KichiCoin - Smart Contract Audit Report

Summary

 KichiCoin Audit Report KichiCoin is a new token with frictionless fee redistribution, liquidity adds, and a lottery mechanism.

We reviewed KichiCoin's token contract using code provided to us by the project team.

Features of the Contract:
  • The total supply of the token is 10 quadrillion.
  • No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to the burn address.

  • Fees are collected by the project team on each transfer and are sent to the charity wallet, the lottery wallet, and the burn address.
  • Users who hold tokens will automatically receive a portion of the fees from a transaction tax on each transfer.
  • A portion of the fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund PancakeSwap liqudity.
  • Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The LP tokens are sent to the contract address, and the owner has the ability to withdraw any tokens from the contract at any time.
  • Each user will be considered to have entered a ticket in the lottery by purchasing 100 billion KICH, although this amount can be changed by the owner.
  • There is one lottery drawing held weekly, and there must be at least 1 entrant in the lottery pool in order for the drawing to proceed.
  • Chainlink is used to get random data securely from off-chain to choose the winner of the lottery.
  • A portion of the BNB collected in the contract will be sold for LINK tokens to fund the randomness requests for the lottery.

  • The owner can exclude any address from the fee mechanism and can recover any BEP20 tokens erroneously sent to the contract.
  • The owner can also set the tax fees and variables used in the lottery to any value at any time, but can renounce ownership.
  • Some variables could have been declared constant to save some gas: linkTokenAddress, vrfCoordinatorAddress.
  • Some functions could have been declared external instead of public to save some gas: transferOwnership, decimals, symbol, name, transfer, approve, transferFrom, increaseAllowance, decreaseAllowance, getNowBlockTime, releaseUnixTimeDate, totalFees, deliverReflectTokens, reflectionFromToken, isExcludedFromReward, excludeFromReward, excludeFromFee, includeInFee, isExcludedFromFee, setPairAddress, setKeyHashForLinkVRF, setFeeForLinkVRF, getSecondsUntilNextLotto, setMaxDrawingChances, setAmountNeededForDrawingChance, setPeriodsToDisperse, setHoursInPeriodToDisperse, setLotterySystemEnabled, excludeOrIncludeFromLottery.
  • SafeMath is utilized to prevent overflow issues.
Audit Findings Summary:
  • The contracts are using Solidity v0.8.5, which is not recommended for deployment as the version is too recent to be trusted
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as they have substantial control in the ecosystem.
  • Given the high level of owner control, we recommend renouncing ownership.
  • Date: June 24th, 2021.

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IPancakeFactory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #
    - [Ext] INIT_CODE_PAIR_HASH

 + [Int] IPancakeRouter01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IPancakeRouter02 (IPancakeRouter01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Lib] SafeBEP20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 + [Int] LinkTokenInterface 
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] balanceOf
    - [Ext] decimals
    - [Ext] decreaseApproval #
    - [Ext] increaseApproval #
    - [Ext] name
    - [Ext] symbol
    - [Ext] totalSupply
    - [Ext] transfer #
    - [Ext] transferAndCall #
    - [Ext] transferFrom #

 +  VRFRequestIDBase 
    - [Int] makeVRFInputSeed
    - [Int] makeRequestId

 +  VRFConsumerBase (VRFRequestIDBase)
    - [Int] fulfillRandomness #
    - [Int] requestRandomness #
    - [Pub]  #
    - [Ext] rawFulfillRandomness #

 +  KICHI (Context, IBEP20, VRFConsumerBase)
    - [Pub]  #
       - modifiers: VRFConsumerBase
    - [Pub] owner
    - [Ext] getOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] decimals
    - [Pub] symbol
    - [Pub] name
    - [Ext] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Ext] allowance
    - [Prv] approveInternal #
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] totalFees
    - [Pub] deliverReflectTokens #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] isExcludedFromReward
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Prv] excludeBurnAddrFromReward #
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Prv] includeBurnAddrInReward #
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Pub] isExcludedFromFee
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Ext] setCharityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setBurnFeePercent #
       - modifiers: onlyOwner
    - [Ext] setLotteryFeePercent #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Prv] takeReflectFee #
    - [Prv] getReflectRate
    - [Prv] getCurrentSupplyTotals
    - [Prv] takeLiquidityFee #
    - [Prv] takeCharityFee #
    - [Prv] takeBurnFee #
    - [Prv] takeLotteryFee #
    - [Prv] transferInternal #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Prv] getTaxValues
    - [Prv] getReflectionValues
    - [Prv] getTaxAndReflectionValues
    - [Prv] transferTokens #
    - [Pub] getNowBlockTime
    - [Prv] payableTeamWalletAddr
    - [Ext] withdrawBNBSentToContractAddress #
       - modifiers: onlyOwner
    - [Ext] withdrawBEP20SentToContractAddress #
       - modifiers: onlyOwner
    - [Ext] rescueAllContractToken #
       - modifiers: onlyOwner
    - [Ext] rescueAmountContractToken #
       - modifiers: onlyOwner
    - [Pub] releaseUnixTimeDate
    - [Ext] setRouterAddress #
       - modifiers: onlyOwner
    - [Pub] setPairAddress #
       - modifiers: onlyOwner
    - [Pub] setKeyHashForLinkVRF #
       - modifiers: onlyOwner
    - [Pub] setFeeForLinkVRF #
       - modifiers: onlyOwner
    - [Prv] weeklyLottery #
    - [Ext] weeklyLotteryManual #
       - modifiers: onlyOwner
    - [Prv] lotteryDisperseFromDrawingWallet #
    - [Ext] lotteryDisperseFromDrawingWalletManual #
       - modifiers: onlyOwner
    - [Prv] getRandomNumber #
    - [Int] fulfillRandomness #
    - [Pub] getSecondsUntilNextLotto
    - [Prv] transferTokensForLotteryToDrawingOrWinner #
    - [Pub] setMaxDrawingChances #
       - modifiers: onlyOwner
    - [Pub] setAmountNeededForDrawingChance #
       - modifiers: onlyOwner
    - [Pub] setPeriodsToDisperse #
       - modifiers: onlyOwner
    - [Pub] setHoursInPeriodToDisperse #
       - modifiers: onlyOwner
    - [Pub] setLotterySystemEnabled #
       - modifiers: onlyOwner
    - [Ext] setNumberOfTokensToSwapAndLiquify #
       - modifiers: onlyOwner
    - [Pub] excludeOrIncludeFromLottery #
       - modifiers: onlyOwner
    - [Prv] checkForLotteryParticipationOrRemoval #
    - [Prv] removeIndexFromLotteryArray #
    - [Ext] removeIndexFromLotteryArrayOwnerOnly #
       - modifiers: onlyOwner
    - [Prv] removeAddrFromLottoPoolCompletely #
    - [Prv] cleanUpLotteryArray #
    - [Ext]  ($)