Ku2u - Smart Contract Audit Report

Summary

Ku2u Audit Report Ku2u ($Ku2u) is a new community-driven Defi token on the KuCoin Community Chain that is an automatic liquidity providing protocol that pays out static rewards to holders as well as KCS rewards.

For this audit report, we reviewed the Ku2u team's token contract that was provided to us via a .txt file.

Notes on the Contract:
  • The total supply of the token is set to approximately twenty billion $Ku2u [20,096,618,357].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • As we audited the smart contract's code that is not deployed to the mainnet, we do not have context on the intended distribution of the total supply or holder information.
  • There is a 'Tax Fee' and a 'Liquidity Fee' on all transactions for any "non-excluded" address that participates in a transfer. The owner has the ability to modify the these fees to any percentage at any time.
  • After the contract has been deployed, the owner can call the "Activate Contract" function, which will enable the functionality for KCS reward claiming once a day for holders of $Ku2u; as well as enabling the swap and liquify functionality.
  • There is a marketing wallet that receives 20% of the KCS rewards every time rewards are distributed to a holders who call the claim KCS rewards function. The owner has the ability to update and change the marketing wallet address at any time.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the "tax fee" are removed from the circulating supply.
  • The liquidity fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund KoffeeSwap liquidity.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after a certain threshold as determined by the owner is met), then pairing the received KCS with the token, and adding it as liquidity to the KCS pair. This functionality can be enabled/disabled by the owner.
  • The recipient of the newly created LP tokens is the Owner of the contract.
  • The KCS rewards are funded by the leftover KCS that was not utilized during the 'swap and liquify' liquidity adds.

  • At any time, the owner has the ability to transfer the entire balance of the contract's $Ku2u Tokens and KCS to another address.
  • The owner of the contract can exclude and include accounts from fees and reward distribution.
  • The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction. The owner can also include and exclude accounts from this transaction limit.
  • This maximum transaction amount does not apply to the owner during transactions where the owner is either the sender or the recipient.
  • The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function. Ownership can additionally be restored (even if ownership was previously renounced), by using the unlock function a second time.
  • The contract utilizes SafeMath libraries along with following the BEP20 standard.
  • As the project is implemented with solidity version ^0.8.0, it is protected from overflows.
Audit Findings Summary
  • No external threats were identified.
  • As with any token, please ensure trust in the team prior to investing.
  • Date: July 14th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 + [Int] IKRC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] geUnlockTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IPancakeFactory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IPancakePair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IPancakeRouter01 
    - [Ext] factory
    - [Ext] WKCS
    - [Ext] addLiquidity #
    - [Ext] addLiquidityKCS ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityKCS #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityKCSWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactKCSForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForKCS #
    - [Ext] swapKCSForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IPancakeRouter02 (IPancakeRouter01)
    - [Ext] removeLiquidityKCSSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityKCSWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactKCSForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForKCSSupportingFeeOnTransferTokens #

 + [Lib] Utils 
    - [Prv] random
    - [Pub] calculateKCSReward
    - [Pub] calculateTopUpClaim #
    - [Pub] swapTokensForEth #
    - [Pub] swapKCSForTokens #
    - [Pub] addLiquidity #

 +  ReentrancyGuard 
    - [Pub]  #

 +  Ku2u (Context, IKRC20, Ownable, ReentrancyGuard)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Prv] _transferBothExcluded #
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Pub] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Pub] setExcludeFromMaxTx #
       - modifiers: onlyOwner
    - [Pub] calculateBNBReward
    - [Pub] getRewardCycleBlock
    - [Pub] claimBNBReward #
       - modifiers: isHuman,nonReentrant
    - [Prv] topUpClaimCycleAfterTransfer #
    - [Prv] ensureMaxTxAmount #
    - [Pub] disruptiveTransfer ($)
    - [Prv] swapAndLiquify #
    - [Pub] activateContract #
       - modifiers: onlyOwner
    - [Pub] changerewardCycleBlock #
       - modifiers: onlyOwner
    - [Pub] changeMarketingAddress #
       - modifiers: onlyOwner
    - [Pub] reflectionfeestartstop #
       - modifiers: onlyOwner
    - [Pub] migrateToken #
       - modifiers: onlyOwner
    - [Pub] migrateBnb #
       - modifiers: onlyOwner
    - [Pub] changethreshHoldTopUpRate #
       - modifiers: onlyOwner