Hedge - Smart Contract Audit Report

Summary

Hedge Audit Report Hedge ($HEDGE) is a new community-driven token that provides automatic liquidity adds and pays holders dividends in a dynamic BSC dividend token, at the dividends can be changed by the team.

The Hedge contract is deployed at 0xE7784072FC769D8b7f8C0a3Fa008722eEF5dDDD5 on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to 1 billion [1,000,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.

  • There is a "liquidity Fee", and "Dividends Rewards Fee" on all transfers when interacting with Pancakeswap (given that the transferring address is not excluded from fees).
  • The fees charged on transactions are stored in the contract and once a threshold value of 2,000,000 tokens (0.2% of the total supply) is met, the tokens are swapped for $BTCB and Liquidity adds.
  • In the current fee allocation, 4% is used to automatically provide liquidity and 8% is applied toward funding the $BTCB dividend rewards for those who are eligible.
  • Liquidity-adds are automatically done by selling half of the tokens collected as liquidity fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
  • The LP tokens received through this process are sent to the the "Liquidity Wallet" which is set by the team. The stability of the liquidity pool can be at risk if these LP tokens are not locked.

  • A user must hold 20,000 tokens to be eligible for dividends. This is 0.002% of the total token supply.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • The contract features a maximum transaction amount, which imposes a limit to the number of tokens that can be transferred when buying from or selling to Pancakeswap. When buying from Pancakeswap, the maximum transaction amount is 10,000,000 tokens (1% of the total supply). When selling to Pancakeswap, the maximum transaction amount is 5,000,000 tokens (0.5%) of the total supply.
  • The contract also features a maximum wallet amount which ensures that a user's token balance does not exceed 50,000,000 tokens (5% of the total supply) after a buying transaction.
  • Some gas optimizations can be achieved through marking functions external instead of public. There are also some public variables that could be declared constant.
  • The contract utilizes the SafeMath library to prevent overflows along with following the BEP20 standard.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner can set the liquidity fee and Dividends Rewards fee to any percentages at any time.
  • The owner can update the dividends rewards token to any token address at any time.
  • The owner can update the Liquidity wallet to any address at any time.
  • The owner can exclude any address from fees at any time.
  • The owner can exclude any address from dividends at any time.
  • The owner can add any address to a blacklist which will prevent them from participating in transfers.
  • If a user has pending withdrawable dividends, the owner can manually send those dividends to the user at any time.
  • The owner can update the Dividend Tracker and PancakeswapV2Router contract addresses at any time.
  • The owner can update the Automated Market Maker Pair at any time.
  • The owner can update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
  • The owner can update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
  • The owner can whitelist any address (for presale purposes) which would exclude an account from fees and dividends, allow an account to trade even when trading is disabled, and exempt an account from maximum transaction/maximum wallet limits.

Audit Findings Summary
  • No security threats were identified.
  • Please ensure trust in the team as they have substantial control in the ecosystem.
  • As with any presale, ensure trust in the team prior to investing.
  • Date: October 26th, 2021
  • Updated: November 1st, 2021 to reflect the mainnet deployment.

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] withdrawDividend #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] accumulativeDividendOfToken
    - [Pub] withdrawableDividendOfToken
    - [Int] _withdrawOldDividendOfUser #
    - [Pub] distributeREWARDDividends #
       - modifiers: onlyOwner
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  HEDGE (ERC20, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Ext] whitelistPresaleAddress #
       - modifiers: onlyOwner
    - [Ext] changeDividend #
       - modifiers: onlyOwner
    - [Pub] withdrawOldDividends #
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] updateLiquidityWallet #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] setTradingIsEnabled #
       - modifiers: onlyOwner
    - [Pub] updateCanJumpLimitOnWallet #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Ext] setDIVIDENDRewardsFee #
       - modifiers: onlyOwner
    - [Ext] setLiquiditFee #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Ext] blacklistAddress #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders
    - [Pub] multitransfer #
    - [Int] _transfer #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] swapTokensForDIVIDEND #
    - [Prv] addLiquidity #
    - [Prv] swapAndSendDividends #
    - [Pub] burnTokens #
       - modifiers: onlyOwner

 +  HEDGEDividendTracker (Ownable, DividendPayingToken)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer #
    - [Pub] withdrawDividend #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] changeDividend #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner
    - [Pub] withdrawOldDividends #
       - modifiers: onlyOwner