Monster War Token - Smart Contract Audit Report

Summary

Monster War Audit Report Monster War Token ($MWA) is a new ERC20 token that is used to support the team's blockchain based gaming platform.

We audited the project team's Monster War contract at commit 078e9610fb24a9ea44de4744b12356c2703adc34 on the team's Github.


Notes on the Contract:
  • The initial total supply of the token is set to 570 million [570,000,000] $MWA.
  • The owner has the ability to mint tokens to any address at any time.
  • No burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • As the contract has not yet been deployed to the mainnet, there was no token allocation for our team to analyze.

  • There is a buy fee and a sell fee applied on all transactions when the UniswapV2Pair is either the sender or the recipient. The fees that are collected on transfers are sent directly to a wallet (called "burnAddress") controlled by the team. The owner has the ability to modify these fees to any percentage at any time.
  • The contract features a battleReward(), farmingReward(), and trainingReward() function that can only be called by the teams assigned "mAddress".
  • By using the functions mentioned above, the mAddress can mint any amount of tokens as a reward to the "winners" address less than the maximum reward caps of:
    1. 160 million $MWA for the battleReward.
    2. 140 million $MWA for the farmingReward.
    3. 130 million $MWA for the trainingReward.
  • If these rewards exceed their maximum caps, the rewards that are due to the holders will still be paid out.
  • The owner has the ability to update the "mAddress" and "burnAddress" to any addresses at any time.
  • Some variables could have been declared constant to save some gas.
  • Some functions could have been declared external instead of public to save some gas.
  • The contract utilizes SafeMath libraries along with following the ERC20 standard.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have control over the total token supply via minting.
  • Date: September 7th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

ERC20 Token Graph

Multi-file Token


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  ERC20 (Context, IERC20, Ownable)
    - [Pub]  #
    - [Ext] getOwner
    - [Pub] name
    - [Pub] decimals
    - [Pub] symbol
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _burnFrom #

 +  MWA (ERC20)
    - [Pub]  #
       - modifiers: ERC20
    - [Int] _transfer #
    - [Pub] mint #
       - modifiers: onlyOwner
    - [Ext] setMAdrress #
       - modifiers: onlyOwner
    - [Ext] setBurnAdrress #
       - modifiers: onlyOwner
    - [Pub] setTransferFeeRate #
       - modifiers: onlyOwner
    - [Ext] battleReward #
    - [Ext] farmingReward #
    - [Ext] trainingAmount #