PISTON - Smart Contract Audit Report

Audit Summary

PISTON Audit Report PISTON ($PISTON) is a new BEP-20 token on the Binance Smart Chain that is an automatic liquidity providing protocol.

We reviewed the PISTON implementation contract at 0xe62946A6b6Fb5362F4733D873655e22A3A4f1cC1 and Proxy contract at 0x740DeB4FA5BdEC0f4D514728fD679d567DEce093 on the Binance Smart Chain mainnet.

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: February 22nd, 2022.
Finding #1 - PISTON - Informational
Description: Several functions are declared public, but are never called internally.
			
symbol, updateUniswapV2Router, excludeMultipleAccountsFromFees, setAutomatedMarketMakerPair, isExcludedFromFees
Recommendation: We recommend declaring these functions external for additional gas savings on each call.
Finding #2 - PISTON - Informational
Description: Although the SafeMath library is utilized, the contract is deployed with Solidity v0.8.9 which has built-in overflow checks.
Recommendation: SafeMath could be safely removed to reduce contract size and deployment costs.

Contract Overview

The total supply of the token is currently 1 million $PISTON [1,000,000].
The contract utilizes a Minter role that allows the assigned address to mint any amount of tokens to any account at any time.
No burn functions exist, though the circulating supply can be decreased by sending tokens to the 0x..dead address.
At the time of writing this report, 100% of the total supply belongs to the owner.

Trading must be enabled by the owner in order for all trading to take place on the platform. Only accounts that are excluded from fees can participate in transfers when trading is set to disabled.
There is a Liquidity fee, Ecosystem fee, and Dev fee on all transfers where neither the sender nor the recipient is excluded from fees.
Fees are increased by a percentage (determined by the owner) when selling tokens to Pancakeswap.
The liquidity fee charged during transfers is stored in the contract address. The tokens are swapped for BUSD for the purpose of funding Pancakeswap liquidity when the following conditions are met:
The automatic liquidity add functionality is enabled by the team.
The threshold number of tokens in the contract address (determined by the owner) has been reached.
The contract is not currently performing an automatic liquidity add.
The transfer is not a buying transaction via Pancakeswap.
Neither the sender nor the recipient is the owner.
Liquidity-adds are automatically performed by selling the tokens collected as fees, pairing the received BUSD with the token, and adding it as liquidity to the pair.
The LP tokens received through this process are sent to the 0x00 address.
The tokens collected from the Dev fee and Ecosystem fee are sent to the team's Dev wallet and Ecosystem wallet respectively.
The contract enforces a maximum sell amount (determined by the owner) which imposes a limit to the number of tokens that can be sold via Pancakeswap.
The contract enforces a maximum buy amount (determined by the owner) which imposes a limit to the number of tokens that can be bought via Pancakeswap.
The contract enforces a maximum wallet amount which prevents a transfer from occurring if the recipient's token balance will exceed the limit number of tokens (determined by the owner) after the transfer takes place.
The maximum buy amount, maximum sell amount, and maximum wallet amount restrictions do not apply to accounts that are excluded from fees.
The contract is upgradable, meaning the team can swap out the current contract for a new one at any time.
As the contract is deployed with Solidity v0.8.9, it is protected from overflows/underflows.
The contract complies with the BEP-20 token standard.
Ownership Controls:
The owner can modify the Liquidity fee, Ecosystem fee, and Dev fee to any percentages as long as the total fee percentages combined do not exceed 25%.
The owner can update the percentage that fees are increased by when selling tokens to Pancakeswap to any value up to 15%.
The owner can exclude and include accounts from transfer fees.
The owner can disable trading at any time which will prevent all accounts that are not excluded from fees from being able to participate in transfers.
The owner can add/remove accounts from a blacklist that prevents users from being able to participate in transfers.
The owner can update the maximum buy amount, maximum sell amount, and maximum wallet amount to any values at any time.
The owner can enable/disable automatic liquidity adds at any time.
The owner can update the threshold number of tokens needed to trigger an automatic liquidity add to any value at any time.
The owner can update the paired token address that is used when performing an automatic liquidity add from BUSD to any address at any time.
The owner can update the team's Ecosystem wallet and Dev wallet to any addresses at any time.
The owner can update the Automated Market Maker Pair address at any time.
The owner can update the Pancakeswap Router address at any time.
The owner can update the token's symbol at any time.
The assigned Minter address can transfer their role to another address at any time.

External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Centralization of Control	The assigned Minter address can mint any amount of tokens at any time. The team can upgrade the contract at any time. The owner can blacklist accounts from being able to participate in transfers. The owner can set total fee percentages up to 25%.	WARNING
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Flash Loans	N/A	PASS
Integer Over/Underflow	N/A	PASS
Logical Issues	N/A	PASS
Multiple Sends	N/A	PASS
Oracles	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	PASS
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

Function Graph

BEP20 Token Graph

Inheritance Chart

Multi-file Token

Functions Overview

												
($) = payable function
 # = non-constant function

 + [Int] IERC20Upgradeable 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20MetadataUpgradeable (IERC20Upgradeable)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Initializable 
    - [Prv] _isConstructor

 +  ContextUpgradeable (Initializable)
    - [Int] __Context_init #
       - modifiers: onlyInitializing
    - [Int] __Context_init_unchained #
       - modifiers: onlyInitializing
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] AddressUpgradeable 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] verifyCallResult

 +  ERC20Upgradeable (Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable)
    - [Int] __ERC20_init #
       - modifiers: onlyInitializing
    - [Int] __ERC20_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #

 +  OwnableUpgradeable (Initializable, ContextUpgradeable)
    - [Int] __Ownable_init #
       - modifiers: onlyInitializing
    - [Int] __Ownable_init_unchained #
       - modifiers: onlyInitializing
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Lib] SafeMathUpgradeable 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  PISTON (Initializable, ERC20Upgradeable, OwnableUpgradeable)
    - [Pub] initialize #
       - modifiers: initializer
    - [Pub] symbol
    - [Ext] mint #
    - [Ext]  ($)
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Ext] setEcosystemWallet #
       - modifiers: onlyOwner
    - [Ext] setDevWallet #
       - modifiers: onlyOwner
    - [Ext] setExtraSellFee #
       - modifiers: onlyOwner
    - [Ext] setEcosystemFee #
       - modifiers: onlyOwner
    - [Ext] setDevFee #
       - modifiers: onlyOwner
    - [Ext] setLiquiditFee #
       - modifiers: onlyOwner
    - [Ext] setFeetargetTokenAddress #
       - modifiers: onlyOwner
    - [Ext] setLiquidityTokenAddress #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Ext] blacklistAddress #
       - modifiers: onlyOwner
    - [Ext] setTradingEnabled #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Ext] setSwapEnabled #
       - modifiers: onlyOwner
    - [Ext] setMaxBuyAmount #
       - modifiers: onlyOwner
    - [Ext] setMaxWalletBalance #
       - modifiers: onlyOwner
    - [Ext] setMaxSellAmount #
       - modifiers: onlyOwner
    - [Ext] setSwapTokensAtAmount #
       - modifiers: onlyOwner
    - [Pub] isExcludedFromFees
    - [Ext] setMintMasterAddress #
    - [Ext] setSymbol #
       - modifiers: onlyOwner
    - [Int] _transfer #
    - [Prv] swapAndSendToFee #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] swapTokensForTargetToken #
    - [Prv] swapTokensForLiquidityToken #
    - [Prv] addLiquidity #

Go Home