FlyPaper Token - Smart Contract Audit Report

Summary

FlyPaper Audit Report FlyPaper ($STICKY) is a new community-driven DeFi token on the Binance Smart Chain that pays out static rewards to holders.

FlyPaper Token contract is deployed at 0x7ba953183fe5d8169924da516f1b3cac365add78 on the Binance Smartchain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 500 million $STICKY [500,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 21.62% of the total $STICKY token supply is in Pancakeswap liquidity.
  • Of that liquidity, 99% of the LP tokens are locked in a DxSale token locker for 77 years.
  • 8.55% of the total supply is stored in a DxSale Presale contract.
  • The top 5 holders own a cumulative ~15% of the total supply.

  • There is a 'tax fee' and a 'charity fee' on all transactions for any non-excluded address that participates in a transfer.
  • The owner has the ability to modify the tax fee to any percentage between 1% and 10%, and modify the charity fee to any percentage between 1% and 5%.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
  • The charity fee charged on transactions is stored in the contract and, once a threshold value (determined by the owner) is met, the tokens will be swapped for BNB and sent back to the contract. The received BNB is then transferred to the team's charity wallet. The owner has the ability to update the charity wallet at any time.

  • The owner of the contract can exclude and include accounts from transfer fees and reward distribution.
  • The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
  • This maximum transaction amount does not apply to the owner during transactions where the owner is either the sender or the recipient.
  • The owner can call the Manualswap() and Manualsend() functions at any time which swaps $STICKY tokens collected from transaction fees for BNB, stores that BNB in the contract address, then sends it to the team wallet.
  • The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
  • The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
  • We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
  • Ownership has not been renounced.
  • The contract utilizes SafeMath libraries along with following the BEP20 standard.
Audit Findings Summary
  • No external threats were identified.
  • We strongly discourage the use of the Lock() function within this contract as there are potential risks that exist for holders regarding the team's ability to retain control of the contract.
  • We recommend the team renounces ownership without ever using the Lock() function.
  • Please ensure trust in the team prior to investing as they have some control in the ecosystem.
  • Date: September 9th, 2021
  • Updated: October 18th, 2021 to reflect newly locked liquidity.

Audit Results

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
Flash Loans N/A PASS
Integer Over/Underflow N/A PASS
Multiple Sends N/A PASS
Oracles N/A PASS
Suicide N/A PASS
State Change External Calls N/A PASS
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS

Function Graph

ERC20 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] geUnlockTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  FlyPaper (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcluded
    - [Ext] setExcludeFromFee #
       - modifiers: onlyOwner
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Ext] excludeAccount #
       - modifiers: onlyOwner
    - [Ext] includeAccount #
       - modifiers: onlyOwner
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokensForEth #
       - modifiers: lockTheSwap
    - [Prv] sendETHToCharity #
    - [Ext] manualSwap #
       - modifiers: onlyOwner
    - [Ext] manualSend #
       - modifiers: onlyOwner
    - [Ext] setSwapEnabled #
       - modifiers: onlyOwner
    - [Ext] setCooldownEnabled #
       - modifiers: onlyOwner
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _takeCharity #
    - [Prv] _reflectFee #
    - [Ext]  ($)
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _getTaxFee
    - [Prv] _getMaxTxAmount
    - [Pub] _getETHBalance
    - [Ext] _setTaxFee #
       - modifiers: onlyOwner
    - [Ext] _setFlyPaperFee #
       - modifiers: onlyOwner
    - [Ext] _setFlyPaperWallet #
       - modifiers: onlyOwner
    - [Ext] _setMaxTxAmount #
       - modifiers: onlyOwner