METAP - Smart Contract Audit Report

Audit Summary

METAP Audit Report METAP ($METAP) is a new BEP-20 token that is an automatic liquidity providing protocol that pays out static rewards to holders.

We reviewed the METAPToken contract at commit e0c11d2935fea81e9e6d8e93e82794d6e94b1cfa on the team's Github repository.

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: January 18th, 2022.
METAPToken.sol - Finding #1 - Low
Description: There are three instances within the swapAndLiquify() function of multiplication occurring on the result of a division.
			
if (_burnFee != 0) {
spentAmount = contractTokenBalance.div(totFee).mul(_burnFee);
_tokenTransferNoFee(address(this), dead, spentAmount);
totSpentAmount = spentAmount;
}

if (_walletFee != 0) {
spentAmount = contractTokenBalance.div(totFee).mul(_walletFee);
_tokenTransferNoFee(address(this), feeWallet, spentAmount);
totSpentAmount = totSpentAmount + spentAmount;
}

if (_buybackFee != 0) {
spentAmount = contractTokenBalance.div(totFee).mul(_buybackFee);
swapTokensForBNB(spentAmount);
totSpentAmount = totSpentAmount + spentAmount;
}
Risk/Impact: Division can lead to integer truncation, therefore dividing and subsequently multiplying can cause results to lose precision, thus becoming less accurate.
Recommendation: We recommend performing all multiplication before division wherever possible.

Contract Overview

The total supply of the token is set to 100 million $METAP [100,000,000].
No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
There was no token allocation for our team to analyze as the contract has yet to be deployed to the mainnet.

There is a Tax fee, Liquidity fee, Burn fee, Wallet fee, and Buyback fee on all transfers where neither the sender nor the recipient is excluded from fees.
The tokens collected from the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
The tokens collected from the Liquidity fee during transfers are stored in the contract address balance. Once the threshold number of 100,000 tokens is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
The recipient of the newly created LP tokens is the 0x..dead address.
The tokens collected from the Burn fee are sent to the 0x..dead address.
The tokens collected from the Wallet fee are sent to the team's Fee wallet.
The tokens collected from the buyback fee are swapped for BNB and sent to the contract address.
On each transfer that occurs while the minimum threshold (determined by the owner) is met, the protocol will spend 50% of its BNB balance toward buying $METAP tokens that are subsequently be burned.
The contract features an anti-sniper mechanism to identify addresses that are buying instantly after launch. The address attempting the transfer will be added to a blacklist.
Although the SafeMath library is utilized, the contract is implemented with Solidity v0.8.4 which has built-in overflow checks. SafeMath could be safely removed to reduce contract size and deployment costs.
Some gas optimizations can be achieved through declaring functions external instead of public, and state variables constant.
Ownership Controls:
The owner can modify the Tax fee, Liquidity fee, Burn fee, Wallet fee, and Buyback fee to any percentages up to 10% at any time.
The owner can exclude and include accounts from transfer fees and reward distribution.
The owner can enable/disable automatic liquidity adds at any time.
The owner can pause all buying transactions from Pancakeswap at any time.
The owner can manually add/remove accounts from the anti-sniper blacklist at any time.
The owner can update the team's Fee wallet to any address at any time.
The owner can withdraw any BEP-20 tokens (except for the $METAP token) from the contract address at any time.

External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Centralization of Control	The owner can set each fee up to 10%.	WARNING
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Function Graph

BEP20 Token Graph

Inheritance Chart

Multi-file Token

Functions Overview

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  ERC20Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Int] IERC20 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Lib] SafeERC20 
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeApprove #
    - [Int] safeIncreaseAllowance #
    - [Int] safeDecreaseAllowance #
    - [Prv] _callOptionalReturn #

 +  METAPToken (IERC20, ERC20Ownable)
    - [Pub]  #
    - [Ext] openTrading #
       - modifiers: onlyOwner
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setAllFeePercent #
       - modifiers: onlyOwner
    - [Pub] buyBackUpperLimitAmount
    - [Ext] setBuybackUpperLimit #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext] setFeeWallet #
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] buyBackTokens #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForBNB #
    - [Prv] swapBNBForTokens #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _tokenTransferNoFee #
    - [Pub] recoverToken #
       - modifiers: onlyOwner
    - [Pub] isRemovedMonster
    - [Ext] _removeMonster #
       - modifiers: onlyOwner
    - [Ext] _amnestyMonster #
       - modifiers: onlyOwner

Go Home