GreenBioX 2.0 - Smart Contract Audit Report
Audit Summary
GreenBioX ($GreenBioX) is a new BEP-20 token that features automatic liquidity adds and pays holders dividends in BUSD.
For this audit, we reviewed the GreenBioX2.0 contract using code that was provided to us by the team.
Contract Overview
Ownership Controls:
- The total supply of the token is set to 10 trillion $GreenBioX [10,000,000,000,000].
- No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- There was no token allocation for our team to analyze as the contract has yet to be deployed to the mainnet.
- There is a Reflection fee, Liquidity fee, Development fee, Nature fee, and Burn fee, on all transfers where neither the sender nor the recipient is excluded from fees.
- The fees that are charged on transfers are stored in the contract address balance. Once a threshold value of $GreenBioX (specified by the team) is met, the tokens are swapped for BNB for the purpose of being distributed to the Dividend Distributor Contract, team wallets, and to support the automatic liquidity adding mechanism.
- Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The LP tokens received through this process are sent to the team's Liquidity wallet. We recommend that the team locks these newly acquired LP tokens.
- The portion of the tokens collected from the Development fee and Nature fee are swapped for BNB and sent to the team's Development wallet and Nature wallet respectively.
- The final portion of the tokens collected from the Reflection fee are swapped for BUSD and instantly sent to the Dividend Distributor Contract by use of the deposit function. The BUSD that is received by the contract is stored in the contract address until dividends are distributed.
- The tokens collected from the Burn fee are sent to the 0x..dead address.
- The burn fee will no longer be charged if more than 50% of the total supply has been sent to the 0x..dead address.
- Any user has the ability to initiate token airdrops to any specified addresses. A for loop is used to transfer funds for the airdrop; The team must ensure the maximum number of addresses that can be involved in a single airdrop is no more than 350 to prevent this loop from hitting the block gas limit.
- Any user that holds any amount of $GreenBioX tokens are eligible to claim dividends once the amount of dividends they are due reaches a minimum threshold value determined by team.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait-time (determined by the team) between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- The owner can assign any addresses to an Authorized role which can be used to maintain control over various role-restricted functions within the contract.
- The owner can enable/disable trading at any time. This will prevent all transfers unless the sender or recipient is an Authorized address.
- The owner can enable/disable the use of a blacklist, as well as add/remove addresses from it at any time. Addresses that are added to the blacklist will not be able to participate in transfers.
- The owner can set and update a cooldown time that must elapse in between transfers when the same address is buying tokens from Pancakeswap.
- The owner can set and update a maximum wallet amount at any time. The maximum wallet amount will prevent transfers from occurring if the recipient's amount of owned $GreenBioX tokens will exceed the limit that is set by the team.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner can update the sell multiplier value, which increases fees on selling transactions, to any amount at any time.
- Authorized addresses can set total fees charged on transfers up to 11%. The Development fee cannot exceed 3%, while all of the remaining fees cannot exceed 2% each.
- Authorized addresses can update the Development, Nature, Liquidity wallets to any addresses at any time.
- Authorized addresses can exclude addresses from fees, cooldowns, and the maximum transaction amount at any time.
- Authorized addresses can exclude any address from dividends at any time.
- Authorized addresses can enable and disable swapping, and update the threshold number of tokens that triggers it any time.
- Authorized addresses can update the maximum amount of gas used for processing to any value up to 750,000 at any time.
- Authorized addresses can update the amount of time that must elapse between claiming dividends to any amount of time. Authorized addresses can also update the number of tokens a user must hold to be eligible for dividends to any value.
Resolved Issues
GreenBioX2.0.sol - Resolved Issue #1 - High
Description: The owner can use either the multiTransfer() or multiTransfer_fixed() function to initiate token airdrops that are funded by any address that the owner specifies.
Risk/Impact: The owner can use these two functions to drain any holder's token balance at any time.
Recommendation: We recommend that all airdrops are funded by the msg.sender.
Resolution: The team has implemented the solution described above.GreenBioX2.0.sol - Resolved Issue #2 - Low
Description: Several functions are declared public, but are never called internally. Several state variables can never be modified, but are not declared constant.
Recommendation: We recommend declaring these functions external and declaring these state variables constant for additional gas savings on each call.
Resolution: The team has implemented the solution described above.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Auth
- [Pub] #
- [Pub] authorize #
- modifiers: onlyOwner
- [Pub] unauthorize #
- modifiers: onlyOwner
- [Pub] isOwner
- [Pub] isAuthorized
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IDEXFactory
- [Ext] createPair #
+ [Int] IDEXRouter
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IDividendDistributor
- [Ext] setDistributionCriteria #
- [Ext] setShare #
- [Ext] deposit ($)
- [Ext] process #
+ DividendDistributor (IDividendDistributor)
- [Pub] #
- [Ext] setDistributionCriteria #
- modifiers: onlyToken
- [Ext] setShare #
- modifiers: onlyToken
- [Ext] deposit ($)
- modifiers: onlyToken
- [Ext] process #
- modifiers: onlyToken
- [Int] shouldDistribute
- [Int] distributeDividend #
- [Ext] claimDividend #
- [Pub] getUnpaidEarnings
- [Int] getCumulativeDividends
- [Int] addShareholder #
- [Int] removeShareholder #
+ GreenBioX (IBEP20, Auth)
- [Pub] #
- modifiers: Auth
- [Ext] ($)
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Pub] balanceOf
- [Ext] allowance
- [Pub] approve #
- [Ext] approveMax #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] setMaxWalletPercent_base1000 #
- modifiers: onlyOwner
- [Ext] setMaxTxPercent_base1000 #
- modifiers: onlyOwner
- [Ext] setTxLimit #
- modifiers: authorized
- [Int] _transferFrom #
- [Int] _basicTransfer #
- [Int] checkTxLimit
- [Int] shouldTakeFee
- [Int] takeFee #
- [Int] shouldSwapBack
- [Ext] clearStuckBalance #
- modifiers: authorized
- [Ext] clearStuckBalance_sender #
- modifiers: authorized
- [Ext] set_sell_multiplier #
- modifiers: onlyOwner
- [Pub] tradingStatus #
- modifiers: onlyOwner
- [Pub] cooldownEnabled #
- modifiers: onlyOwner
- [Int] swapBack #
- modifiers: swapping
- [Ext] setIsDividendExempt #
- modifiers: authorized
- [Pub] enable_blacklist #
- modifiers: onlyOwner
- [Pub] manage_blacklist #
- modifiers: onlyOwner
- [Ext] setIsFeeExempt #
- modifiers: authorized
- [Ext] setIsTxLimitExempt #
- modifiers: authorized
- [Ext] setIsTimelockExempt #
- modifiers: authorized
- [Ext] setFees #
- modifiers: authorized
- [Ext] setFeeReceivers #
- modifiers: authorized
- [Ext] setSwapBackSettings #
- modifiers: authorized
- [Ext] setTargetLiquidity #
- modifiers: authorized
- [Ext] setDistributionCriteria #
- modifiers: authorized
- [Ext] setDistributorSettings #
- modifiers: authorized
- [Pub] getCirculatingSupply
- [Pub] getLiquidityBacking
- [Pub] isOverLiquified
- [Ext] multiTransfer #
- modifiers: onlyOwner
- [Ext] multiTransfer_fixed #
- modifiers: onlyOwner