Vulnerability Category Notes Result Arbitrary Storage Write N/A PASS Arbitrary Jump N/A PASS Delegate Call to Untrusted Contract N/A PASS Dependence on Predictable Variables N/A PASS Deprecated Opcodes N/A PASS Ether Thief N/A PASS Exceptions N/A PASS External Calls N/A PASS Integer Over/Underflow N/A PASS Multiple Sends N/A PASS Suicide N/A PASS State Change External Calls N/A Pass Unchecked Retval N/A PASS User Supplied Assertion N/A PASS Critical Solidity Compiler N/A PASS Overall Contract Safety PASS
KichiCoin - Smart Contract Audit Report
Summary
KichiCoin is a new token with frictionless fee redistribution, liquidity adds, and a lottery mechanism.
We reviewed KichiCoin's token contract using code provided to us by the project team.
Features of the Contract:Audit Findings Summary:
- The total supply of the token is 10 quadrillion.
- No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to the burn address.
- Fees are collected by the project team on each transfer and are sent to the charity wallet, the lottery wallet, and the burn address.
- Users who hold tokens will automatically receive a portion of the fees from a transaction tax on each transfer.
- A portion of the fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund PancakeSwap liqudity.
- Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The LP tokens are sent to the contract address, and the owner has the ability to withdraw any tokens from the contract at any time.
- Each user will be considered to have entered a ticket in the lottery by purchasing 100 billion KICH, although this amount can be changed by the owner.
- There is one lottery drawing held weekly, and there must be at least 1 entrant in the lottery pool in order for the drawing to proceed.
- Chainlink is used to get random data securely from off-chain to choose the winner of the lottery.
- A portion of the BNB collected in the contract will be sold for LINK tokens to fund the randomness requests for the lottery.
- The owner can exclude any address from the fee mechanism and can recover any BEP20 tokens erroneously sent to the contract.
- The owner can also set the tax fees and variables used in the lottery to any value at any time, but can renounce ownership.
- Some variables could have been declared constant to save some gas: linkTokenAddress, vrfCoordinatorAddress.
- Some functions could have been declared external instead of public to save some gas: transferOwnership, decimals, symbol, name, transfer, approve, transferFrom, increaseAllowance, decreaseAllowance, getNowBlockTime, releaseUnixTimeDate, totalFees, deliverReflectTokens, reflectionFromToken, isExcludedFromReward, excludeFromReward, excludeFromFee, includeInFee, isExcludedFromFee, setPairAddress, setKeyHashForLinkVRF, setFeeForLinkVRF, getSecondsUntilNextLotto, setMaxDrawingChances, setAmountNeededForDrawingChance, setPeriodsToDisperse, setHoursInPeriodToDisperse, setLotterySystemEnabled, excludeOrIncludeFromLottery.
- SafeMath is utilized to prevent overflow issues.
- The contracts are using Solidity v0.8.5, which is not recommended for deployment as the version is too recent to be trusted
- No security issues from outside attackers were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Given the high level of owner control, we recommend renouncing ownership.
- Date: June 24th, 2021.
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IPancakeFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
- [Ext] INIT_CODE_PAIR_HASH
+ [Int] IPancakeRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IPancakeRouter02 (IPancakeRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] SafeBEP20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ [Int] LinkTokenInterface
- [Ext] allowance
- [Ext] approve #
- [Ext] balanceOf
- [Ext] decimals
- [Ext] decreaseApproval #
- [Ext] increaseApproval #
- [Ext] name
- [Ext] symbol
- [Ext] totalSupply
- [Ext] transfer #
- [Ext] transferAndCall #
- [Ext] transferFrom #
+ VRFRequestIDBase
- [Int] makeVRFInputSeed
- [Int] makeRequestId
+ VRFConsumerBase (VRFRequestIDBase)
- [Int] fulfillRandomness #
- [Int] requestRandomness #
- [Pub] #
- [Ext] rawFulfillRandomness #
+ KICHI (Context, IBEP20, VRFConsumerBase)
- [Pub] #
- modifiers: VRFConsumerBase
- [Pub] owner
- [Ext] getOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] decimals
- [Pub] symbol
- [Pub] name
- [Ext] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Ext] allowance
- [Prv] approveInternal #
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] totalFees
- [Pub] deliverReflectTokens #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Pub] isExcludedFromReward
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Prv] excludeBurnAddrFromReward #
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] includeBurnAddrInReward #
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Pub] isExcludedFromFee
- [Ext] setTaxFeePercent #
- modifiers: onlyOwner
- [Ext] setCharityFeePercent #
- modifiers: onlyOwner
- [Ext] setBurnFeePercent #
- modifiers: onlyOwner
- [Ext] setLotteryFeePercent #
- modifiers: onlyOwner
- [Ext] setLiquidityFeePercent #
- modifiers: onlyOwner
- [Ext] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Prv] takeReflectFee #
- [Prv] getReflectRate
- [Prv] getCurrentSupplyTotals
- [Prv] takeLiquidityFee #
- [Prv] takeCharityFee #
- [Prv] takeBurnFee #
- [Prv] takeLotteryFee #
- [Prv] transferInternal #
- [Prv] swapAndLiquify #
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Prv] getTaxValues
- [Prv] getReflectionValues
- [Prv] getTaxAndReflectionValues
- [Prv] transferTokens #
- [Pub] getNowBlockTime
- [Prv] payableTeamWalletAddr
- [Ext] withdrawBNBSentToContractAddress #
- modifiers: onlyOwner
- [Ext] withdrawBEP20SentToContractAddress #
- modifiers: onlyOwner
- [Ext] rescueAllContractToken #
- modifiers: onlyOwner
- [Ext] rescueAmountContractToken #
- modifiers: onlyOwner
- [Pub] releaseUnixTimeDate
- [Ext] setRouterAddress #
- modifiers: onlyOwner
- [Pub] setPairAddress #
- modifiers: onlyOwner
- [Pub] setKeyHashForLinkVRF #
- modifiers: onlyOwner
- [Pub] setFeeForLinkVRF #
- modifiers: onlyOwner
- [Prv] weeklyLottery #
- [Ext] weeklyLotteryManual #
- modifiers: onlyOwner
- [Prv] lotteryDisperseFromDrawingWallet #
- [Ext] lotteryDisperseFromDrawingWalletManual #
- modifiers: onlyOwner
- [Prv] getRandomNumber #
- [Int] fulfillRandomness #
- [Pub] getSecondsUntilNextLotto
- [Prv] transferTokensForLotteryToDrawingOrWinner #
- [Pub] setMaxDrawingChances #
- modifiers: onlyOwner
- [Pub] setAmountNeededForDrawingChance #
- modifiers: onlyOwner
- [Pub] setPeriodsToDisperse #
- modifiers: onlyOwner
- [Pub] setHoursInPeriodToDisperse #
- modifiers: onlyOwner
- [Pub] setLotterySystemEnabled #
- modifiers: onlyOwner
- [Ext] setNumberOfTokensToSwapAndLiquify #
- modifiers: onlyOwner
- [Pub] excludeOrIncludeFromLottery #
- modifiers: onlyOwner
- [Prv] checkForLotteryParticipationOrRemoval #
- [Prv] removeIndexFromLotteryArray #
- [Ext] removeIndexFromLotteryArrayOwnerOnly #
- modifiers: onlyOwner
- [Prv] removeAddrFromLottoPoolCompletely #
- [Prv] cleanUpLotteryArray #
- [Ext] ($)