Santa Inu - Smart Contract Audit Report
Santa Inu ($SANINU) is a new community-driven DeFi token that performs automatic liquidity adds, features a buyback system for burning supply, and pays static rewards to holders.
Notes on the Contract:
Audit Findings Summary
- The total supply of the token is set to 1 quadrillion [1,000,000,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- 59.99% of the total supply has been sent to the 0x..dead address.
- 2.15% of the total supply is in Pancakeswap liquidity.
- Of that liquidity, 52.99% of the total supply has been sent to the 0x..dead address.
- 46.66% of the LP tokens are stored in an unverified contract.
- The next five holders own a cumulative 5.07% of the total supply.
- There is a tax fee, liquidity fee, buyback fee, burn fee, and wallet fee on all transactions for any non-excluded address that participates in a transfer.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
- The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value of 1 trillion tokens is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the 0x..dead address.
- On each transfer that occurs while the minimum threshold (determined by the owner) is met, the protocol will spend 1% of its BNB balance toward buying $SANINU tokens that will subsequently be burned.
- The tokens collected from the burn fee are sent to the 0x..dead address.
- The tokens collected from the wallet fee are sent to a wallet controlled by the team.
- The contract features a maximum wallet limit which ensures that a user's token balance does not exceed a certain amount of tokens (specified by the owner) after a buying transaction.
- The contract complies with the BEP20 token standard.
- As the contract is implemented with Solidity v0.8.x, it is protected from overflows.
- Ownership has not been renounced.
- The owner can modify the tax fee, liquidity fee, buyback fee, burn fee, and wallet fee to any percentages between 0% and 10% at any time.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner can update the maximum wallet amount to any value at any time.
- The owner can enable/disable automatic liquidity adds at any time.
- The owner can update the minimum threshold of tokens needed to trigger the buyback mechanism.
- The owner can withdraw any BEP20 tokens from the contract address at any time.
- The owner can update the team wallet to any address at any time.
- The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
- The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
- We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have notable control in the ecosystem.
- Please be aware of the amount of liquidity available in proportion to the largest wallets
- Date: November 24th, 2021
|Arbitrary Storage Write||N/A||PASS|
|Centralization of Control||The owner can set each fee up to 10%.||WARNING|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + Context - [Int] _msgSender - [Int] _msgData + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + [Lib] SafeERC20 - [Int] safeTransfer # - [Int] safeTransferFrom # - [Int] safeApprove # - [Int] safeIncreaseAllowance # - [Int] safeDecreaseAllowance # - [Prv] _callOptionalReturn # + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Pub] geUnlockTime - [Pub] lock # - modifiers: onlyOwner - [Pub] unlock # + [Int] IUniswapV2Factory - [Ext] feeTo - [Ext] feeToSetter - [Ext] getPair - [Ext] allPairs - [Ext] allPairsLength - [Ext] createPair # - [Ext] setFeeTo # - [Ext] setFeeToSetter # + [Int] IUniswapV2Router01 - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] removeLiquidity # - [Ext] removeLiquidityETH # - [Ext] removeLiquidityWithPermit # - [Ext] removeLiquidityETHWithPermit # - [Ext] swapExactTokensForTokens # - [Ext] swapTokensForExactTokens # - [Ext] swapExactETHForTokens ($) - [Ext] swapTokensForExactETH # - [Ext] swapExactTokensForETH # - [Ext] swapETHForExactTokens ($) - [Ext] quote - [Ext] getAmountOut - [Ext] getAmountIn - [Ext] getAmountsOut - [Ext] getAmountsIn + [Int] IUniswapV2Router02 (IUniswapV2Router01) - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens # - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens # - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + Token (Context, IERC20, Ownable) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Pub] isExcludedFromReward - [Pub] totalFees - [Pub] deliver # - [Pub] reflectionFromToken - [Pub] tokenFromReflection - [Pub] excludeFromReward # - modifiers: onlyOwner - [Ext] includeInReward # - modifiers: onlyOwner - [Pub] excludeFromFee # - modifiers: onlyOwner - [Pub] includeInFee # - modifiers: onlyOwner - [Ext] setAllFeePercent # - modifiers: onlyOwner - [Pub] buyBackUpperLimitAmount - [Ext] setBuybackUpperLimit # - modifiers: onlyOwner - [Ext] setMaxTxPercent # - modifiers: onlyOwner - [Ext] setMaxWalletPercent # - modifiers: onlyOwner - [Pub] setSwapAndLiquifyEnabled # - modifiers: onlyOwner - [Ext] setFeeWallet # - modifiers: onlyOwner - [Ext] ($) - [Prv] _reflectFee # - [Prv] _getValues - [Prv] _getTValues - [Prv] _getRValues - [Prv] _getRate - [Prv] _getCurrentSupply - [Prv] _takeLiquidity # - [Prv] calculateTaxFee - [Prv] calculateLiquidityFee - [Prv] removeAllFee # - [Prv] restoreAllFee # - [Pub] isExcludedFromFee - [Prv] _approve # - [Prv] _transfer # - [Prv] swapAndLiquify # - modifiers: lockTheSwap - [Prv] buyBackTokens # - modifiers: lockTheSwap - [Prv] swapTokensForBNB # - [Prv] swapBNBForTokens # - [Prv] addLiquidity # - [Prv] _tokenTransfer # - [Prv] _transferStandard # - [Prv] _transferToExcluded # - [Prv] _transferFromExcluded # - [Prv] _transferBothExcluded # - [Prv] _tokenTransferNoFee # - [Pub] recoverBEP20 # - modifiers: onlyOwner