Hamster Coin - Smart Contract Audit Report

Summary

Hamster Coin Audit Report Hamster Coin is a token on the Binance Smart Chain that provides automatic liquidity adds and pays holders dividends in $BTCB.

We audited Hamster Coin's token contract at 0x679d5b2d94f454c950d683d159b87aa8eae37c9e on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to 10 quadrillion $HAM [10,000,000,000,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, there are approximately 19,000 $HAM holders.
  • 63.49% of the total supply is held in Legion Network Vesting Contract where those tokens will unlock and vest to the team over a period of time.
  • 12.13% of the token supply has been burned. (The burn address is excluded from dividends).
  • 0.84% of the total supply is held in PancakeSwap V2 Liquidity. Out of that liquidity, 93.24% of the LP Tokens are held in a Legion Network Vesting Contract that will vest to the team at an unknown date. Another 4.44% of the LP tokens are in possession of the owner/deployer.

  • There is a "Marketing Fee", "Liquidity Fee", and "BTC Rewards Fee" that is charged on all transfers (given that the transferring address is not excluded from fees). The owner has the ability to change these fees to any percentage value at any time.
  • The fees that are charged on transfers are stored in the contract balance and once a threshold value of 1,000,000,000 $HAM is met, the tokens are used to fund BTCB Rewards, the 'Marketing Wallet', and Liquidity adds.
  • The portion allocated toward marketing is swapped for BTCB and sent directly to the project team's "Marketing Wallet". The portion for the liquidity fee is used to automatically provide PancakeSwap liquidity, and the remaining portion is applied toward funding the BTCB dividend rewards for those who are eligible.
  • Liquidity-adds are automatically conducted by selling half of the tokens collected as liquidity fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
  • The LP tokens received through this process are sent to the owner. We recommend that the owner has a strategy in place to lock these LP tokens.

  • A user must hold 75,000,000,000 $HAM tokens to be eligible for dividends. This is 0.00075% of the total token supply, which allows a large amount of holders to qualify (currently 3,153/19,000 at the time of writing).
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • Some gas optimizations can be achieved through marking functions external instead of public. There are also some public variables that could be declared constant. This is merely informational as the contract has already been deployed.
  • The contract utilizes the SafeMath library to prevent overflows along with following the BEP20 standard.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner is able to set the fee percentages to any amount at any time.
  • The owner is able to exclude addresses from fees at any time.
  • The owner is able to add addresses to a blacklist which will prevent them from participating in transfers.
  • The owner is able to exclude any address from dividends at any time.
  • The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
  • The owner is able to update the Marketing address at any time.
  • The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
  • The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).

Audit Findings Summary
  • No external threats were identified during our analysis.
  • We recommend that the team renounces ownership.
  • Please ensure trust in the team as they have substantial control in the ecosystem.
  • Date: October 8th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] withdrawDividend #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] distributeBTCDividends #
       - modifiers: onlyOwner
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  Hamster (ERC20, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Ext] setMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] setBTCRewardsFee #
       - modifiers: onlyOwner
    - [Ext] setLiquiditFee #
       - modifiers: onlyOwner
    - [Ext] setMarketingFee #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Ext] blacklistAddress #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders
    - [Int] _transfer #
    - [Prv] swapAndSendToFee #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] swapTokensForBTC #
    - [Prv] addLiquidity #
    - [Prv] swapAndSendDividends #

 +  HAMDividendTracker (Ownable, DividendPayingToken)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer #
    - [Pub] withdrawDividend #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner