MetaSwap Gas - Audit Report
Summary
MetaSwap Gas ($MGAS) is a new upgradeable ERC20 token on the Polygon Network.We reviewed the MGAS proxy contract that is deployed at 0x96551a7873D3528B6C87f0B7456BC35ed2589FBD and the implemenatation contract that is deployed at 0x289426aEAaFE2aBA922bdB1C33A1933A03948f86 on the Polygon Mainnet.
Notes on the Contracts:
MGas Implementation Contract:MGAS Proxy Contract:
- The total supply of the token is set to 100 billion $MGAS [100,000,000,000].
- At the time of writing this report, 88.48% of the total supply belongs to an unverified contract.
- The next holder is in possession of 6.52% of the total supply.
- The remaining 5% of the total supply belongs to the deployer.
- The security of the implementation contract cannot be confirmed by our team as the contract is currently unverified.
- The implementation contract address and a Customer address were both set upon deployment.
- The assigned Customer address can call the Approve() function to swap out the implementation contract for another contract at any time.
- The Customer role cannot be renounced or transferred to any other address.
- Any address other than the Customer address can call the Approve() function to delegate calls to the implementation contract.
Audit Findings Summary
- No external threats were identified.
- The implementation contract is currently unverified. As a result, our team cannot confirm its security.
- Please ensure trust in the team prior to investing as the assigned Customer address can upgrade the implementation contract's code at any time.
- Date: December 13th, 2021
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Centralization of Control | FAIL | |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | FAIL |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Initializable
- [Prv] isConstructor
+ Context (Initializable)
- [Int] __Context_init #
- modifiers: initializer
- [Int] __Context_init_unchained #
- modifiers: initializer
- [Int] _msgSender
- [Int] _msgData
+ Market
- [Ext] ($)
- [Ext] ($)
- [Int] _nft
- [Int] _act #
- [Int] _gonadeal #
- [Int] _deal #
+ NFTMarket (Market)
- [Pub] ($)
- [Int] _nft
- [Int] _approval #
- [Int] _setBusiness #
+ MGAS (NFTMarket)
- [Pub] ($)
- modifiers: NFTMarket
- [Ext] Approve #
- modifiers: isCustomer
- [Int] _customer
- [Int] _gonadeal #
+ Ownable (Initializable, Context)
- [Int] __Ownable_init #
- modifiers: initializer
- [Int] __Ownable_init_unchained #
- modifiers: initializer
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ERC20 (Initializable, Context, IERC20)
- [Int] __ERC20_init #
- modifiers: initializer
- [Int] __ERC20_init_unchained #
- modifiers: initializer
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ MGas (ERC20, Ownable)
- [Pub] initialize #
- modifiers: initializer