Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | Pass |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Gratitude - Smart Contract Audit Report
Summary
Gratitude is a new token with frictionless fee redistribution and charity contribution on each transfer. The contract also intends to allow users to stake Gratitude tokens for rewards.
We audited Gratitude's token contract using code provided to us by the project team.
Overview of the Contract:Audit Findings Summary
- The total supply of the token is set to 5 billion.
- No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- Fees are collected by the project team and are sent to the charity wallet and the expense wallet.
- A portion of the fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund Uniswap liqudity.
- Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received ETH with the token, and adding it as liquidity to the ETH pair.
- There is a transfer limit on the number of tokens which can be sent in a transaction, but it is set to the total supply.
- The tax fee is set to 0 and the liquidity fee is set to 10% with no way to update the values at any time.
- The owner of the contract can exclude and include users from rewards.
- No one is excluded from fees at any time; _isExcludedFromFee mapping is never initialized and can never be modified.
- Some variables could have been declared constant to save some gas: _burnPercentage, _charityPercentageOfLiquidity, _decimals, _expensePrecentageOfLiquidity, _maxTxAmount, _name, _stakingPoolPercentageOfLiquidity, _symbol, _tTotal, numTokensSellToAddToLiquidity, _burnAddress
- Some functions could have been declared external instead of public to save some gas: charityAddresses, burn, setCharityAddress, setCharityAddresses, setLockedLiquidityAddress, setExpenseWallet, name, symbol, decimals, totalSupply, allowance, approve, increaseAllowance, decreaseAllowance, isExcludedFromReward, totalFees, totalCharityCollected, ethReservedForCharity, ethReservedForExpenses, deliver, reflectionFromToken, excludeFromReward, setSwapAndLiquifyEnabled, isExcludedFromFee, collectCharity, charityCollectAll, collectExpenses, _stakeGratitude, _unstakeAll, _emergencyWithdraw, _addressStakedGratitude, _totalStakedGratitude, _percentageOfStakePoolNewStake, _percentageOfStakePool, _maxLeftToStake, _claimAllGratitude, actualAccruedGratitude, earnedGratitude
- The contract utilizes SafeMath libraries to prevent overflows along with following the ERC standard.
- The contract intends to provide rewards for staking Gratitude, but no rewards are ever distributed; _takeLiquidity function is never called.
- Possible reentrancy issue exists in collectCharity, charityCollectAll, and collectExpenses, but these functions are limited to use by only the project team.
- Ensure trust in the team as they have notable control in the ecosystem.
- Date: June 21st, 2021
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] lockedLiquidity
- [Pub] charity
- [Pub] charityAddresses
- [Pub] burn
- [Pub] setCharityAddress #
- modifiers: onlyOwner
- [Pub] setCharityAddresses #
- modifiers: onlyOwner
- [Pub] setLockedLiquidityAddress #
- modifiers: onlyOwner
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Gratitude (Context, IERC20, Ownable)
- [Pub] #
- [Pub] setExpenseWallet #
- modifiers: onlyOwner
- [Pub] expense
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcludedFromReward
- [Pub] totalFees
- [Pub] charityPercentageOfLiquidity
- [Pub] totalCharityCollected
- [Pub] ethReservedForCharity
- [Pub] ethReservedForExpenses
- [Pub] deliver #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Pub] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Ext] ($)
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] calculateTaxFee
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Pub] isExcludedFromFee
- [Prv] _approve #
- [Prv] _transfer #
- [Pub] collectCharity #
- modifiers: onlyCharity
- [Pub] charityCollectAll #
- modifiers: onlyCharity
- [Pub] collectExpenses #
- modifiers: onlyExpense
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Pub] _stakeGratitude #
- [Pub] _unstakeAll #
- [Pub] _emergencyWithdraw #
- [Pub] _addressStakedGratitude
- [Pub] _totalStakedGratitude
- [Pub] _percentageOfStakePool
- [Pub] _percentageOfStakePoolNewStake
- [Pub] _percentageOfStakePool
- [Pub] _maxStakeAmount
- [Pub] _maxLeftToStake
- [Pub] _claimAllGratitude #
- [Prv] _distributeGratitude #
- [Pub] _calculateReward
- [Pub] _currentRewards
- [Pub] actualAccruedGratitude
- [Pub] earnedGratitude