HYPERSONIC - Smart Contract Audit Report

Summary

HYPERSONIC Audit Report HYPERSONIC is a new token on the Binance Smart Chain that features automatic liquidity adds and pays users dividends in reward tokens.

HYPERSONIC's Dividend Token contracts are deployed at 0xff7480ed5f77a97e6682c727145d3ca18b26ad59 on the Binance Smart Chain Mainnet.

Overview of the Contract:

  • The total supply of the HYPERSONIC token is set to 1 million [1,000,000] $HYPERSONIC and is initially minted to the owner.
  • No mint functions are present for $HYPERSONIC Tokens beyond deployment. The circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
  • At the time of writing this report, 100% of the total $HYPERSONIC token supply is in possession of the owner, as it has recently been deployed.

  • There is a tax fee charged on each transaction that is stored in the contract balance. The owner has the ability to allocate this tax fee to three different funds: "Burn", "Liquidity", and "Dividends". The allocation for these funds can vary from 0%-100%.
  • The portion of the tax that is allocated to the "Burn" are immediately sent to the burn address.
  • The tokens received from the portion of the tax that is allocated to the "Liquidity" are stored in the contract address and are used to fund PancakeSwap liquidity. Once a threshold value of is met, the liquidity add is initiated. The threshold to initiate the swap can be modified to a new value by the owner at any time.
  • Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The owner is the recipient of the newly created LP tokens. Our team recommends that the owner locks the LP Tokens.
  • Any remaining tokens in the contract balance are swapped for "Dividend Reward" $SSN tokens which are distributed as dividends to the token holders eligible for dividends.
  • A user must hold 200 HYPERSONIC tokens to be eligible for dividends. The owner has the ability to update this minimum amount requirement to a new value at any time.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.
  • The contract features a random buyback mechanism (when enabled by the owner) where a random percentage of the BNB that is allocated to buybacks will be used to purchase tokens from the PancakeSwap liquidity (while 'swap' is enabled by the owner) which are automatically burned.
  • The contract includes a maximum number of tokens that can be bought or sold during a given transaction. These limits can be set by the owner to a new value at any time. The default maximum “buy” is set to 5,000 tokens, while the maximum sell is set to 1,000.
  • The contract implements a "Dynamic Fee" structure to enforce higher fees on transfers to the LP (Selling) which are based on the duration a holder has owned their tokens. The breakdown of the Dynamic Fee structure is as follows:
    1. Holder selling their tokens within 1 day of holding = 70% Fee
    2. Holder selling their tokens within 2 days of holding = 60% Fee
    3. Holder selling their tokens within 3 days of holding = 50% Fee
    4. Holder selling their tokens within 5 days of holding = 25% Fee
    5. Holder selling their tokens within 7 days of holding = 20% Fee
    6. Holder selling their tokens within 28 days of holding = 18% Fee
    7. Holder selling their tokens after 28 days of holding = 0% Fee
  • Some gas optimizations can be achieved through marking functions external instead of public. There are also some variables that should be declared constant.
  • The contracts utilize the SafeMath library to prevent overflows along with following the BEP20 standard.

  • Ownership Controls:
  • The owner is able to set the total fees charged on transactions to any value at any time.
  • The owner is able to exclude designated addresses from receiving dividends.
  • The owner is able to set a limit to the number of tokens that a wallet can have at any given time. If a transfer is attempted that would put a holder above the maximum, the transaction will be reverted. This wallet limit can be set to any value at any time. The owner can also exclude addresses from being subjected to this maximum at any time.
  • The owner is able to set the percentage of the fees allocated to any fund ("Burn", "Liquidity", and "Dividends") at any time.
  • The owner is able to update the threshold for the contract’s token balance before a swap can occur at any time.
  • The owner is able to manually activate a buyback for a specified amount of BNB from the contract address.
  • The owner is able to withdraw all of the BNB from the contract balance at any time.
  • The owner is able to exclude any address from fees at any time.
  • The owner is able to set the "Reward Token" to a new address at any time.
  • The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
  • The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time; the initial value is 300,000.
  • The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).

Audit Findings Summary
  • No security threats from outside attackers were identified.
  • Ensure trust in the team as they have substantial control in the ecosystem and the LP tokens received from liquidity adds.
  • We strongly recommend the team (owner) locks the LP tokens.
  • As with any presale, ensure trust in the team prior to investing.
  • Date: September 1st, 2021

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

HYPERSONIC Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  BEP20 (Context, IBEP20)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _setupDecimals #
    - [Int] _beforeTokenTransfer #

 + [Int] IDividendPayingToken 
    - [Ext] dividendOf
    - [Ext] distributeDividends ($)
    - [Ext] withdrawDividend #

 + [Int] IDividendPayingTokenOptional 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 +  DividendPayingToken (BEP20, IDividendPayingToken, IDividendPayingTokenOptional)
    - [Pub]  #
       - modifiers: BEP20
    - [Ext]  ($)
    - [Pub] distributeDividends ($)
    - [Pub] distributeDividends #
    - [Pub] withdrawDividend #
    - [Pub] setDividendTokenAddress #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] toUint256Safe

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 +  HyperSonic (BEP20, Ownable)
    - [Pub]  #
       - modifiers: BEP20
    - [Ext]  ($)
    - [Pub] whitelistDxSale #
       - modifiers: onlyOwner
    - [Ext] setMaxBuyTransaction #
       - modifiers: onlyOwner
    - [Ext] setMaxSellTransaction #
       - modifiers: onlyOwner
    - [Ext] setSwapTokensAtAmount #
       - modifiers: onlyOwner
    - [Ext] setMaxWalletToken #
       - modifiers: onlyOwner
    - [Ext] updateMinTokenBalanceForDividends #
       - modifiers: onlyOwner
    - [Ext] prepareForPreSale #
       - modifiers: onlyOwner
    - [Ext] afterPreSale #
       - modifiers: onlyOwner
    - [Pub] setTradingIsEnabled #
       - modifiers: onlyOwner
    - [Pub] setBuyBackEnabled #
       - modifiers: onlyOwner
    - [Pub] setBuyBackRandomEnabled #
       - modifiers: onlyOwner
    - [Pub] setSwapEnable #
       - modifiers: onlyOwner
    - [Pub] triggerBuyBack #
       - modifiers: onlyOwner
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateDividendRewardFee #
       - modifiers: onlyOwner
    - [Pub] updateBurnFee #
       - modifiers: onlyOwner
    - [Pub] updateLiquidityFee #
       - modifiers: onlyOwner
    - [Pub] updateMaxSellPercentage #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeFromDividends #
       - modifiers: onlyOwner
    - [Pub] excludeFromMaxWalletToken #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] isExcludedFromMaxWalletToken
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Pub] rand
    - [Ext] getNumberOfDividendTokenHolders
    - [Int] _transfer #
    - [Pub] sellfee
    - [Prv] addLiquidity #
    - [Prv] swapTokensForBNB #
    - [Prv] swapBNBForTokens #
    - [Prv] swapBNBForDividendToken #
    - [Prv] swapAndSendDividends #
    - [Prv] swapAndSendDividendsInBNB #
    - [Prv] transferToBuyBackWallet #

 +  HypersonicDividendTracker (DividendPayingToken, Ownable)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer
    - [Pub] withdrawDividend
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateMinimumTokenBalanceForDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner