PolkaMonster - Smart Contract Audit Report
Summary
PolkaMonster ($PkMon) is a new game on the Binance Smart Chain. For this audit report, our team did not review the entire protocol. Only the PolkaMonster contract was provided for the purpose of this audit.
Notes on the Contract:Audit Findings Summary
- At the time of writing this report, the total supply of the token is 610 million $PkMon [610,000,000].
- Minting functionality is present in the contract beyond deployment. Tokens can be minted up to a specified limit of 260 million $PkMon by the "Farm Owner" or "Evolver" roles.
- Holders have the ability to burn tokens if desired.
- At the time of writing this report, 64.39% of the total $PkMon token supply is in possession of a Unicrypt Pre-sale contract, as it has not yet been offered to the public.
- The other 35.61% of the total $PkMon token supply is in possession of the owner.
- There is a fee that is applied on all transfers for non-excluded holders that are sending tokens to the Pancakeswap V2 Pair (selling). The owner has the ability to modify this fee to any percentage at any time.
- The contract address will receive the value collect from the fee; and the recipient will receive the transfer amount minus the fee that was applied.
- Once a threshold value (determined by the owner) is met for the contract address $PkMon balance, the tokens are swapped for BNB and sent to the 'marketing address' that is controlled by the team.
- 'FarmOwners' can use the "farm" function to mint any amount of $PkMon to any address as long as the 'amountFarm' limit has not been exceeded. If the amount that is passed in exceeds the amountFarm limit, the excess value will be minted to the designated recipient.
- Once the farm limit is met, the FarmOwner will not be able to use the "farm" function anymore.
- 'Evolver' roles can use the "win" function to mint any amount of $PkMon to any address as long as the 'play to earn' limit has not been exceeded. If the amount that is passed in exceeds the play to earn limit, the excess value will be minted to the designated recipient.
- Once the play to earn limit is met, the Evolver role will not be able to use the "Win" function anymore.
- The contract features a blacklist that will blacklist certain accounts that the owner specifies. If a blacklisted account attempts to transfer an amount of $PkMon that is greater than the limit (determined by the owner), they will be blocked from participating in transfers for 10 minutes.
- The owner has the ability to modify this threshold of tokens to swap to a new value at any time.
- The owner of the contract can exclude and include accounts from transfer fees.
- The PolkaMonster contract is intended to interact with a 'manager' contract which was not provided to our team; Thus, it is not in scope for this audit.
- The owner has the ability to modify the "manager contract address" at any time.
- Ownership has not been renounced.
- The contract utilizes SafeMath libraries along with following the ERC20 standard.
- No external vulnerabilities were identified within the smart contract's code.
- We recommended that the team removes receive() function, as there is not currently a way to retrieve BNB from the PolkaMonster contract, therefore resulting in BNB Locks if anyone sends BNB to the contract.
- Please ensure trust in the team prior to investing as they have substantial control within the ecosystem.
- Further, ensure trust in the team prior to investing as the team receives the BNB from the swap tokens functionality.
- Much more functionality is advertised on the Project's website than what is currently present in the smart contracts we audited.
- Date: August 6th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ ReentrancyGuard
- [Int] #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IManager
- [Ext] battlefields
- [Ext] evolvers
- [Ext] markets
- [Ext] farmOwners
- [Ext] timesBattle
- [Ext] timeLimitBattle
- [Ext] generation
- [Ext] xBattle
- [Ext] priceEgg
- [Ext] divPercent
- [Ext] feeUpgradeGeneration
- [Ext] feeChangeTribe
- [Ext] feeMarketRate
- [Ext] loseRate
- [Ext] feeEvolve
- [Ext] feeAddress
+ Monster (Ownable, ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] setManager #
- modifiers: onlyOwner
- [Pub] setTransferFeeRate #
- modifiers: onlyOwner
- [Pub] setMinTokensBeforeSwap #
- modifiers: onlyOwner
- [Ext] farm #
- modifiers: onlyFarmOwners
- [Ext] win #
- modifiers: onlyEvolver
+ PolkaMonster (Monster, ReentrancyGuard)
- [Pub] #
- modifiers: Monster
- [Pub] burn #
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] isExcludedFromFees
- [Ext] setBlacklists #
- modifiers: onlyOwner
- [Int] _transfer #
- [Pub] swapTokenForMkt #
- modifiers: nonReentrant
- [Prv] swapTokensForEth #
- [Ext] ($)
- [Ext] setAddressForMkt #
- modifiers: onlyOwner
- [Ext] blacklist #
- modifiers: onlyOwner