Multi-Chain Capital Token - Audit Report

Summary

MultiChainCapitalToken Audit Report Multi-Chain Capital is building an ERC-20 token that pays out static rewards to holders in a frictionless manner.

For this audit, we reviewed the project team's token contract at commit 22847c4bbe8078a1cc4f0e6693ff2ef6eb622e4c on the team's Github repository.

Notes on the Contracts:
  • The total supply of the token is set to 4.2069 trillion $MCC.
  • No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to the 0x..dead address.
  • Initially, 100% of the total supply is held by the owner.

  • There is a tax fee and a team fee on all buy and sell trades with Uniswap or any other approved DEX where neither the sender nor the recipient are excluded from fees; initially, these fees are each set to 5% of the transaction amount.
  • In the event that the transaction is a sell trade, each fee percentage is multiplied by a sell tax muliplier value determined by the team; initially, this value is set to 1x.
  • The tokens collected through the tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected through the team fee are stored in the contract and are intended for farming rewards; Once a threshold value of 5,000 $MCC tokens is met, an amount of tokens (up to the max transaction amount set by the team) is swapped for ETH and transferred to two wallets controlled by the team.
  • There is a maximum transaction amount, but as the minimum value it can be set to is far above the total supply, this is essentially dead code. Logic related to the maximum transaction amount can be removed for increased gas savings.

  • The owner can airdrop any amount of tokens to any address at any time. A for loop is used to transfer funds for the airdrop; The team must ensure the maximum number of addresses that can be involved in a single airdrop is no more than 350 to prevent this loop from hitting the block gas limit.
  • The owner can manually swap the $MCC tokens in the contract for ETH at any time.
  • The owner can transfer any ETH in the contract to the team's wallet addresses at any time.
  • The owner can set the tax fee and team fee to any value up to 5% each at any time.
  • The owner can set the sell tax multiplier to any value up to 3x at any time.
  • The owner can add or remove any address as an approved DEX pair at any time. The team can add any user's address to this list and the sell tax multiplier will be applied on every transaction where the user is the recipient.
  • The owner can also exclude anyone from rewards or fees, toggle the automatic swap functionality within the transfer function, and set the maximum transaction amount, but can renounce ownership.

  • Some state variables could have been delcared constant and some functions could have been declared external for extra gas savings.
  • Although the SafeMath library is utilized, the contract is deployed with Solidity v0.8.4 which has built-in overflow checks. SafeMath can be safely removed to reduce contract size and increase gas savings.
  • The contract complies with the ERC20 standard.

Audit Findings Summary:
  • No security issues from outside attackers were identified.
  • As with any presale, ensure trust in the team prior to investing.
  • Further, ensure trust in the team as they have notable control in the ecosystem and can set buy fees up to 50% and sell fees up to 100%.
  • Date: December 7th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The owner can set sell fees up to 30%.
  • The owner can target specific accounts for increased tax rates.
  • PASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unbounded LoopsThe loop in the airdrop function may lead to failure if the addresses exceed 350.PASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    ERC20 Token Graph

    Contract Inheritance

    
     ($) = payable function
     # = non-constant function
     
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] SafeMath 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _transferOwnership #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Int] verifyCallResult
    
     + [Int] IUniswapV2Factory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Int] IUniswapV2Pair 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
        - [Ext] MINIMUM_LIQUIDITY
        - [Ext] factory
        - [Ext] token0
        - [Ext] token1
        - [Ext] getReserves
        - [Ext] price0CumulativeLast
        - [Ext] price1CumulativeLast
        - [Ext] kLast
        - [Ext] mint #
        - [Ext] burn #
        - [Ext] swap #
        - [Ext] skim #
        - [Ext] sync #
        - [Ext] initialize #
    
     + [Int] IUniswapV2Router01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
    
     + [Int] IUniswapV2Router02 (IUniswapV2Router01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     +  MultiChainCapital (Context, IERC20, Ownable)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Pub] isExcluded
        - [Ext] setExcludeFromFee #
           - modifiers: onlyOwner
        - [Pub] totalFees
        - [Pub] deliver #
        - [Pub] reflectionFromToken
        - [Pub] tokenFromReflection
        - [Ext] excludeAccount #
           - modifiers: onlyOwner
        - [Ext] includeAccount #
           - modifiers: onlyOwner
        - [Prv] removeAllFee #
        - [Prv] restoreAllFee #
        - [Pub] isExcludedFromFee
        - [Prv] _approve #
        - [Prv] _transfer #
        - [Prv] swapTokensForEth #
           - modifiers: lockTheSwap
        - [Prv] sendETHToTeam #
        - [Ext] manualSwap #
           - modifiers: onlyOwner
        - [Ext] manualSend #
           - modifiers: onlyOwner
        - [Ext] setSwapEnabled #
           - modifiers: onlyOwner
        - [Prv] _tokenTransfer #
        - [Prv] _transferStandard #
        - [Prv] _transferToExcluded #
        - [Prv] _transferFromExcluded #
        - [Prv] _transferBothExcluded #
        - [Prv] _takeTeam #
        - [Prv] _reflectFee #
        - [Ext]  ($)
        - [Prv] _getValues
        - [Prv] _getTValues
        - [Prv] _getRValues
        - [Prv] _getRate
        - [Prv] _getCurrentSupply
        - [Prv] _getTaxFee
        - [Prv] _getMaxTxAmount
        - [Prv] _isSelling
        - [Pub] _getETHBalance
        - [Ext] _setTaxFee #
           - modifiers: onlyOwner
        - [Ext] _setTeamFee #
           - modifiers: onlyOwner
        - [Ext] _setSellTaxMultiplier #
           - modifiers: onlyOwner
        - [Ext] _setMCCWallet #
           - modifiers: onlyOwner
        - [Ext] _setMaxTxAmount #
           - modifiers: onlyOwner
        - [Ext] isUniswapPair
        - [Ext] addUniswapPair #
           - modifiers: onlyOwner
        - [Ext] removeUniswapPair #
           - modifiers: onlyOwner
        - [Ext] Airdrop #
           - modifiers: onlyOwner