Floki Gold - Smart Contract Audit Report

Summary

Floki Gold Audit Report Floki Gold is a new community-driven DeFi token on the Ethereum Blockchain that pays out static rewards to holders.

We reviewed the Floki Gold contract at 0x9F9fD5872beB21392f286afC6Eb3a0F8154384fC on the Ethereum mainnet.

Notes on the Contract:
  • The total supply of the token is set to 420 billion [420,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 40% of the total supply belongs to a UniCrypt token vesting contract.
  • 8.08% of the total supply is in Uniswap liquidity.
  • Of that liquidity, 100% of the LP tokens belong to a UniCrypt token locking contract and will vest to the team on May 1, 2022.
  • The next five holders own a cumulative 17.77% of the total supply.

  • There is a tax fee, liquidity fee, buyback fee, and marketing fee on all transactions for any "non-excluded" address that participates in a transfer.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
  • The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value of tokens (determined by the owner) is met, the tokens will be swapped for ETH. A portion of that ETH will be sent to the liquidity pool address set by the team. Another portion of that ETH will be sent to the team's marketing wallet.
  • On each transfer that occurs while the minimum threshold (determined by the owner) is met, the protocol will spend 1% of its ETH balance toward buying Floki Gold tokens that will subsequently be burned.
  • Although the Safemath library is utilized, the contract is deployed with Solidity v0.8.5 which has built-in overflow checks. Safemath could be safely removed to reduce contract size and increase gas savings.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the tax fee, buyback fee, and marketing fee to any percentages at any time. The liquidity fee percentage is the sum of the buyback fee percentage and marketing fee percentage. The owner must exercise caution when modifying fees as the liquidity fee is responsible for funding the ETH for the liquidity pool.
  • The owner can exclude and include accounts from transfer fees and reward distribution.
  • The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
  • The owner can enable/disable the automatic swapping and buyback functionality.
  • The owner can update the threshold number of tokens needed to trigger the automatic swapping functionality to any value.
  • The contract includes a "Presale" function that allows the owner to set fees to 0, disable automatic swapping, and set the max transaction amount to 100% of the total token supply.
  • The owner can update the team's Marketing wallet to any address at any time.
  • The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
  • The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
  • We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Please be aware of the amount of liquidity available in proportion to the largest wallets.
  • Date: December 7th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe owner can set fee percentages up to 100%WARNING
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph


Inheritance Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] getUnlockTime
    - [Pub] getTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  CoinToken (Context, IERC20, Ownable)
    - [Pub]  ($)
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] minimumTokensBeforeSwapAmount
    - [Pub] buyBackUpperLimitAmount
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokens #
       - modifiers: lockTheSwap
    - [Prv] buyBackTokens #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] swapETHForTokens #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFee #
       - modifiers: onlyOwner
    - [Ext] setBuybackFee #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Ext] setMarketingFee #
       - modifiers: onlyOwner
    - [Ext] setNumTokensSellToAddToLiquidity #
       - modifiers: onlyOwner
    - [Ext] setBuybackUpperLimit #
       - modifiers: onlyOwner
    - [Ext] setMarketingAddress #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] setBuyBackEnabled #
       - modifiers: onlyOwner
    - [Ext] presale #
       - modifiers: onlyOwner
    - [Prv] transferToAddressETH #
    - [Ext]  ($)