PandaDAO - Smart Contract Audit Report
Summary
PandaDAO is a new organization focused on charity and giving.We reviewed PandaDAO's token and interest contracts at commit b15acafc1b72732de30a6e18c93b719bdb16fd03 and again at commit 5343d6f5592cceeeff283927e3168f045e03015b.
Notes on the Pando Dao Finance Token:The total supply of the token is 100 million. When deployed, the team will receive the entirety of the supply. No mint functions are present. The contract implements an 2% fee on all transfers of the token, once enabled. 0.5% of each transaciton will be sent to the Charity Pool contract. 0.5% of each transaction will be burned, reducing the circulating supply. The final 1% of the fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund PancakeSwap liqudity. Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the BNB pair. The LPLock contract will receive the LP tokens from this process. The team has the ability to enable and disable all fees at any time; though the fee amounts cannot be changed. The team can also exclude any address from the fee mechanism and update the addresses of the Charity Pool & LPLock contract.
Notes on the Pando Dao Charity Pool:The contract receives tokens from the charity fee charged on transfers of the token. All functions on the contract can only be called by the owner of the contract. The owner will be able to withdraw a percentage of the tokens in the contract each week. The owner of the contract can set the percentage for weekly withdraws to any value, essentially allowing the owner to claim all the tokens at any time. The owner of the contract can also withdraw other tokens or BNB erroneously sent to the contract.
Notes on the LP Locker:The contract receives LP tokens from the swapAndLiquify logic in the token. LP tokens will be locked for 1 year from the contract's deployment. The owner can add another year to the lock expiration at any time. After the lock period has expired, the owner can withdraw all of the LP tokens in the contract.
Audit Findings Summary
- No external threats were identified.
- As with any presale, ensure trust in the team prior to investing.
- Further, ensure trsut in the team as they hae notable control in the ecosystem and control the charity pool and LP locker contracts.
- Date: May 25th, 2021
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Details: PandaDAOCharityPool
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] geUnlockTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ PandaDAOCharityPool (Context, Ownable)
- [Pub] #
- [Ext] ($)
- [Pub] totalCharityAmount
- [Pub] getLastWithdrawTime
- [Pub] getWithdrawTimeDelay
- [Ext] checkOtherTokenBalance
- [Ext] withdrawOtherToken #
- modifiers: onlyOwner
- [Ext] withdrawBNB #
- modifiers: onlyOwner
- [Ext] setMaxPercentageOfWithdraw #
- modifiers: onlyOwner
- [Ext] withdrawPDD #
- modifiers: onlyOwner
Details: PandaDAOFinanceToken
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] geUnlockTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IPancakeFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
- [Ext] INIT_CODE_PAIR_HASH
+ [Int] IPancakePair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IPancakeRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IPancakeRouter02 (IPancakeRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ PandaDAOFinanceToken (Context, IERC20, Ownable)
- [Pub] #
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Pub] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] increaseAllowance #
- [Ext] decreaseAllowance #
- [Ext] totalFees
- [Ext] ($)
- [Prv] _getRValues
- [Prv] _takeLiquidity #
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Ext] isExcludedFromFee
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Ext] excludeFromFee #
- modifiers: onlyOwner
- [Ext] includeInFee #
- modifiers: onlyOwner
- [Ext] setCharityPoolAddress #
- modifiers: onlyOwner
- [Ext] setLPLockedPoolAddress #
- modifiers: onlyOwner
- [Ext] enableAllFees #
- modifiers: onlyOwner
- [Ext] disableAllFees #
- modifiers: onlyOwner
- [Ext] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
Details: PandaDAOLPLockedPool
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] geUnlockTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ PandaDAOLPLockedPool (Context, Ownable)
- [Pub] #
- [Ext] setLPTokenAddress #
- modifiers: onlyOwner
- [Ext] getTotalLockedLP
- [Ext] currentBlockTime
- [Ext] addOneYearLockedBlock #
- modifiers: onlyOwner
- [Ext] withdrawAllLP #
- modifiers: onlyOwner