Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
PolkaCity Token - Smart Contract Audit Report
Summary
PolkaCity intends to build a platform to allow users to invest into specific assets like taxis and energy stations. Further features are still in development; thus far the team only has a ERC20 token contract.
For this audit we reviewed only the project's token contract, deployed at 0xaA8330FB2B4D5D07ABFE7A72262752a8505C6B37.
Notes of the contract:Audit Findings Summary
- The total supply of the token is 250 million.
- No accessible mint function exists, though a burn function is present.
- Currently the deployer's address holds 200 million tokens, representing 80% of the total supply; 25% of which are unlocked with the rest of the tokens vesting over time. This is referred to by the team as the "platform wallet"
- 10 million tokens are locked in an address controlled by the team via a locking mechanism included in the contract, which will be unlocked over time.
- The marketing wallet (controlled by the team) is allocated 5 million tokens; 4 million of which are locked and released over time.
- 2.5 million tokens allocated to a private sale have been distributed
- 7.5 million tokens are held in a wallet intended for use in a presale.
- 25 million tokens are allocated for use on exchangesl these tokens are unlocked and accessible to the team.
- The contract includes features to conduct a presale (which ends on February 28th).
- Users can buy tokens directly through the contract during the presale period,
- All ETH raised through the presale is sent directly to the team.
- A specific funcition exists for burning tokens not sold in the presale.
- In an effort to prevent bot trading, the token can only be transferred once per block. This may cause failing transactions if the token's usage becomes popular; though the owner can enable/disable it at any time.
- The owner additonally has the ability to whitelist addresses so they are exempt from the 1 transfer per block limit.
- No other Ownership-protected functions are present.
- Utilization of SafeMath to prevent overflows.
- No issues from external attackers were identified.
- The developer of the protocl has performed KYC with our firm; and is domiciled in the United States.
- Users give their ETH directly to the project team during the presale, and the team controls a large number of tokens. Ensure trust in the team.
- The team claims to be releasing an NFT staking contract after listing, but have declined to share the code because it is "worth too much."
- Date: February 19th, 2021.
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
+ [Int] ItokenRecipient
- [Ext] receiveApproval #
+ [Int] IERC20Token
- [Ext] totalSupply
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] balanceOf
- [Ext] approve #
- [Ext] allowance
+ Ownable
- [Pub] #
- [Pub] changeOwner #
- modifiers: onlyOwner
- [Ext] getOwner
+ StandardToken (IERC20Token)
- [Pub] totalSupply
- [Pub] transfer #
- [Pub] transferFrom #
- [Pub] balanceOf
- [Pub] approve #
- [Pub] allowance
+ POLCToken (Ownable, StandardToken)
- [Pub] #
- [Pub] transfer #
- [Pub] transferFrom #
- [Pub] burn #
- [Pub] approveAndCall #
- [Pub] releaseTokens #
- [Int] checkTransferLimit #
- [Pub] enableTXLimit #
- modifiers: onlyOwner
- [Pub] disableTXLimit #
- modifiers: onlyOwner
- [Pub] includeWhiteList #
- modifiers: onlyOwner
- [Pub] removeWhiteList #
- modifiers: onlyOwner
- [Pub] getLockedBalance
- [Pub] buy ($)
- [Pub] burnUnsold #
- modifiers: onlyOwner
Click here to download the source code as a .sol file.
/**
*Submitted for verification at Etherscan.io on 2021-02-17
*/
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
library SafeMath {
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, "SafeMath: addition overflow");
return c;
}
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}
function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;
return c;
}
}
interface ItokenRecipient {
function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external returns (bool);
}
interface IERC20Token {
function totalSupply() external view returns (uint256 supply);
function transfer(address _to, uint256 _value) external returns (bool success);
function transferFrom(address _from, address _to, uint256 _value) external returns (bool success);
function balanceOf(address _owner) external view returns (uint256 balance);
function approve(address _spender, uint256 _value) external returns (bool success);
function allowance(address _owner, address _spender) external view returns (uint256 remaining);
}
contract Ownable {
address private owner;
event OwnerSet(address indexed oldOwner, address indexed newOwner);
modifier onlyOwner() {
require(msg.sender == owner, "Caller is not owner");
_;
}
constructor() {
owner = msg.sender; // 'msg.sender' is sender of current call, contract deployer for a constructor
emit OwnerSet(address(0), owner);
} function changeOwner(address newOwner) public onlyOwner {
emit OwnerSet(owner, newOwner);
owner = newOwner;
}
function getOwner() external view returns (address) {
return owner;
}
}
contract StandardToken is IERC20Token {
using SafeMath for uint256;
mapping (address => uint256) public balances;
mapping (address => mapping (address => uint256)) public allowed;
uint256 public _totalSupply;
event Transfer(address indexed _from, address indexed _to, uint256 _value);
event Approval(address indexed _owner, address indexed _spender, uint256 _value);
function totalSupply() override public view returns (uint256 supply) {
return _totalSupply;
}
function transfer(address _to, uint256 _value) override virtual public returns (bool success) {
require(_to != address(0x0), "Use burn function instead");
require(_value >= 0, "Invalid amount");
require(balances[msg.sender] >= _value, "Not enough balance");
balances[msg.sender] = balances[msg.sender].sub(_value);
balances[_to] = balances[_to].add(_value);
emit Transfer(msg.sender, _to, _value);
return true;
}
function transferFrom(address _from, address _to, uint256 _value) override virtual public returns (bool success) {
require(_to != address(0x0), "Use burn function instead");
require(_value >= 0, "Invalid amount");
require(balances[_from] >= _value, "Not enough balance");
require(allowed[_from][msg.sender] >= _value, "You need to increase allowance");
balances[_from] = balances[_from].sub(_value);
balances[_to] = balances[_to].add(_value);
emit Transfer(_from, _to, _value);
return true;
}
function balanceOf(address _owner) override public view returns (uint256 balance) {
return balances[_owner];
}
function approve(address _spender, uint256 _value) override public returns (bool success) {
allowed[msg.sender][_spender] = _value;
emit Approval(msg.sender, _spender, _value);
return true;
}
function allowance(address _owner, address _spender) override public view returns (uint256 remaining) {
return allowed[_owner][_spender];
}
}
contract POLCToken is Ownable, StandardToken {
using SafeMath for uint256;
string public name = "Polka City";
uint8 public decimals = 18;
string public symbol = "POLC";
// Time lock for progressive release of team, marketing and platform balances
struct TimeLock {
uint256 totalAmount;
uint256 lockedBalance;
uint128 baseDate;
uint64 step;
uint64 tokensStep;
}
mapping (address => TimeLock) public timeLocks;
// Prevent Bots - If true, limits transactions to 1 transfer per block (whitelisted can execute multiple transactions)
bool public limitTransactions;
mapping (address => bool) public contractsWhiteList;
mapping (address => uint) public lastTXBlock;
event Burn(address indexed from, uint256 value);
// token sale
// Wallet for the tokens to be sold, and receive ETH
address payable public salesWallet;
uint256 public soldOnCSale;
uint256 public constant CROWDSALE_START = 1613926800;
uint256 public constant CROWDSALE_END = 1614556740;
uint256 public constant CSALE_WEI_FACTOR = 15000;
uint256 public constant CSALE_HARDCAP = 7500000 ether;
constructor() {
_totalSupply = 250000000 ether;
// Base date to calculate team, marketing and platform tokens lock
uint256 lockStartDate = 1613494800;
// Team wallet - 10000000 tokens
// 0 tokens free, 10000000 tokens locked - progressive release of 5% every 30 days (after 180 days of waiting period)
address team = 0x4ef5B3d10fD217AC7ddE4DDee5bF319c5c356723;
balances[team] = 10000000 ether;
timeLocks[team] = TimeLock(10000000 ether, 10000000 ether, uint128(lockStartDate + (180 days)), 30 days, 500000);
emit Transfer(address(0x0), team, balances[team]);
// Marketing wallet - 5000000 tokens
// 1000000 tokens free, 4000000 tokens locked - progressive release of 5% every 30 days
address marketingWallet = 0x056F878d4Ac07E66C9a46a8db4918E827c6fD71c;
balances[marketingWallet] = 5000000 ether;
timeLocks[marketingWallet] = TimeLock(4000000 ether, 4000000 ether, uint128(lockStartDate), 30 days, 200000);
emit Transfer(address(0x0), marketingWallet, balances[marketingWallet]);
// Private sale wallet - 2500000 tokens
address privateWallet = 0xED854fCF86efD8473F174d6dE60c8A5EBDdCc37A;
balances[privateWallet] = 2500000 ether;
emit Transfer(address(0x0), privateWallet, balances[privateWallet]);
// Sales wallet, holds Pre-Sale balance - 7500000 tokens
salesWallet = payable(0x4bb74E94c1EB133a6868C53aA4f6BD437F99c347);
balances[salesWallet] = 7500000 ether;
emit Transfer(address(0x0), salesWallet, balances[salesWallet]);
// Exchanges - 25000000 tokens
address exchanges = 0xE50d4358425a93702988eCd8B66c2EAD8b41CE5d;
balances[exchanges] = 25000000 ether;
emit Transfer(address(0x0), exchanges, balances[exchanges]);
// Platform wallet - 200000000 tokens
// 50000000 tokens free, 150000000 tokens locked - progressive release of 25000000 every 90 days
address platformWallet = 0xAD334543437EF71642Ee59285bAf2F4DAcBA613F;
balances[platformWallet] = 200000000 ether;
timeLocks[platformWallet] = TimeLock(150000000 ether, 150000000 ether, uint128(lockStartDate), 90 days, 25000000);
emit Transfer(address(0x0), platformWallet, balances[platformWallet]);
}
function transfer(address _to, uint256 _value) override public returns (bool success) {
require(checkTransferLimit(), "Transfers are limited to 1 per block");
require(_value <= (balances[msg.sender] - timeLocks[msg.sender].lockedBalance));
return super.transfer(_to, _value);
}
function transferFrom(address _from, address _to, uint256 _value) override public returns (bool success) {
require(checkTransferLimit(), "Transfers are limited to 1 per block");
require(_value <= (balances[_from] - timeLocks[_from].lockedBalance));
return super.transferFrom(_from, _to, _value);
}
function burn(uint256 _value) public returns (bool success) {
require(balances[msg.sender] >= _value, "Not enough balance");
require(_value >= 0, "Invalid amount");
balances[msg.sender] = balances[msg.sender].sub(_value);
_totalSupply = _totalSupply.sub(_value);
emit Burn(msg.sender, _value);
return true;
}
function approveAndCall(address _spender, uint256 _value, bytes memory _extraData) public returns (bool success) {
allowed[msg.sender][_spender] = _value;
emit Approval(msg.sender, _spender, _value);
ItokenRecipient recipient = ItokenRecipient(_spender);
require(recipient.receiveApproval(msg.sender, _value, address(this), _extraData));
return true;
}
function releaseTokens(address _account) public {
uint256 timeDiff = block.timestamp - uint256(timeLocks[_account].baseDate);
require(timeDiff > uint256(timeLocks[_account].step), "Unlock point not reached yet");
uint256 steps = (timeDiff / uint256(timeLocks[_account].step));
uint256 unlockableAmount = ((uint256(timeLocks[_account].tokensStep) * 1 ether) * steps);
if (unlockableAmount >= timeLocks[_account].totalAmount) {
timeLocks[_account].lockedBalance = 0;
} else {
timeLocks[_account].lockedBalance = timeLocks[_account].totalAmount - unlockableAmount;
}
}
function checkTransferLimit() internal returns (bool txAllowed) {
address _caller = msg.sender;
if (limitTransactions == true && contractsWhiteList[_caller] != true) {
if (lastTXBlock[_caller] == block.number) {
return false;
} else {
lastTXBlock[_caller] = block.number;
return true;
}
} else {
return true;
}
}
function enableTXLimit() public onlyOwner {
limitTransactions = true;
}
function disableTXLimit() public onlyOwner {
limitTransactions = false;
}
function includeWhiteList(address _contractAddress) public onlyOwner {
contractsWhiteList[_contractAddress] = true;
}
function removeWhiteList(address _contractAddress) public onlyOwner {
contractsWhiteList[_contractAddress] = false;
}
function getLockedBalance(address _wallet) public view returns (uint256 lockedBalance) {
return timeLocks[_wallet].lockedBalance;
}
function buy() public payable {
require((block.timestamp > CROWDSALE_START) && (block.timestamp < CROWDSALE_END), "Contract is not selling tokens");
uint weiValue = msg.value;
require(weiValue >= (5 * (10 ** 16)), "Minimum amount is 0.05 eth");
require(weiValue <= (20 ether), "Maximum amount is 20 eth");
uint amount = CSALE_WEI_FACTOR * weiValue;
require((soldOnCSale) <= (CSALE_HARDCAP), "That quantity is not available");
soldOnCSale += amount;
balances[salesWallet] = balances[salesWallet].sub(amount);
balances[msg.sender] = balances[msg.sender].add(amount);
require(salesWallet.send(weiValue));
emit Transfer(salesWallet, msg.sender, amount);
}
function burnUnsold() public onlyOwner {
require(block.timestamp > CROWDSALE_END);
uint currentBalance = balances[salesWallet];
balances[salesWallet] = 0;
_totalSupply = _totalSupply.sub(currentBalance);
emit Burn(salesWallet, currentBalance);
}
}