MarketMove - Audit Report
Summary
MarketMove ($MOVE) is a new community-driven Defi token that pays out static rewards to holders.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is set to 1 trillion $MOVE [1,000,000,000,000].
- No minting functions are present beyond deployment.
- As the contract has not yet been deployed to the mainnet, there was no token allocation for our team to analyze.
- There is a 1% 'tax fee' and an 11% 'liquidity fee' on all transactions for any non excluded address that participates in a transfer, with the exception of selling to the exchange.
- There is a 4% tax fee and an 14% liquidity fee applied on transactions when holders are transferring tokens to Pancakeswap (selling).
- The owner has the ability to determine when the presale has ended by calling the afterPresale function, which will briefly increase both fees to 30% for a duration of 5 seconds from the time the function was called.
- We recommend that the team exercises caution to ensure that this function is only called once. If called a second time, both fees will remain at 30% for the duration of the project.
- We advise the same caution to the prepareforPresale function, as if it is called after the presale has ended, both fees will remain at 0%.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
- The Liquidity fee that is charged on transactions is used to buy BNB via the "swaptokens" function which will be stored in the contract address. Upon each BNB purchase made by the contract address, a percentage (determined by the owner) will be sent to the 'marketing address'.
- Each time that a $MOVE Holder sells tokens to Pancakeswap, the transaction details are stored in the "SellHistory" array which is used to aggregate sell information over a certain period of time which is later used to determine the average sell amount. A portion (determined by the owner) of this average BNB returned per token sale for the buyback period is used to determine the maximum buyback limit.
- On each transfer that occurs while the minimum threshold (determined by the owner) is met, the protocol will determine an amount of BNB to apply toward buying $MOVE tokens that will subsequently be burned. The owner has some control over the amount of BNB that is transferred during buybacks as they can update the variables that are used when determining the minimum and maximum buyback ranges. The owner has the ability to enable and disable the Buyback functionality at any time.
- After the maximum and minimum range has been determined, the contract will pseudo-randomly select a value within the range to apply to the buyback transfer.
- The contract has built-in checks in place to ensure that the buyback functionality will only run if the contract's BNB balance can support the buyback transfer.
- The owner can use the "TransferForeignToken" function to transfer the contract address' balance of any BEP20 token (with the exception of $MOVE) to any address desired.
- The owner can set each fee to any percentages at any time.
- The owner of the contract can exclude and include accounts from fees and reward distribution.
- The owner has the ability to update the address associated with the Pancakeswap router to a new address at any time. The owner can also update the ‘Marketing’ wallet at any time.
- There is a maximum transaction amount of 3 billion $MOVE tokens.
- The contract includes a prepareForPresale function that allows the owner to set fees to 0, and set the max transaction amount to 100% of the total token supply. There is also an afterPresale function where the fees are restored and the maximum transaction amount is set to 0.3% of the total token supply.
- Ownership has not been renounced.
- We worked with the team to optimize the contract for gas efficiency.
- The contract utilizes SafeMath libraries along with following the BEP20 standard.
- As the project is deployed with Solidity v0.8.4, it is protected from overflows.
- No external threats were identified.
- We recommend that the team renounces ownership after a successful launch.
- Buyback functionality may be susceptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the buyback system.
- Please ensure trust in the team prior to investing as they have notable control in the ecosystem.
- Further, ensure trust in the team as they have control of the contract's BNB balance that is accumulated from the liquidity fee.
- Date: August 24th, 2021
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] getUnlockTime
- [Pub] getTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ MarketMoveToken (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcludedFromReward
- [Pub] totalFees
- [Pub] minimumTokensBeforeSwapAmount
- [Pub] buyBackSellLimitAmount
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] swapTokens #
- modifiers: lockTheSwap
- [Prv] buyBackTokens #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] swapETHForTokens #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] calculateTaxFee
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Pub] isExcludedFromFee
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Prv] _getSellBnBAmount
- [Prv] _removeOldSellHistories #
- [Ext] SetBuyBackMaxTimeForHistories #
- modifiers: onlyOwner
- [Ext] SetBuyBackDivisor #
- modifiers: onlyOwner
- [Pub] GetBuyBackTimeInterval
- [Ext] SetBuyBackTimeInterval #
- modifiers: onlyOwner
- [Ext] SetBuyBackRangeRate #
- modifiers: onlyOwner
- [Pub] GetSwapMinutes
- [Ext] SetSwapMinutes #
- modifiers: onlyOwner
- [Ext] setBuyBackSellLimit #
- modifiers: onlyOwner
- [Ext] setNumTokensSellToAddToBuyBack #
- modifiers: onlyOwner
- [Ext] setMarketingAddress #
- modifiers: onlyOwner
- [Pub] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Pub] setBuyBackEnabled #
- modifiers: onlyOwner
- [Pub] setAutoBuyBackEnabled #
- modifiers: onlyOwner
- [Ext] prepareForPreSale #
- modifiers: onlyOwner
- [Ext] afterPreSale #
- modifiers: onlyOwner
- [Prv] transferToAddressETH #
- [Pub] getPairAddress
- modifiers: onlyOwner
- [Pub] changeRouterVersion #
- modifiers: onlyOwner
- [Ext] ($)
- [Pub] transferForeignToken #
- modifiers: onlyOwner