Green BioX - Smart Contract Audit Report

Summary

Green BioX Audit Report Green BioX ($voaBioX) is a new BEP20 token on the Binance Smart Chain that is an automatic liquidity-providing protocol that pays out static rewards to holders.

We reviewed the GreenBioX contract at 0xDCa2B331821e339F4Ae0f3F7248110598dC162af on the Binance Smart Chain mainnet.

Audit Findings

Please ensure trust in the team prior to investing as they can set fee percentages up to 100%.
Date: January 6th, 2022.

Contract Overview

  • The total supply of the token is set to 10 trillion $voaBioX [10,000,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 32.24% of the total supply has been sent to the 0x..dead address.
  • 18.91% of the total supply belongs to the Burn wallet controlled by the team.
  • 18.63% of the total supply belongs to a KIPS Locked Wallet.
  • 1.71% of the total supply is in Pancakeswap liquidity.
  • Of that liquidity, 78% of the LP tokens belong to an unverified contract.
  • 21.56% of the LP tokens belong to the owner. The owner also owns 11.76% of the total supply.
  • The next five holders own a cumulative 7.24% of the total supply.

  • There is a Tax fee, Liquidity fee, Marketing fee, and Nature fee on all transfers where neither the sender nor the recipient is excluded from fees.
  • The tokens collected from the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected from the Liquidity fee during transfers are stored in the contract address balance. Once the threshold value of 500 million tokens is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The recipient of the newly created LP tokens is the owner. We recommend that the team locks these newly acquired LP tokens.
  • The tokens collected from the Marketing fee and Nature fee are sent to the team's Marketing wallet and Nature wallet respectively.
  • On every transfer that takes place, the Burn wallet controlled by the team will send a percentage of the number of tokens being transferred (determined by the owner) from its own wallet to the 0x..dead address.
  • Although the SafeMath library is utilized, the contract is deployed with Solidity v0.8.10 which has built-in overflow checks. SafeMath could be safely removed to reduce contract size and deployment costs.
  • Some gas optimizations can be achieved through declaring functions external instead of public and some state variables constant. As the contract is already deployed, this is merely informational.
Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the Tax fee, Liquidity fee, Marketing fee, and Nature fee to any percentages at any time.
  • The owner can modify the percentage of tokens that get sent from the Burn wallet to the 0x..dead address on each transfer to any percentage at any time.
  • The owner can exclude and include accounts from transfer fees and reward distribution.
  • The owner can set and update a maximum transaction amount at any time, which will impose a limit on the number of tokens that can be transferred during any given transaction.
  • The owner can enable/disable automatic liquidity adds at any time.
  • The owner can update the team's Marketing wallet and Nature wallet to any addresses at any time.

Resolved Issues

GreenBioX.sol - Finding #1 - Low

Description: The Pancakeswap Pair address was not excluded from rewards.
Risk/Impact: Extra tokens will be unaccounted for in the liquidity pool. These tokens will be prone to a theft-of-liquidity attack. The impact this would have on the project overall is very minor.
Recommendation: The project team should exclude the Pancakeswap Pair address from rewards using the excludeFromReward() function. Resolution: The team has excluded the Pancakeswap Pair address from rewards.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe team can set each fee up to 100%.WARNING
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph


Inheritance Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  GreenBioX (Context, IBEP20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Prv] _transferBothExcluded #
    - [Ext]  ($)
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Ext] setTaxFeePercentage #
       - modifiers: onlyOwner
    - [Ext] setMarketingFeePercentage #
       - modifiers: onlyOwner
    - [Ext] setNatureFeePercentage #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercentage #
       - modifiers: onlyOwner
    - [Ext] setBurningPercentage #
       - modifiers: onlyOwner
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] setNatureWallet #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercentage #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #