| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Monster War Token - Smart Contract Audit Report
Summary
Monster War Token ($MWA) is a new ERC20 token that is used to support the team's blockchain based gaming platform.
We audited the project team's Monster War contract at commit 078e9610fb24a9ea44de4744b12356c2703adc34 on the team's Github.
Notes on the Contract:Audit Findings Summary
- The initial total supply of the token is set to 570 million [570,000,000] $MWA.
- The owner has the ability to mint tokens to any address at any time.
- No burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- As the contract has not yet been deployed to the mainnet, there was no token allocation for our team to analyze.
- There is a buy fee and a sell fee applied on all transactions when the UniswapV2Pair is either the sender or the recipient. The fees that are collected on transfers are sent directly to a wallet (called "burnAddress") controlled by the team. The owner has the ability to modify these fees to any percentage at any time.
- The contract features a battleReward(), farmingReward(), and trainingReward() function that can only be called by the teams assigned "mAddress".
- By using the functions mentioned above, the mAddress can mint any amount of tokens as a reward to the "winners" address less than the maximum reward caps of:
- 160 million $MWA for the battleReward.
- 140 million $MWA for the farmingReward.
- 130 million $MWA for the trainingReward.
- If these rewards exceed their maximum caps, the rewards that are due to the holders will still be paid out.
- The owner has the ability to update the "mAddress" and "burnAddress" to any addresses at any time.
- Some variables could have been declared constant to save some gas.
- Some functions could have been declared external instead of public to save some gas.
- The contract utilizes SafeMath libraries along with following the ERC20 standard.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have control over the total token supply via minting.
- Date: September 7th, 2021
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ ERC20 (Context, IERC20, Ownable)
- [Pub] #
- [Ext] getOwner
- [Pub] name
- [Pub] decimals
- [Pub] symbol
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _burnFrom #
+ MWA (ERC20)
- [Pub] #
- modifiers: ERC20
- [Int] _transfer #
- [Pub] mint #
- modifiers: onlyOwner
- [Ext] setMAdrress #
- modifiers: onlyOwner
- [Ext] setBurnAdrress #
- modifiers: onlyOwner
- [Pub] setTransferFeeRate #
- modifiers: onlyOwner
- [Ext] battleReward #
- [Ext] farmingReward #
- [Ext] trainingAmount #