NFTMARS - Smart Contract Audit Report

Summary

NFTMARS is a new DeFitoken on the Binance Smart Chain with frictionless fee redistribution and a buyback system for burning supply.

We audited NFTMARS's token contract at 0xB10b0A3B5A970875c36C248Fcd3F1acb3622CF3E on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to two hundred million $Mars [200,000,000].
  • No mint or burn functions are present. However, when buyback functionality is enabled; 1% of the contract's remaining BNB Balance (up to an upper limit set by the team) will be swapped for tokens and then subsequently burned. This percentage is determined by the "Burn Fee" which the owner can set to any value at any time as well as change the "Burn Address" (where this value goes) to a new one.
  • At the time of writing this report, 100% of the total supply is in possession of the owner as the project was recently deployed.

  • At the time of writing, there is a 5% 'tax fee' and an 11% 'liquidity fee' on all transactions for any "non-excluded" address that participates in a transfer.
  • The tax fee is redistributed to existing token holders instantly and automatically at the time of each transaction.
  • The liquidity fee that is charged on transactions is stored in the contract and, once a threshold value (that is determined by the owner) is met, activates a "Swap and Liquify" where the tokens are swapped for BNB and 36% is sent to the project team's marketing wallet (which the owner can update to a new address at any time). This swap functionality can be enabled/disabled by the owner.
  • The owner of the contract can exclude and include users from transfer fees and rewards, toggle the buyback functionality, and update all of the fee percentages/allocations at any time.
  • The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.

  • The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function. Ownership can additionally be restored (even if ownership was previously renounced), by using the unlock function a second time.
  • Some state variables could have been declared constant to save some gas.
  • Some functions could have been declared external instead of public to save some gas.
  • As the project is implemented with solidity version ^0.8.0, it is protected from overflows.
  • The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.

Audit Findings Summary
  • Buyback functionality may be suseptible to front-running; The team must monitor and if suspicious activity is detected, the team must disable the buyback system.
  • Ensure trust in the team as they have substantial control in the ecosystem.
  • Date: June 30th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] getUnlockTime
    - [Pub] getTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  NFTMARS (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] totalFees
    - [Pub] minimumTokensBeforeSwapAmount
    - [Pub] buyBackUpperLimitAmount
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokens #
       - modifiers: lockTheSwap
    - [Prv] buyBackTokens #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] swapETHForTokens #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _reflectFee #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateTaxFee
    - [Prv] calculateLiquidityFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxFeePercent #
       - modifiers: onlyOwner
    - [Pub] setBurnAddress #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFeePercent #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Ext] setBurnPercent #
       - modifiers: onlyOwner
    - [Ext] setMarketingDivisor #
       - modifiers: onlyOwner
    - [Ext] setNumTokensSellToAddToLiquidity #
       - modifiers: onlyOwner
    - [Ext] setBuybackUpperLimit #
       - modifiers: onlyOwner
    - [Ext] setMarketingAddress #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] setBuyBackEnabled #
       - modifiers: onlyOwner
    - [Prv] transferToAddressETH #
    - [Pub] balanceETH
    - [Pub] isinSwapAndLiquify
    - [Ext]  ($)