Panda Token - Smart Contract Audit Report


Panda Token Audit Report Panda Token intends to build a social and NFT exchange platform.

For this audit we reviewed the project's token contract, provided to us by the team and available below.
Please note we have not reviewed the team's upcoming projects.

Notes of the contract:
  • The token has an total supply of 10 million. No further tokens can be minted.
  • The exchange address was allocated 5 million tokens, which were added to liquidity and locked for 1 year.
  • 1 million tokens were allocated to an address to provide future staking rewards.
  • 2 million tokens were allocated to a "burn address," which cannot be transferred. 100,000 tokens can be burned from this address periodically when the team makes transfers, or once a month by the team by calling monthlyBurn().
  • The marketing address was allocated 1 million tokens.
  • The team address holds 1 million tokens; 200,000 of which are released every 30 days.

  • The token has a 1% fee on transfers which will end after 1.5 million tokens have been burned.
  • There is a limit on the amount of tokens a user can sell which is set at 100,000 per transaction.
  • The team can enable or disable this limit at any time. In addition, the addresses of DEXs are determined by the team and can be updated at any time.
  • A number of variables can be constant and functions public to save gas.
  • The contract utilizes SafeMath to check for and revert on overflows.
  • Solidity 0.5.17 should be used when deploying this contract.

  • Audit Findings Summary
    • No issues from external attackers were identified.
    • Ensure trust in the team as they have some control in the ecosystem and will have control over a large number of tokens.
    • Date: April 12th, 2021.

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    ERC20 Token Graph

    Multi-file Token

     ($) = payable function
     # = non-constant function
     Int = Internal
     Ext = External
     Pub = Public
     + [Int] IBEP20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] transfer #
        - [Ext] approve #
        - [Ext] transferFrom #
     + [Lib] SafeMath 
        - [Int] mul
        - [Int] div
        - [Int] sub
        - [Int] add
        - [Int] ceil
     +  BEP20Detailed (IBEP20)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
     +  PNDA (BEP20Detailed)
        - [Pub]  ($)
           - modifiers: BEP20Detailed
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] getLiquidityStatus
        - [Pub] addLiquidityAddress #
        - [Pub] removeLiquidityAddress #
        - [Pub] limitoff #
           - modifiers: whenNotPaused
        - [Pub] limiton #
           - modifiers: whenPaused
        - [Pub] findOnePercent
        - [Pub] allowance
        - [Pub] transfer #
        - [Pub] airdrop #
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _mint #
        - [Pub] monthlyTokenBurn #