FootballGo Token - Smart Contract Audit Report
Summary
FootballGo ($FGSPORT) is a new game Token on the Binance Smart Chain that aims to bring a new experience to players who are fans of football.
Notes on the Contract:Audit Findings Summary
- There is a maximum total supply of two billion $FGSPORT [2,000,000,000] The current circulating supply at the time of writing is one billion $FGSPORT.
- Token holders may reduce the circulating supply by using the burn function.
- Minting functionality is present in the contract beyond deployment.
- The FootballGo Token contract is intended to interact with additional contracts which were not provided to our team; Thus, that functionality is not in scope for this audit.
- There is a fee that is applied on all transfers for holders that are either buying from or selling to PancakeSwap. The owner has the ability to modify the "Buy Fee" to any percentage at any time. The owner may also modify the "Sell Fee" to any percentage ranging from 0% to 20% at any time.
- The contract address will receive the tokens collected from these fees; and the recipient will receive the transfer amount minus the fee that was applied.
- Once a threshold value (determined by the owner) is met for the contract address' $FGSPORT balance, the tokens are automatically swapped for BNB and sent to the 'Marketing Wallet' that is controlled by the team.
- The owner may also manually activate this swap at any time.
- 'Player' roles can use the "Reward" function to mint any amount of $FGSPORT to any address as long as the 'P2E' limit has not been exceeded. If the amount that is passed in exceeds the limit, the excess value will be minted to the designated recipient.
- Once the play to earn limit is met, the Player role will not be able to use the "Reward" function anymore.
- There is a receive function for the contract to receive BNB directly, however there is no visible method of transferring that BNB to another address within the contract's code.
- Some state variables could have been declared constant to save some gas upon deployment.
- Some functions could have been declared external instead of public to save on gas upon deployment.
- The contract utilizes SafeMath libraries along with following the BEP20 standard.
- The contract includes logic that interacts with "Bot Protection" Contract, the code for which is unverified, and was not reviewed by our team as part of this audit.
Ownership Controls:- Ownership has not been renounced.
- The owner has the ability to modify transfer fees at any time.
- The owner has the ability to exclude accounts from transfer fees at any time.
- The owner has the ability to update the marketing address at any time.
- The owner has the ability to set the "Controller" role at any time. The functionality for this role is within a contract that was not reviewed as part of this audit.
- The owner has the ability to modify this threshold of tokens to swap (for BNB) to a new value at any time.
- The owner has the ability to enable and disable the automatic swapping functionality at any time.
- The owner has the ability to withdraw the contract's token balance at any time. The owner will receive these tokens.
- No external vulnerabilities were identified within the smart contract's code.
- We recommend that the team renounces ownership.
- Please ensure trust in the team prior to investing as they have substantial control within the ecosystem.
- Further, ensure trust in the team prior to investing as they receive the BNB from the 'swap tokens' functionality.
- Additional functionality is advertised on the project's website than what is present in the smart contracts that we audited.
- Date: October 3rd, 2021
- Updated: November 7th, 2021 to update the report to reflect a new contract address.
- The previous address was 0x5089d7bb8d76578536f21D8bA851d67850a4E4c7 on the Binance Smart Chain mainnet.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Int] IManager
- [Ext] feeAddress
- [Ext] isPlayer
- [Ext] priceCard
- [Ext] usersLock
- [Ext] tokensLock
- [Ext] setUsersLock
- [Ext] setTokensLock
- [Ext] feeMarketRate
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ FootballGo (Ownable, ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] burn #
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] isExcludedFromFees
- [Int] _transfer #
- [Pub] swapToken #
- modifiers: onlyOwner
- [Prv] swapTokensForEth #
- [Ext] ($)
- [Ext] setMarkettingAddress #
- modifiers: onlyOwner
- [Pub] setController #
- modifiers: onlyOwner
- [Pub] setFeeRate #
- modifiers: onlyOwner
- [Pub] setMinTokensBeforeSwap #
- modifiers: onlyOwner
- [Ext] reward #
- modifiers: onlyPlayer
- [Pub] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Pub] GetSwapMinutes
- [Ext] SetSwapMinutes #
- modifiers: onlyOwner
- [Pub] getBalance
- [Ext] withdrawBalance #
- modifiers: onlyOwner