Nobility - Smart Contract Audit Report

Summary

Nobility Audit Report Nobility is a token on the Binance Smart Chain that provides automatic liquidity adds and pays holders dividends in BUSD.

We audited Nobility's token contract at 0xa67a13c9283da5aabb199da54a9cb4cd8b9b16ba on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to one hundred billion $NBL [100,000,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, there are approximately 4,300 $NBL holders.
  • 40.33% of the token supply has been burned. (The burn address is excluded from dividends).
  • The top 5 holders own a cumulative 9.57% of the total supply.
  • 2.57% of the total supply is held in PancakeSwap V2 Liquidity. Out of that liquidity, 77.92% is held in a token locking contract that will vest to the team on Monday, August 15th, 2022. Another 12.40% of that liquidity has been sent to the zero address.

  • There is a "Marketing Fee", "Liquidity Fee", and "BUSD Rewards Fee" on all transfers (given that the transferring address is not excluded from fees).
  • The fees charged on transactions are stored in the contract and, once a threshold value of 2,000,000 $NBL is met, the tokens are swapped for BUSD and Liquidity adds.
  • In the current fee allocation, 3% is swapped for BUSD and sent to the project team's marketing wallet, 1% is used to automatically provide liquidity, and 7% is applied toward funding the BUSD dividend rewards for those who are eligible.
  • Liquidity-adds are automatically done by selling half of the tokens collected as liquidity fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
  • The LP tokens received through this process are burned.

  • A user must hold 200,000 $NBL tokens to be eligible for dividends. This is 0.0002% of the total token supply, which allows a large amount of holders to qualify (2350/4300 at the time of writing).
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • Some gas optimizations can be achieved through marking functions external instead of public. There are also some public variables that could be declared constant. This is merely informational as the contract has already been deployed.
  • The contract utilizes the SafeMath library to prevent overflows along with following the BEP20 standard.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner is able to set the fee percentages to any amount at any time.
  • The owner is able to exclude addresses from fees at any time.
  • The owner is able to add addresses to a blacklist which will prevent them from participating in transfers.
  • The owner is able to exclude any address from dividends at any time.
  • The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
  • The owner is able to update the Marketing address at any time.
  • The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
  • The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).

Audit Findings Summary
  • No security threats were identified.
  • We recommend that the team renounces ownership.
  • Please ensure trust in the team as they have substantial control in the ecosystem.
  • The team has not completed KYC procedures.
  • Date: September 2nd, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] withdrawDividend #

 +  DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: ERC20
    - [Pub] distributeBUSDDividends #
       - modifiers: onlyOwner
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 +  NOBLILITY (ERC20, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Ext] setMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] setBUSDRewardsFee #
       - modifiers: onlyOwner
    - [Ext] setLiquiditFee #
       - modifiers: onlyOwner
    - [Ext] setMarketingFee #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Ext] blacklistAddress #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders
    - [Int] _transfer #
    - [Prv] swapAndSendToFee #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] swapTokensForBusd #
    - [Prv] addLiquidity #
    - [Prv] swapAndSendDividends #

 +  NOBILITYDividendTracker (Ownable, DividendPayingToken)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer #
    - [Pub] withdrawDividend #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner