GoldenShower - Smart Contract Audit Report

Summary

GoldenShower is a new dividend paying token with automatic liquidity adds and a buyback system for burning supply.

We audited the GoldenShower token contract using code provided to us by the project team.

Overview of the Contract:
  • The total supply of the token is set to 420 quadrillion; the total supply is initially minted to the owner.
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.

  • There is a maximum transaction amount determined by the owner that restricts the amount involved in a transfer; this does not apply to exempt addresses, during the presale, or during the first few blocks.
  • There is a 7% tax fee charged on each transaction that is stored in the contract balance.
  • Fees are increased to any value up to 100% as determined by the owner while the "firstFewBlocks" value is true; the owner must manually set this to false in order to disable this fee charge.
  • Once a threshold value is met, a portion of the contract balance is used to fund Uniswap liquidity.
  • Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received ETH with the token, and adding it as liquidity to the ETH pair.
  • The newly created LP tokens are sent to the liquidity wallet controlled by the team; we recommend that liquidity is locked at the time of acquisition.
  • Another portion of the contract balance is swapped for ETH; half of the ETH received is sent to the marketing wallet controlled by the team, and if buybacks are enabled 1% of the remaining ETH (capped at 0.01 ETH) is swapped for GOLDSHOW tokens and sent to the burn address as a buyback.
  • Any remaining tokens in the contract balance is swapped for ETH and automatically distributed as dividends to the token holders eligible for dividends.
  • A user must hold 10,000 GOLDSHOW tokens to be eligible for dividends.

  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time of 600 seconds (10 mins) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • The owner is able to withdraw all the ETH in the contract balance at any time.
  • The owner is able to disable the buyback system at any time.
  • The owner is able to set the total fees charged on transactions to any value up to 7% at any time.
  • The owner is able to set the percentage of the fees allocated to any fund (liquidity, marketing, buyback, dividends) at any time.
  • The owner is able to set the fees taken during the first few blocks to any percentage at any time.
  • The owner is able to set the max transaction amount to any value at any time.
  • The owner is able to set the minimum amount of tokens a user must hold in order to qualify for dividends to any value at any time.
  • The owner is able to exclude any address from dividends or fees at any time.
  • The owner is able to update the UniswapV2Router contract address at any time.
  • The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 1,000,000 at any time; the initial value is 400,000.
  • The owner is able to update the amount of time a user must wait between claiming dividends to a value between 5 minutes and 24 hours.

  • Some functions could have been declared external and some state variables could have been declared constant for gas optimization.
  • The contract utilizes the SafeMath library to prevent overflows along with following the ERC20 standard.

Audit Findings Summary
  • Buyback functionality may be suseptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the buyback system.
  • As with any presale, ensure trust in the team prior to investing.
  • Further, ensure trust in the team as they have substantial control in the ecosystem.
  • Date: August 23rd, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  GoldenShower (ERC20, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] changeFees #
       - modifiers: onlyOwner
    - [Ext] preventer #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Ext] setPresaleWalletandRouter #
       - modifiers: onlyOwner
    - [Ext] setPresaleOver #
       - modifiers: onlyOwner
    - [Ext] SetFirstFewBlocksF #
       - modifiers: onlyOwner
    - [Ext] disableFirstFewBlocks #
       - modifiers: onlyOwner
    - [Pub] changeMinimumBalanceToReceiveRewards #
       - modifiers: onlyOwner
    - [Pub] sendContractBalance #
       - modifiers: onlyOwner
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] getAccountDividendsInfo
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders
    - [Pub] getTradingIsEnabled
    - [Int] _transfer #
    - [Prv] swapAndLiquify #
    - [Prv] swapAndBuyback #
    - [Prv] transferToAddressETH #
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Ext] setBuybackUpperLimit #
       - modifiers: onlyOwner
    - [Ext] setMarketingAddress #
       - modifiers: onlyOwner
    - [Prv] swapAndSendDividends #
    - [Pub] setBuyBackEnabled #
       - modifiers: onlyOwner

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] distributeDividends ($)
    - [Ext] withdrawDividend #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 +  DividendPayingToken (ERC20, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] distributeDividends ($)
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 +  GOLDSHOWDividendTracker (DividendPayingToken, Ownable)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer #
    - [Ext] setMinimumBalanceToReceiveDividends #
       - modifiers: onlyOwner
    - [Pub] getMinimumBalanceToReceiveDividends #
    - [Pub] withdrawDividend #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner