FlyPaper - Smart Contract Audit Report

Summary

FlyPaper Audit Report FlyPaper ($STICKY) is a new community-driven DeFi token on the Binance Smart Chain that pays out static rewards to holders.

We reviewed the FlyPaper contract at 0x7ba953183fe5d8169924da516f1b3cac365add78 on the Binance Smart Chain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 500 million $STICKY [500,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 21.62% of the total $STICKY token supply is in Pancakeswap liquidity.
  • Of that liquidity, 99% of the LP tokens are locked in a DxSale token locker for 77 years.
  • 8.55% of the total supply is stored in a DxSale Presale contract.
  • The top 5 holders own a cumulative ~15% of the total supply.

  • There is a 4% tax fee and a 2% charity fee on all transfers where neither the sender nor the recipient is excluded from fees.
  • The tokens collected through the tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected through the charity fee are stored in the contract address and cannot be withdrawn as the token swapping functionality has been permanently disabled by the team.
  • The contract enforces a maximum transaction amount of 500 million tokens on all transfers.
  • The contract utilizes the SafeMath library along with following the BEP20 standard.
Ownership Controls
  • Ownership has been renounced.
  • The owner was previously able to modify the tax fee to any percentage between 1% and 10%.
  • The owner was previously able to modify the charity fee to any percentage between 1% and 5%.
  • The owner was previously able to exclude and include accounts from transfer fees and reward distribution.
  • The owner was previously able to update the maximum transaction amount.
  • The owner was previously able to call the Manualswap() and Manualsend() functions at any time which swaps $STICKY tokens collected from transaction fees for BNB, stores that BNB in the contract address, then sends it to the team wallet.
  • The owner was previously able to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
Audit Findings Summary
  • No external threats were identified.
  • Ownership has been renounced.
  • Date: September 9th, 2021
  • Updated: February 16th, 2022 after the team renounced ownership.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph


Inheritance Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] geUnlockTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  FlyPaper (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcluded
    - [Ext] setExcludeFromFee #
       - modifiers: onlyOwner
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Ext] excludeAccount #
       - modifiers: onlyOwner
    - [Ext] includeAccount #
       - modifiers: onlyOwner
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokensForEth #
       - modifiers: lockTheSwap
    - [Prv] sendETHToCharity #
    - [Ext] manualSwap #
       - modifiers: onlyOwner
    - [Ext] manualSend #
       - modifiers: onlyOwner
    - [Ext] setSwapEnabled #
       - modifiers: onlyOwner
    - [Ext] setCooldownEnabled #
       - modifiers: onlyOwner
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _takeCharity #
    - [Prv] _reflectFee #
    - [Ext]  ($)
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _getTaxFee
    - [Prv] _getMaxTxAmount
    - [Pub] _getETHBalance
    - [Ext] _setTaxFee #
       - modifiers: onlyOwner
    - [Ext] _setFlyPaperFee #
       - modifiers: onlyOwner
    - [Ext] _setFlyPaperWallet #
       - modifiers: onlyOwner
    - [Ext] _setMaxTxAmount #
       - modifiers: onlyOwner