Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Hamster Coin - Smart Contract Audit Report
Summary
Hamster Coin is a token on the Binance Smart Chain that provides automatic liquidity adds and pays holders dividends in $BTCB.
We audited Hamster Coin's token contract at 0x679d5b2d94f454c950d683d159b87aa8eae37c9e on the Binance Smart Chain mainnet.Overview of the Contract:Audit Findings Summary
- The total supply of the token is set to 10 quadrillion $HAM [10,000,000,000,000,000].
- No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, there are approximately 19,000 $HAM holders.
- 63.49% of the total supply is held in Legion Network Vesting Contract where those tokens will unlock and vest to the team over a period of time.
- 12.13% of the token supply has been burned. (The burn address is excluded from dividends).
- 0.84% of the total supply is held in PancakeSwap V2 Liquidity. Out of that liquidity, 93.24% of the LP Tokens are held in a Legion Network Vesting Contract that will vest to the team at an unknown date. Another 4.44% of the LP tokens are in possession of the owner/deployer.
- There is a "Marketing Fee", "Liquidity Fee", and "BTC Rewards Fee" that is charged on all transfers (given that the transferring address is not excluded from fees). The owner has the ability to change these fees to any percentage value at any time.
- The fees that are charged on transfers are stored in the contract balance and once a threshold value of 1,000,000,000 $HAM is met, the tokens are used to fund BTCB Rewards, the 'Marketing Wallet', and Liquidity adds.
- The portion allocated toward marketing is swapped for BTCB and sent directly to the project team's "Marketing Wallet". The portion for the liquidity fee is used to automatically provide PancakeSwap liquidity, and the remaining portion is applied toward funding the BTCB dividend rewards for those who are eligible.
- Liquidity-adds are automatically conducted by selling half of the tokens collected as liquidity fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
- The LP tokens received through this process are sent to the owner. We recommend that the owner has a strategy in place to lock these LP tokens.
- A user must hold 75,000,000,000 $HAM tokens to be eligible for dividends. This is 0.00075% of the total token supply, which allows a large amount of holders to qualify (currently 3,153/19,000 at the time of writing).
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- Some gas optimizations can be achieved through marking functions external instead of public. There are also some public variables that could be declared constant. This is merely informational as the contract has already been deployed.
- The contract utilizes the SafeMath library to prevent overflows along with following the BEP20 standard.
Ownership Controls:- Ownership has not been renounced.
- The owner is able to set the fee percentages to any amount at any time.
- The owner is able to exclude addresses from fees at any time.
- The owner is able to add addresses to a blacklist which will prevent them from participating in transfers.
- The owner is able to exclude any address from dividends at any time.
- The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
- The owner is able to update the Marketing address at any time.
- The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
- The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
- No external threats were identified during our analysis.
- We recommend that the team renounces ownership.
- Please ensure trust in the team as they have substantial control in the ecosystem.
- Date: October 8th, 2021
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeMathUint
- [Int] toInt256Safe
+ [Lib] SafeMathInt
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
- [Int] abs
- [Int] toUint256Safe
+ [Int] DividendPayingTokenInterface
- [Ext] dividendOf
- [Ext] withdrawDividend #
+ [Int] DividendPayingTokenOptionalInterface
- [Ext] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Ext] accumulativeDividendOf
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
- [Pub] #
- modifiers: ERC20
- [Pub] distributeBTCDividends #
- modifiers: onlyOwner
- [Pub] withdrawDividend #
- [Int] _withdrawDividendOfUser #
- [Pub] dividendOf
- [Pub] withdrawableDividendOf
- [Pub] withdrawnDividendOf
- [Pub] accumulativeDividendOf
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _setBalance #
+ [Lib] IterableMapping
- [Pub] get
- [Pub] getIndexOfKey
- [Pub] getKeyAtIndex
- [Pub] size
- [Pub] set #
- [Pub] remove #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Hamster (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Ext] ($)
- [Pub] updateDividendTracker #
- modifiers: onlyOwner
- [Pub] updateUniswapV2Router #
- modifiers: onlyOwner
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] excludeMultipleAccountsFromFees #
- modifiers: onlyOwner
- [Ext] setMarketingWallet #
- modifiers: onlyOwner
- [Ext] setBTCRewardsFee #
- modifiers: onlyOwner
- [Ext] setLiquiditFee #
- modifiers: onlyOwner
- [Ext] setMarketingFee #
- modifiers: onlyOwner
- [Pub] setAutomatedMarketMakerPair #
- modifiers: onlyOwner
- [Ext] blacklistAddress #
- modifiers: onlyOwner
- [Prv] _setAutomatedMarketMakerPair #
- [Pub] updateGasForProcessing #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getClaimWait
- [Ext] getTotalDividendsDistributed
- [Pub] isExcludedFromFees
- [Pub] withdrawableDividendOf
- [Pub] dividendTokenBalanceOf
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] getAccountDividendsInfo
- [Ext] getAccountDividendsInfoAtIndex
- [Ext] processDividendTracker #
- [Ext] claim #
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfDividendTokenHolders
- [Int] _transfer #
- [Prv] swapAndSendToFee #
- [Prv] swapAndLiquify #
- [Prv] swapTokensForEth #
- [Prv] swapTokensForBTC #
- [Prv] addLiquidity #
- [Prv] swapAndSendDividends #
+ HAMDividendTracker (Ownable, DividendPayingToken)
- [Pub] #
- modifiers: DividendPayingToken
- [Int] _transfer #
- [Pub] withdrawDividend #
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Pub] getAccountAtIndex
- [Prv] canAutoClaim
- [Ext] setBalance #
- modifiers: onlyOwner
- [Pub] process #
- [Pub] processAccount #
- modifiers: onlyOwner