GIFT - Smart Contract Audit Report
Summary
GIFT is a token with frictionless fee redistribution.
GIFT Token has been deployed to 0x9adf6e139025b29386115dcb7970020d69011937 on the BSC mainnet.
GIFT Vesting has been deployed to 0x4d54dd7c8f096ecfe99c2afb5bfd5f91357c35e3 on the BSC mainnet. Multiple instances are deployed for different beneficiaries.
We also reviewed the team's Gift Escrow contract in mid June. The report on that contract can be viewed here.
Notes on the Token Contract:Notes on the Token Vesting Contract:
- The total supply of the token is 100 million tokens.
- 5% of the supply has been burned. The team has sent 34.5% of the supply to various addresses. The team currently holds 60.5% of the supply.
- Transfers of the token contract incur a fee which is partially distributed among token holders.
- There is a transaction fee on transfers of the token. This fee is allocated for: redistribution of fees among holders, funding the team's marketing fund, funding the liquidity staking pool to fund rewards, and passing some fees to a merchant staking.
- The owner is given the ability to include and exclude accounts from transfer fees.
- The owner has the power to update the marketing, LP staking pool, and merchant staking address.
- The owner also has the ability to update the tax fee percentages at any time to any amount. The team has implemented code to require that these tax amounts not exceed 5% each.
- Utilization of SafeMath and SafeERC20 to prevent overflows and ensure safe transfers.
- This contract allows the team to time-lock tokens and have them released to a specified beneficiary at a set date.
- The team will deploy and fund these contracts with tokens.
- Once the time specified during deployment has passed, the owner of the contract can withdraw all of the tokens in the contract.
- Once deployed, the only usable functions are to set a new beneficiary (owner) and withdraw the tokens.
- Utilization of SafeMath to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- As with any presale, ensure trust in the team prior to investing.
- Further, ensure trust in the team as they have substantial control over the token contract.
- The developer has completed KYC with our firm.
- Date: April 25th, 2021.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details:GIFT Token Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Prv] _verifyCallResult
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ GIFT (Context, IERC20, Ownable)
- [Pub] #
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Ext] isExcludedFromRewards
- [Ext] isExcludedFromFees
- [Ext] totalFees
- [Ext] totalHolderFees
- [Ext] totalMarketingFees
- [Ext] totalLpFees
- [Ext] totalMerchantFees
- [Pub] distribute #
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] includeInFees #
- modifiers: onlyOwner
- [Pub] excludeFromRewards #
- modifiers: onlyOwner
- [Pub] includeInRewards #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _transferWithRewards #
- [Prv] _transferWithRecipientRewards #
- [Prv] _transferWithoutSenderRewards #
- [Prv] _transferWithoutRewards #
- [Prv] _updateHolderFee #
- [Prv] _updateMarketingFee #
- [Prv] _updateLpFee #
- [Prv] _updateMerchantFee #
- [Pub] rewardsFromToken
- [Pub] tokenWithRewards
- [Prv] _getValues
- [Prv] _getActualValues
- [Prv] _getRewardValues
- [Prv] _getRewardsRate
- [Prv] _getCurrentSupply
- [Prv] _getFee
- [Prv] _getHolderFee
- [Prv] _getMarketingFee
- [Prv] _getLpFee
- [Prv] _getMerchantFee
- [Ext] setTaxPercentage #
- modifiers: onlyOwner
- [Ext] setTaxAllocations #
- modifiers: onlyOwner
- [Ext] setMarketingAddress #
- modifiers: onlyOwner
- [Ext] setLpStakingAddress #
- modifiers: onlyOwner
- [Ext] setMerchantStakingAddress #
- modifiers: onlyOwner
Details: Token Vesting Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ VestingContract
- [Pub] #
- [Ext] viewOwner
- [Ext] vestingDurationView
- [Ext] initialDepositView
- [Pub] changeOwner #
- [Pub] withdraw #