MetacyFinance - Smart Contract Audit Report

Summary

MetacyFinance Audit Report MetacyFinance ($MTF) is a new BEP-20 token on the Binance Smart Chain that is an automatic liquidity-providing protocol.

We reviewed the CoinToken contract at 0x018F705C5744Ce4dfCd7EEB43284a631fE4ad38a on the Binance Smart Chain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 10 billion $MTF [10,000,000,000].
  • No mint functions are accessible beyond deployment.
  • The owner can burn their own tokens to reduce the total supply.
  • At the time of writing this report, 54.1% of the total supply belongs to the owner.
  • The remaining 45.9% of the total supply belongs to an unverified contract.

  • There is a Liquidity fee, Marketing fee, Charity fee, and Dev fee on all transfers via Pancakeswap where neither the sender nor the recipient is excluded from fees. A separate fee structure can be set by the team to apply different fee percentages depending on whether the user is buying or selling during the transfer.
  • The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value of tokens (0.0000005 ether) is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The recipient of the newly created LP tokens is the team's Liquidity wallet. We strongly recommend that the team locks these newly acquired LP tokens.
  • The tokens collected from the Marketing fee, Charity fee, and Dev fee are swapped for BNB and sent to the team's Marketing wallet, Charity wallet, and Dev wallet respectively.
  • Any remaining tokens in the contract are sent to the Dev wallet, while any remaining BNB in the contract is sent to the Marketing wallet.
  • As the contract is deployed with Solidity v0.8.10, it is protected from overflows/underflows.
  • Some gas optimizations can be achieved through declaring functions external instead of public, and some state variables constant. As this contract is already deployed, this is merely informational.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the Liquidity fee, Marketing fee, Charity fee, and Dev fee for both fee structures to any percentages at any time.
  • The owner can exclude and include accounts from transfer fees.
  • The owner can pause all trading at any time.
  • The owner can enable/disable transfer fees at any time.
  • The owner can call the triggerTax() function which will set the amount of tokens allocated for team wallets to 0.
  • The owner can add/remove accounts from a blacklist which prevents them from being able to participate in transfers.
  • The owner can update the team's Charity wallet, Marketing wallet, and Dev wallet to any addresses at any time.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Date: January 6th, 2022.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The team can set each fee up to 100%.
  • The owner can pause trading at any time.
  • The owner can blacklist accounts from being able to participate in transfers.
  • WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Function Graph

    ERC20 Token Graph


    Inheritance Chart

    Multi-file Token


    Functions Overview

    
     ($) = payable function
     # = non-constant function
     
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _beforeTokenTransfer #
        - [Int] _afterTokenTransfer #
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Int] _setOwner #
    
     +  Pausable (Context)
        - [Pub]  #
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     + [Int] IUniswapV2Pair 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
        - [Ext] MINIMUM_LIQUIDITY
        - [Ext] factory
        - [Ext] token0
        - [Ext] token1
        - [Ext] getReserves
        - [Ext] price0CumulativeLast
        - [Ext] price1CumulativeLast
        - [Ext] kLast
        - [Ext] mint #
        - [Ext] burn #
        - [Ext] swap #
        - [Ext] skim #
        - [Ext] sync #
        - [Ext] initialize #
    
     + [Int] IUniswapV2Factory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Int] IUniswapV2Router01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
    
     + [Int] IUniswapV2Router02 (IUniswapV2Router01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     +  CoinToken (ERC20, Ownable, Pausable)
        - [Pub]  ($)
           - modifiers: ERC20
        - [Prv] handleTax #
        - [Int] _transfer #
        - [Pub] triggerTax #
           - modifiers: onlyOwner
        - [Pub] pause #
           - modifiers: onlyOwner
        - [Pub] unpause #
           - modifiers: onlyOwner
        - [Pub] burn #
           - modifiers: onlyOwner
        - [Pub] enableBlacklist #
           - modifiers: onlyOwner
        - [Pub] disableBlacklist #
           - modifiers: onlyOwner
        - [Pub] exclude #
           - modifiers: onlyOwner
        - [Pub] removeExclude #
           - modifiers: onlyOwner
        - [Pub] setBuyTax #
           - modifiers: onlyOwner
        - [Pub] setSellTax #
           - modifiers: onlyOwner
        - [Pub] setTaxWallets #
           - modifiers: onlyOwner
        - [Pub] enableTax #
           - modifiers: onlyOwner
        - [Pub] disableTax #
           - modifiers: onlyOwner
        - [Pub] isBlacklisted
        - [Pub] isExcluded
        - [Ext]  ($)