Portuma - Smart Contract Audit Report
Summary
Portuma ($POR) is a BEP20 token on the Binance Smart Chain. The team aims to use the platform as an advertising tool to all mobile and desktop game developers and companies and users of the world.
We reviewed the PorToken implementation contract that is deployed at 0x85fd58aB90A6ED6570c5c934f8A4A7776817432f on the Binance Smart Chain mainnet.
Please note that the implementation contract can be updated at any time as it is deployed behind an Upgradeable Proxy contract.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is set to 10 billion [10,000,000,000].
- No minting functions are accessible beyond deployment.
- Any user can burn their own tokens to reduce the total supply.
- At the time of writing this report, 91.03% of the total supply belongs to a KIPS locked wallet.
- 1.15% of the total supply is in Pancakeswap liquidity.
- Of that liquidity, 99% of the LP tokens are stored in a DxSale token locking contract and will vest to the team on December 6th, 2022.
- The next five holders own a cumulative 1.04% of the total supply.
- There is a holder fee, marketing fee, and burn fee on all transactions for any "non-excluded" address that participates in a transfer. Multiple fee structures are set by the team to apply different fee percentages when the user is selling to Pancakeswap relative to the start time (determined by the owner) of the contract.
- The first fee structure is applied on sells to Pancakeswap within 1 day of the start time. The second fee structure is applied on sells to Pancakeswap between 1-21 days since the start time. The third fee structure is applied on sells to Pancakeswap between 21-30 days since the start time. The fourth fee structure is applied on sells to Pancakeswap after 30 days since the start time.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the holder fee are removed from the circulating supply.
- The tokens collected from the burn fee are burned to reduce the total supply.
- The tokens collected from the marketing fee are sent to the team's Marketing wallet.
- The contract is upgradable, meaning the team can swap out the current contract for a new one at any time.
- As the contract is deployed with Solidity v0.8.x, it is protected from overflows.
Ownership Controls:- The owner can modify the holder fee, marketing fee, and burn fee for each fee structure to any percentages at any time.
- The owner can pause/unpause trading at any time.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can reset the start time of the contract at any time.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner can withdraw any BNB or BEP20 tokens from the contract address at any time.
- The owner can update the minimum threshold of tokens needed to trigger the swapping of marketing tokens for BNB to any value at any time.
- The owner can add accounts to a blacklist which will prevent them from being able to participate in transfers.
- The owner can airdrop any amount of tokens to any address at any time. A for loop is used to transfer funds for the airdrop; The team must ensure the maximum number of addresses that can be involved in a single airdrop is no more than 350 to prevent this loop from hitting the block gas limit.
- The owner can update the team's marketing wallet to any address at any time.
- The owner can update the Pancakeswap pair and Pancakeswap Router addresses at any time.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and can upgrade the contract at any time.
- Further ensure trust as the team can pause all trading at any time.
- Date: November 17th, 2021
- Updated: December 15th, 2021 to reflect the latest implementation contract.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Int] IERC20Upgradeable
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20MetadataUpgradeable (IERC20Upgradeable)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Initializable
+ ContextUpgradeable (Initializable)
- [Int] __Context_init #
- modifiers: initializer
- [Int] __Context_init_unchained #
- modifiers: initializer
- [Int] _msgSender
- [Int] _msgData
+ ERC20Upgradeable (Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable)
- [Int] __ERC20_init #
- modifiers: initializer
- [Int] __ERC20_init_unchained #
- modifiers: initializer
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ ERC20BurnableUpgradeable (Initializable, ContextUpgradeable, ERC20Upgradeable)
- [Int] __ERC20Burnable_init #
- modifiers: initializer
- [Int] __ERC20Burnable_init_unchained #
- modifiers: initializer
- [Pub] burn #
- [Pub] burnFrom #
+ PausableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Pausable_init #
- modifiers: initializer
- [Int] __Pausable_init_unchained #
- modifiers: initializer
- [Pub] paused
- [Int] _pause #
- modifiers: whenNotPaused
- [Int] _unpause #
- modifiers: whenPaused
+ OwnableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Ownable_init #
- modifiers: initializer
- [Int] __Ownable_init_unchained #
- modifiers: initializer
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ [Int] IBeaconUpgradeable
- [Ext] implementation
+ [Lib] AddressUpgradeable
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] verifyCallResult
+ [Lib] StorageSlotUpgradeable
- [Int] getAddressSlot
- [Int] getBooleanSlot
- [Int] getBytes32Slot
- [Int] getUint256Slot
+ ERC1967UpgradeUpgradeable (Initializable)
- [Int] __ERC1967Upgrade_init #
- modifiers: initializer
- [Int] __ERC1967Upgrade_init_unchained #
- modifiers: initializer
- [Int] _getImplementation
- [Prv] _setImplementation #
- [Int] _upgradeTo #
- [Int] _upgradeToAndCall #
- [Int] _upgradeToAndCallSecure #
- [Int] _getAdmin
- [Prv] _setAdmin #
- [Int] _changeAdmin #
- [Int] _getBeacon
- [Prv] _setBeacon #
- [Int] _upgradeBeaconToAndCall #
- [Prv] _functionDelegateCall #
+ UUPSUpgradeable (Initializable, ERC1967UpgradeUpgradeable)
- [Int] __UUPSUpgradeable_init #
- modifiers: initializer
- [Int] __UUPSUpgradeable_init_unchained #
- modifiers: initializer
- [Ext] upgradeTo #
- modifiers: onlyProxy
- [Ext] upgradeToAndCall ($)
- modifiers: onlyProxy
- [Int] _authorizeUpgrade #
+ [Lib] EnumerableSetUpgradeable
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Prv] _values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] values
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] RFIFeeCalculator
- [Int] calculateFees
- [Int] calculateFee
- [Int] getCurrentBurnFeeOnSale
- [Int] getCurrentHolderFeeOnSale
- [Int] getCurrentMarketingFeeOnSale
+ PorToken (Initializable, ERC20BurnableUpgradeable, PausableUpgradeable, OwnableUpgradeable, UUPSUpgradeable)
- [Pub] #
- modifiers: initializer
- [Pub] initialize #
- modifiers: initializer
- [Ext] pause #
- modifiers: onlyOwner
- [Ext] unpause #
- modifiers: onlyOwner
- [Int] _beforeTokenTransfer #
- modifiers: whenNotPaused
- [Int] _authorizeUpgrade #
- modifiers: onlyOwner
- [Ext] ($)
- [Int] __initializeParams #
- modifiers: initializer
- [Pub] totalSupply
- [Pub] balanceOf
- [Int] _burn #
- [Ext] setMaxTxAmount #
- modifiers: onlyOwner
- [Ext] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Ext] excludeFromFee #
- modifiers: onlyOwner
- [Ext] includeInFee #
- modifiers: onlyOwner
- [Ext] resetStartTimestamp #
- modifiers: onlyOwner
- [Ext] setBurnFee #
- modifiers: onlyOwner
- [Ext] setHolderFee #
- modifiers: onlyOwner
- [Ext] setMarketingFee #
- modifiers: onlyOwner
- [Ext] setSwapMarketingAtAmount #
- modifiers: onlyOwner
- [Ext] setMarketingWallet #
- modifiers: onlyOwner
- [Ext] setAutomatedMarketMakerPair #
- modifiers: onlyOwner
- [Ext] createETHSwapPair #
- modifiers: onlyOwner
- [Ext] setUniswapRouter #
- modifiers: onlyOwner
- [Ext] setUniswapPair #
- modifiers: onlyOwner
- [Ext] setTradingIsEnabled #
- modifiers: onlyOwner
- [Ext] blacklistAddress #
- modifiers: onlyOwner
- [Int] _setAutomatedMarketMakerPair #
- [Int] _excludeFromReward #
- [Pub] tokenFromReflection
- [Pub] reflectionFromToken
- [Ext] isExcludedFromFee
- [Ext] isExcludedFromReward
- [Ext] getBurnFee
- [Ext] getHolderFee
- [Ext] getMarketingFee
- [Ext] getTaxTiers
- [Ext] getTradingStatus
- [Ext] isBlacklisted
- [Int] _getRate
- [Int] _getCurrentSupply
- [Ext] getCurrentBurnFeeOnSale
- [Ext] getCurrentHolderFeeOnSale
- [Ext] getCurrentMarketingFeeOnSale
- [Int] calculateFee
- [Int] _transfer #
- [Int] _validateTransfer
- [Int] _tokenTransfer #
- [Int] _takeReflectionFee #
- [Int] _takeTransactionFee #
- [Int] _reflectTotal #
- [Int] swapAndSendTokensForMarketing #
- modifiers: lockTheSwap
- [Ext] withdrawERC20 #
- modifiers: onlyOwner
- [Ext] transferBalance #
- modifiers: onlyOwner
- [Ext] multiTransfer #
- modifiers: onlyOwner
- [Ext] version