Lottery Token - Audit Report

Summary

 Lottery Audit Report The Lottery Token is a new token where users have a chance of winning a large number of tokens by holding the token.

We reviewed Lottery Token's contract using code provided to us by the team. The team intends to keep the code closed-source. We have attempted to verify the bytecode match, however, as the last few lines cannot be replicated to match. This is likely due to slight compiler differences.

Features of the Contract:
  • The total supply of the token is 1.25 million.
  • No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to 0x...dead.
  • The lottery logic is ran on every transfer of the token.
  • With every transaction of the token the contract will select a wallet anywhere from 1 to 9 positions from the current position. Once the tokens collected in the contract reaches 0.1% of the total supply, the currently selected wallet shall win those tokens and have them automatically deposited into their wallet.
  • This process will eventaully increment through all the holders, then loop around to the beginning, skipping the owner and burn address.
  • The lottery winner will receive all of the tokens held in the pool.
  • 2% of the of the 6% fee charged on token transfers is redistributed to existing token holders instantly, 2% will be allocated to the lottery, and and the other 2% is burned from the total supply.
  • Due to the logic behind these burns, a user transfering tokens will result in all users having slightly less tokens after the burn.
  • The owner can exclude any address from the fee mechanism and the lottery.
  • The team can set the minimum number of tokens to participate in the lottery, though the highest this number can be is 0.1% of the total supply.
  • Utilization of SafeMath to prevent overflows.

Audit Findings Summary:
  • The lottery function, to an extent, relies on predictable environment variables. This is common, albiet not best practice, but the probability of miners maliciously changing these variables is extremley low.
  • Ensure trust in the team as they have notable control in the ecosystem.
  • Date: April 15th, 2021.

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables Decisions are made based on the block.timestamp environment variable which can
be manipulated by a malicious miner. This is extremley unlikely to occur.
Warning
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
Integer Over/Underflow N/A PASS
Multiple Sends N/A PASS
Suicide N/A PASS
State Change External Calls N/A Pass
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS

Smart Contract Graph

Contract Inheritance


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public
 
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  LotteryToken (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] minimumHolding
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] setRequiredMinimum #
       - modifiers: onlyOwner
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] calculateTaxFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Int] _checkEligibility #
    - [Prv] _moveLotteryPointer #
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #