 +  DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface, SharedConstants)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] distributeDividends #
       - modifiers: onlyOwner
    - [Pub] getRewardToken
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Lib] CircularBuffer 
    - [Int] initialise #
    - [Int] append #
    - [Int] sum #

 +  Fatcat (ERC20, Ownable, SharedConstants)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Ext] updateDividendManager #
       - modifiers: onlyOwner
    - [Ext] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Ext] excludeFromFees #
       - modifiers: onlyOwner
    - [Ext] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Ext] setMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] setBuyFees #
       - modifiers: onlyOwner
    - [Ext] setSellFees #
       - modifiers: onlyOwner
    - [Ext] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Ext] setMaxWalletAmount #
       - modifiers: onlyOwner
    - [Ext] setSwapAmount #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Ext] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] getSumSells
       - modifiers: onlyOwner
    - [Ext] getSumBuys
       - modifiers: onlyOwner
    - [Ext] updateClaimWaits #
       - modifiers: onlyOwner
    - [Ext] getClaimWaits
    - [Ext] getTotalDividendsDistributed
    - [Ext] checkIfExcludedFromFees
    - [Ext] withdrawableDividendsOf
    - [Ext] dividendTokenBalancesOf
    - [Ext] excludeFromAllDividends #
       - modifiers: onlyOwner
    - [Ext] excludeFromSelectedDividends #
       - modifiers: onlyOwner
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTrackers #
    - [Ext] claim #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndexes
    - [Ext] getNumberOfDividendTokenHolders
    - [Pub] getRewardTokenPercentages
    - [Prv] getTransferAmounts #
    - [Int] _transfer #
    - [Prv] sellTokensForBNBAndTakeFees #
    - [Prv] swapLiquifyAndSellToBNB #
    - [Prv] swapTokensForBNB #
    - [Prv] swapBNBForReward #
    - [Prv] addLiquidity #
    - [Prv] swapAndSendDividends #
    - [Ext] manuallyTriggerSwap #
       - modifiers: onlyOwner
    - [Ext] withdrawOtherTokens #
       - modifiers: onlyOwner
    - [Ext] withdrawExcessBNB #
       - modifiers: onlyOwner

 +  DividendManager (Ownable, SharedConstants)
    - [Pub]  #
    - [Ext] addDividendTracker #
       - modifiers: onlyOwner
    - [Ext] incrementFeeTokens #
       - modifiers: onlyOwner
    - [Ext] incrementFeeTokens #
       - modifiers: onlyOwner
    - [Ext] decrementFeeTokens #
       - modifiers: onlyOwner
    - [Ext] decrementFeeTokens #
       - modifiers: onlyOwner
    - [Ext] incrementFeeTokens #
       - modifiers: onlyOwner
    - [Ext] resetFeeTokens #
       - modifiers: onlyOwner
    - [Ext] resetFeeTokens #
       - modifiers: onlyOwner
    - [Pub] excludeFromSelectedDividends #
       - modifiers: onlyOwner
    - [Pub] excludeFromAllDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWaits #
       - modifiers: onlyOwner
    - [Ext] updateFees #
       - modifiers: onlyOwner
    - [Ext] distributeDividends #
       - modifiers: onlyOwner
    - [Ext] distributeDividends #
       - modifiers: onlyOwner
    - [Ext] process #
       - modifiers: onlyOwner
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Ext] processAccount #
       - modifiers: onlyOwner
    - [Ext] excludeFromDividendsUntilTimeout #
       - modifiers: onlyOwner
    - [Pub] getIDFromRewardAddress
    - [Pub] getFeeTokensFromRewardAddress
    - [Pub] getSummedFeeTokens
    - [Pub] getRewardToken
    - [Pub] getTrackerAddress
    - [Pub] getTrackerAddress
    - [Pub] getLastProcessedIndexes
    - [Pub] getNumberOfTokenHolders
    - [Pub] totalDividendsDistributed
    - [Pub] withdrawableDividendsOf
    - [Pub] getFees
    - [Pub] getSummedFees
    - [Pub] getFee
    - [Pub] claimWaits
    - [Pub] balancesOf
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Pub] dividendTrackers

 +  DividendTracker (Ownable, DividendPayingToken)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Ext] updateFee #
       - modifiers: onlyOwner
    - [Int] _transfer
    - [Pub] withdrawDividend
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] excludeFromDividendsUntilTimeout #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Pub] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner

Go Home

SourceHat

Fatcat - Audit Report

Summary

External Threat Results

Function Graph

Inheritance Chart

Functions Overview