STMY Token - Smart Contract Audit Report
Summary
The STMY is a new token with frictionless fee redistribution, liquidity adds, and a lottery mechanism.
We reviewed STMY Token's contract at 0xcdaf72a21742a9da84edccfa1f316429c64da121 on the BSC testnet.
Update: The contract is now deployed to 0x3Fd4894c3aeAA7476f55B36375F26a7b5E01B781.
Features of the Contract:
- The total supply of the token is 100 billion.
- No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to the burn address.
- The team will receive the full supply upon deployment.
- Multiple fees are changed on each transfer of the token. There are fees allocated towards liquidity, token burns, frictionless redistribution, a marketing fund, a development fund, and the lottery pool.
- Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, adding it as liquidity to the BNB pair, and sending the LP tokens to the burn address.
- The team can update fee allocations at any time, though each fee is capped to a 10% maximum.
- Any user who receives tokens will be entered into the lottery. The team may want to consider implementing a minimum amount here to prevent abuse.
- One the lottery pool reaches a threshold number of users as set by the team, a user will be pseudo-randomly chosen as the winner.
- The lottery winner will receive all of the tokens held in the pool.
- There is a maximum transaction amount on the number of tokens which can be sent in a single transaciton, updatable by the team to any value above 0.1%.
- The owner has the ability to blacklist any address, preventing them from using the token.
- The owner can also remove any BNB or tokens held in the contract.
- In addition, the owner can exclude any address from the fee mechanism, the lottery, and the maximum transaction amount.
- The owner also has the ability to set a series of variables related to the lottery.
- Utilization of SafeMath to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- As with any presale, ensure trust in the team prior to investing.
- Ensure trust in the team as they have notable control in the ecosystem.
- Date: June 19th, 2021.
- Update Date: June 23rd, 2021 - Deployment to mainnet with some improvements.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | Decisions are made based on the block.timestamp environment variable which can be manipulated by a malicious miner. This is extremley unlikely to occur. | Warning |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ STMY (Context, IERC20, Ownable)
- [Pub] #
- [Pub] lpBalance
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Ext] isExcludedFromReward
- [Ext] totalFees
- [Ext] deliver #
- [Ext] reflectionFromToken
- [Pub] tokenFromReflection
- [Ext] blacklist #
- modifiers: onlyOwner
- [Ext] whitelist #
- modifiers: onlyOwner
- [Ext] setMinimumLotteryParticipients #
- modifiers: onlyOwner
- [Ext] setParticipantsSmall #
- modifiers: onlyOwner
- [Ext] setParticipantsBig #
- modifiers: onlyOwner
- [Ext] setPrizeSmall #
- modifiers: onlyOwner
- [Ext] setPrizeBig #
- modifiers: onlyOwner
- [Ext] restartLottery #
- modifiers: onlyOwner
- [Ext] enableLottery #
- modifiers: onlyOwner
- [Ext] disableLottery #
- modifiers: onlyOwner
- [Ext] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] excludeFromSlowMode #
- modifiers: onlyOwner
- [Pub] excludeFromLottery #
- modifiers: onlyOwner
- [Pub] excludeFromTxLimit #
- modifiers: onlyOwner
- [Pub] includeInTxLimit #
- modifiers: onlyOwner
- [Pub] includeInLottery #
- modifiers: onlyOwner
- [Pub] includeInSlowMode #
- modifiers: onlyOwner
- [Ext] includeInFee #
- modifiers: onlyOwner
- [Ext] setTaxFeePercent #
- modifiers: onlyOwner
- [Ext] setLiquidityFeePercent #
- modifiers: onlyOwner
- [Ext] setBurnFeePercent #
- modifiers: onlyOwner
- [Ext] setLotteryFeePercent #
- modifiers: onlyOwner
- [Ext] setMarketingFeePercent #
- modifiers: onlyOwner
- [Ext] setDevelopmentFeePercent #
- modifiers: onlyOwner
- [Ext] setMaxTxPercent #
- modifiers: onlyOwner
- [Ext] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Ext] setSlowModeEnabled #
- modifiers: onlyOwner
- [Ext] ($)
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] _takeBurnFund #
- [Prv] _takeLotteryFund #
- [Prv] _takeMarketingFund #
- [Prv] _takeDevelopment #
- [Prv] calculateFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Ext] isExcludedFromFee
- [Prv] getDayOfTheWeek
- [Prv] addToLottery #
- [Prv] getLotteryWin
- [Prv] drawWinner #
- [Prv] doLottery #
- [Prv] removeFromLottery #
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] swapTokensWBNB #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferBothExcluded #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferCommon #
- [Prv] _rAdd #
- [Prv] _rSub #
- [Prv] _tAdd #
- [Prv] _tSub #
- [Pub] safeTransferETH #
- modifiers: onlyOwner
- [Pub] safeTransfer #
- modifiers: onlyOwner