Pump It - Smart Contract Audit Report

Summary

Pump It Audit Report Pump It ($PumpIt) is a new BEP-20 token on the Binance Smart Chain that features automatic liquidity adds and pays holders dividends in BUSD.

We reviewed the PumpIt contract that is deployed at 0x2f79Bab3E8FBE45A3c78028E5dD8a2aa6Ee30f37 on the Binance Smart Chain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 720 billion $PumpIt [720,000,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
  • At the time of writing this report, 100% of the total supply belongs to the owner.

  • There is a Liquidity Fee, BUSD Rewards Fee, and Marketing fee on all transfers via Pancakeswap (given that the transferring address is not excluded from fees). Fees are increased by 1% when selling to Pancakeswap.
  • The fees charged on transactions are stored in the contract and once the threshold number of 14.4 million tokens is met, a swap will occur for the purpose of funding Pancakeswap liquidity, dividend rewards, and the team's Marketing wallet.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold value of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The LP tokens received through this process are sent to the 0x00 address.
  • The tokens collected from the Marketing Fee are swapped for BUSD and sent to the team's Marketing wallet.
  • The remaining tokens in the contract are swapped for BUSD and are used to fund dividend rewards for all eligible users.

  • Users that hold any amount of tokens are eligible for dividends.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time (determined by the owner) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • The contract features a maximum transaction amount, which imposes a limit to the number of tokens that can be transferred during any given transaction.
  • The contract also features a maximum wallet amount which ensures that a user's token balance does not exceed the limit number of tokens (determined by the owner) after a buying transaction.
  • The contract utilizes the SafeMath library to prevent overflows/underflows.
  • Gas optimizations can be achieved by declaring some functions external instead of public and some state variables constant. As the contract has already been deployed, this is merely informational.
Ownership Controls:
  • The owner can set the Liquidity Fee, BUSD Rewards Fee, and Marketing fee to any percentages at any time.
  • The owner can exclude any address from transfer fees and dividends at any time.
  • The owner can update the maximum transaction amount and maximum wallet amounts to any values at any time.
  • The owner can add any address to a blacklist which will prevent them from being able to participate in transfers.
  • If a user has pending withdrawable dividends, The owner can manually send those dividends to the user at any time.
  • The owner can update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
  • The owner can update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
  • The owner can update the team's Marketing wallet, Automated Market Maker Pair, and Pancakeswap Router addresses at any time.
  • The owner can update the Dividend Tracker, Automated Market Maker Pair, PancakeswapV2Router, and the team's Marketing wallet to any addresses at any time.

Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team as they have substantial control in the ecosystem and currently own 100% of the total supply.
  • Date: January 14th, 2022

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The owner can set each fee percentage up to 100%.
  • The owner can blacklist any account from being able to participate in transfers.
  • WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    BEP20 Token Graph

    Multi-file Token

    												
    ($) = payable function
     # = non-constant function
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Lib] SafeMath 
        - [Int] add
        - [Int] sub
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] div
        - [Int] mod
        - [Int] mod
    
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _beforeTokenTransfer #
    
     + [Lib] SafeMathUint 
        - [Int] toInt256Safe
    
     + [Lib] SafeMathInt 
        - [Int] mul
        - [Int] div
        - [Int] sub
        - [Int] add
        - [Int] abs
        - [Int] toUint256Safe
    
     + [Int] DividendPayingTokenInterface 
        - [Ext] dividendOf
        - [Ext] withdrawDividend #
    
     + [Int] DividendPayingTokenOptionalInterface 
        - [Ext] withdrawableDividendOf
        - [Ext] withdrawnDividendOf
        - [Ext] accumulativeDividendOf
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     +  DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
        - [Pub]  #
           - modifiers: ERC20
        - [Pub] distributeBUSDDividends #
           - modifiers: onlyOwner
        - [Pub] withdrawDividend #
        - [Int] _withdrawDividendOfUser #
        - [Pub] dividendOf
        - [Pub] withdrawableDividendOf
        - [Pub] withdrawnDividendOf
        - [Pub] accumulativeDividendOf
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _setBalance #
    
     + [Lib] IterableMapping 
        - [Pub] get
        - [Pub] getIndexOfKey
        - [Pub] getKeyAtIndex
        - [Pub] size
        - [Pub] set #
        - [Pub] remove #
    
     + [Int] IUniswapV2Pair 
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transfer #
        - [Ext] transferFrom #
        - [Ext] DOMAIN_SEPARATOR
        - [Ext] PERMIT_TYPEHASH
        - [Ext] nonces
        - [Ext] permit #
        - [Ext] MINIMUM_LIQUIDITY
        - [Ext] factory
        - [Ext] token0
        - [Ext] token1
        - [Ext] getReserves
        - [Ext] price0CumulativeLast
        - [Ext] price1CumulativeLast
        - [Ext] kLast
        - [Ext] mint #
        - [Ext] burn #
        - [Ext] swap #
        - [Ext] skim #
        - [Ext] sync #
        - [Ext] initialize #
    
     + [Int] IUniswapV2Factory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Int] IUniswapV2Router01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
    
     + [Int] IUniswapV2Router02 (IUniswapV2Router01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     +  PumpIt (ERC20, Ownable)
        - [Pub]  #
           - modifiers: ERC20
        - [Ext]  ($)
        - [Pub] updateDividendTracker #
           - modifiers: onlyOwner
        - [Pub] updateUniswapV2Router #
           - modifiers: onlyOwner
        - [Pub] excludeFromFees #
           - modifiers: onlyOwner
        - [Pub] excludeMultipleAccountsFromFees #
           - modifiers: onlyOwner
        - [Ext] setMarketingWallet #
           - modifiers: onlyOwner
        - [Ext] setBUSDRewardsFee #
           - modifiers: onlyOwner
        - [Ext] setLiquiditFee #
           - modifiers: onlyOwner
        - [Ext] setMarketingFee #
           - modifiers: onlyOwner
        - [Ext] setMaxTxAmount #
           - modifiers: onlyOwner
        - [Ext] setMaxWalletBalance #
           - modifiers: onlyOwner
        - [Pub] setAutomatedMarketMakerPair #
           - modifiers: onlyOwner
        - [Ext] blacklistAddress #
           - modifiers: onlyOwner
        - [Prv] _setAutomatedMarketMakerPair #
        - [Pub] updateGasForProcessing #
           - modifiers: onlyOwner
        - [Ext] updateClaimWait #
           - modifiers: onlyOwner
        - [Ext] getClaimWait
        - [Ext] getTotalDividendsDistributed
        - [Pub] isExcludedFromFees
        - [Pub] withdrawableDividendOf
        - [Pub] dividendTokenBalanceOf
        - [Ext] excludeFromDividends #
           - modifiers: onlyOwner
        - [Ext] getAccountDividendsInfo
        - [Ext] getAccountDividendsInfoAtIndex
        - [Ext] processDividendTracker #
        - [Ext] claim #
        - [Ext] getLastProcessedIndex
        - [Ext] getNumberOfDividendTokenHolders
        - [Int] _transfer #
        - [Prv] swapAndSendToFee #
        - [Prv] swapAndLiquify #
        - [Prv] swapTokensForEth #
        - [Prv] swapTokensForBUSD #
        - [Prv] addLiquidity #
        - [Prv] swapAndSendDividends #
    
     +  PUMPITDividendTracker (Ownable, DividendPayingToken)
        - [Pub]  #
           - modifiers: DividendPayingToken
        - [Int] _transfer #
        - [Pub] withdrawDividend #
        - [Ext] excludeFromDividends #
           - modifiers: onlyOwner
        - [Ext] updateClaimWait #
           - modifiers: onlyOwner
        - [Ext] getLastProcessedIndex
        - [Ext] getNumberOfTokenHolders
        - [Pub] getAccount
        - [Pub] getAccountAtIndex
        - [Prv] canAutoClaim
        - [Ext] setBalance #
           - modifiers: onlyOwner
        - [Pub] process #
        - [Pub] processAccount #
           - modifiers: onlyOwner