HUH Token - Smart Contract Audit Report

Summary

HUH Token Audit Report HUH Token is a new token with frictionless fee redistributions, automatic liquidity adds, and a referral system for extra rewards.

We audited the project team's HuhToken and RewardDistributor contracts using code provided by the project team.

Notes on the Contracts:
HuhToken Contract:
  • The total supply of the token is initially set to 888 billion $HUH.
  • No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to the 0x..dead address.
  • Initially, 100% of the total supply is held by the owner.

  • There is a maximum transaction amount enforced for all transactions except those in which the owner is either a sender or a recipient.
  • There is a liquidity fee, a marketing fee, and a Huh distribution fee on transfers when the user is buying or selling tokens via Pancakeswap. The fees may vary for buys and sells, and does not apply to users who are excluded from transfer fees.
  • The contract features referral functionality where any user can create one unique single-use referral code that can be used to gain rewards.
  • Users can use a valid referral code to join the whitelist only one time and qualify for a fee structure especially for whitelisted users.
  • Users cannot refer themselves, and users cannot refer their own referrer.
  • There is an additional referral fee for whitelisted users when performing their first buy transaction.
  • The tokens collected through the referral fee are sent to the Reward Distributor contract, where they can be claimed by the corresponding referrer.
  • The tokens collected through the Huh distribution fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected through the marketing fee are sent to the marketing wallet controlled by the team.
  • The tokens collected through the liquidity fee are stored in the contract and, once a threshold amount of $HUH tokens is met, used to fund Pancakeswap liquidity.
  • Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The newly created LP tokens are locked in the 0x..dead address at the time of acquisition.

  • The owner can withdraw any ETH or tokens in the contract at any time.
  • The owner can set the liquidity, marketing, Huh distribution, and referral fees to any value up to 100% at any time and configure them for buys, sells, whitelisted, and non-whitelisted users; we recommend the project team impose a limit on the value that these fees can be set to.
  • The owner can set the Marketing, ReferralCodeRegistrator, Pancakeswap Router, and RewardDistributor contract addresses to any address at any time.
  • The owner and the ReferralCodeRegistrator address can register any unique and unused referral code for any user at any time.
  • The owner can also toggle the ability to perform a token transfer, exclude anyone from rewards or fees, toggle the automatic liquidity-adds, set the token threshold required to add liquidity to any value, and set the maximum transaction amount to any value, but can renounce ownership.

  • The team has worked with us to optimize this contract for gas efficiency.
  • As the contract is implemented with Solidity v0.8.4, it is protected from overflows. The team can safely remove SafeMath to enjoy reduced contract size and gas savings.
  • The complies with the ERC20 token standard.
RewardDistributor Contract:
  • Any valid referrer can use the RewardDistributor contract to claim referral rewards at any time.
  • Rewards are presented in an initial reward token set by the project team, but can be swapped for BNB or any other token specified by the user at claim time. The user can also specify the wallet address where rewards should be delivered at claim time.
  • The project team must ensure the contract has enough of the initial reward token in order for any user to claim any rewards.
  • The owner can change the reward token address to any address at any time.
  • The owner is able to withdraw any ETH or tokens in the contract at any time.
  • The owner can prevent any address from claiming their rewards at any time.
  • The contract utilizes ReentrancyGuard to prevent re-entrancy attacks in applicable functions.

Audit Findings Summary
  • No security threats from outside attackers were identified.
  • As with any presale, ensure trust in the team prior to investing.
  • Further, ensure trust in the team as they have substantial control in the ecosystem.
  • Date: November 7th, 2021
  • Updated: November 8th, 2021 to address an issue with claiming rewards.
Resolved Issues
  • The team addressed an issue within the RewardDistributor contract that allowed users to withdraw more rewards than were due.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

HuhToken Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IBEP20 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IRewardDistributor 
    - [Ext] addRewardHolderShare #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 +  HuhToken (Context, IBEP20, Ownable)
    - [Pub]  #
    - [Ext]  ($)
    - [Ext]  ($)
    - [Ext] withdrawEthInWei #
       - modifiers: onlyOwner
    - [Ext] withdrawTokens #
       - modifiers: onlyOwner
    - [Pub] excludeFromReflection #
       - modifiers: onlyOwner
    - [Ext] includeInReflection #
       - modifiers: onlyOwner
    - [Ext] setIsExcludedFromFee #
       - modifiers: onlyOwner
    - [Ext] changeFeesForNormalBuy #
       - modifiers: onlyOwner
    - [Ext] changeFeesForWhiteListedBuy #
       - modifiers: onlyOwner
    - [Ext] changeFeesForNormalSell #
       - modifiers: onlyOwner
    - [Ext] changeFeesForWhitelistedSell #
       - modifiers: onlyOwner
    - [Ext] changeReferralReward #
       - modifiers: onlyOwner
    - [Ext] updateMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] setReferralCodeRegistrator #
       - modifiers: onlyOwner
    - [Ext] updateAmountOfTokensToAddToLiquidityThreshold #
       - modifiers: onlyOwner
    - [Ext] updatePancakeSwapRouter #
       - modifiers: onlyOwner
    - [Ext] updateRewardDistributor #
       - modifiers: onlyOwner
    - [Ext] updateSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext] setSwapEnabled #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Ext] registerCodeForOwner #
    - [Ext] registerCode #
    - [Ext] whitelist #
    - [Pub] transfer #
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] allowance
    - [Pub] isExcludedFromReflection
    - [Pub] totalFees
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] getTotalCommunityReflection
    - [Pub] getTotalNumberOfCommunityReferral
    - [Pub] getTotalCommunityReferralReward
    - [Pub] getReferralList
    - [Pub] getTotalNumberOfUserReferral
    - [Pub] getTotalUserReferralReward
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] _basicTransfer #
    - [Prv] _normalBuy #
    - [Prv] _whitelistedBuy #
    - [Prv] _normalSell #
    - [Prv] _whitelistedSell #
    - [Prv] _sendToRewardDistributor #
    - [Prv] _sendToMarketingWallet #
    - [Prv] _shouldSwapBack
    - [Prv] _swapAndAddToLiquidity #
       - modifiers: swapping
    - [Prv] _reflectFee #
    - [Prv] _excludeFromReflection #
    - [Prv] _includeInReflection #
    - [Prv] _setIsExcludedFromFee #
    - [Prv] _whitelistWithRef #
    - [Prv] _registerCode #

RewardDistributor Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

  + [Int] IRewardDistributor 
    - [Ext] addRewardHolderShare #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] decimals
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ReentrancyGuard 
    - [Pub]  #

 +  RewardDistributor (IRewardDistributor, ReentrancyGuard)
    - [Pub]  #
    - [Ext]  ($)
    - [Ext] setRewardTokenAddress #
       - modifiers: onlyOwner
    - [Ext] transferTokenOwnership #
       - modifiers: onlyOwner
    - [Ext] upgradeDistributor #
       - modifiers: onlyOwner
    - [Ext] addRewardHolderShare #
       - modifiers: onlyToken
    - [Ext] removeRewardHolderShare #
       - modifiers: onlyOwner
    - [Ext] emergencyWithdrawEthInWei #
       - modifiers: onlyOwner
    - [Ext] emergencyWithdrawTokens #
       - modifiers: onlyOwner
    - [Ext] giftReward #
       - modifiers: nonReentrant
    - [Ext] claimReward #
       - modifiers: nonReentrant
    - [Ext] claimRewardInDesiredToken #
       - modifiers: nonReentrant
    - [Ext] claimRewardToDesiredWallet #
       - modifiers: nonReentrant
    - [Ext] claimRewardInDesiredTokenToDesiredWallet #
       - modifiers: nonReentrant
    - [Prv] _giftReward #
    - [Prv] _claimRewardInBNB #
    - [Prv] _claimRewardInDesiredToken #
    - [Prv] _claimRewardInBNBToDesiredWallet #
    - [Prv] _claimRewardInDesiredTokenToDesiredWallet #
    - [Prv] _swapAndSendBNB #
    - [Prv] _swapAndSendToken #