Secure Pad Token & Presale Platform - Smart Contract Audit Report
Summary
Secure Pad is building a launchpad for projects on Ethereum to launch in a safe, trusted, and decentralized manner.
Notes on the Token Contract (SEPA_Token):The total supply of the token is 350,000. At the time of deployment all tokens are delivered to the deployer's address. There is no way for more tokens to be minted. There is a % fee charged on transfers of the token. 75% of the tokens from this fee are stored in the contract and, once a threshold value is met, used to fund Uniswap liqudity. Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received ETH with the token, and adding it as liquidity to the ETH pair. The team can enable and disable the liquidity-adding mechanism at any time. Additionally, the team can update the threshold of tokens needed to trigger a liquidity-add. The remaining 25% of the tokens from the fee will be allocated to the rewards repay contract. The team can set the fees associated with transfers to any amount at any time. We recommend requiring that these fees not exceed a set percentage. By default, transfers are disabled except for users on a whitelist. After the team enables global transfers, they cannot be disabled again. The owner has the ability to update the Uniswap pair and router addresses at any time. We advise moving these into constructor arguments and/or constant/immutable variables as they should not need to be defined more than once. The team can also set the address of the Reserve Repay contract at any time. The contract utilizes SafeMath to prevents overflow issues.
Notes on the Presale Contracts (SEPA_Public, SEPA_Whitelist):Users can purchase SEPA tokens via either sending ETH directly to this contract, or via buy_sepa() function. Public presale participants recieve 100% of their purchased tokens immededietly, while whitelist presale participants recieve 80% upon purchase. Participants in the whitelisted presale can call the claim_sepa() function to claim the remaining 20% of their purchased tokens one month after the sale concludes. Users are encouraged to claim their tokens promptly, as the team has the ability and intends to claim the leftover tokens. The owner has the power to add and remove addresses from the whitelist. Once the sale has concluded, the team can call a function to retrieve the ETH raised and remaining tokens. We recommend requiring this function not be called until 1 month after deployment in the whitelist contract to align with the logic discussed above. The owner has the ability to update the price of tokens to be purchased at any time, as well as the token contract address. The ability to update the token contract address seems unnecessecary and could be replaced with a constructor argument. The only differences between the two sales is that the public sale does not rely upon a whitelist; nor does it lock buyers' tokens for any period of time. The contracts utilize math that prevents overflow issues.
Notes on the Token Locking contracts (SEPA_ReserveRepay, SEPA_Team & SEPA_Treasury):These contracts hold tokens and release them over time. One contract is used to hold tokens for the platform's upcoming Reserve and Repay system; another is used to hold the team's tokens, while the other is used to hold the project's treasury funds. The tokens in the SEPA_ReserveRepay contract can be withdrawn by the team at any time. We recommended implementing some minimal timelock that would align with the team's development schedule. The team's locked tokens will be locked for 6 months; after which, 10% of the tokens locked will be claimable by the team each month. The Treasury's tokens will not be available for the first 90 days. After that period elapses, the team will be able to claim 10% of their allocated tokens every 3 months. The ability to update the token contract address seems unnecessecary and could be replaced with a constructor argument. The contracts utilize math that prevents overflow issues.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- As with any presale, ensure trust in the team prior to investing.
- KYC: No.
- The team has worked with us to optimize these contracts for gas efficiency.
- Date: March 22nd, 2021.
External Threats
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details - SEPA_Public
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] SEPA_Token
- [Ext] balanceOf #
- [Ext] transfer #
- [Ext] transferFrom #
+ SEPA_Public (Ownable)
- [Pub] #
- [Int] safeMultiply
- [Int] safeDivide
- [Pub] set_token_contract #
- modifiers: onlyOwner
- [Pub] buy_SEPA ($)
- [Ext] ($)
- [Pub] adjustPrice #
- modifiers: onlyOwner
- [Pub] endSEPAPublic #
- modifiers: onlyOwner
Details - SEPA_ReserveRepay
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] SEPA_token
- [Ext] balanceOf #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] _approve #
+ SEPA_ReserveRepay (Ownable)
- [Pub] withdraw #
- modifiers: onlyOwner
- [Pub] set_token_contract #
- modifiers: onlyOwner
Details - SEPA_Team
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] SEPA_token
- [Ext] balanceOf #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] _approve #
+ SEPA_TeamLock (Ownable)
- [Pub] lock_tokens ($)
- modifiers: onlyOwner
- [Pub] withdraw #
- modifiers: onlyOwner
- [Pub] set_token_contract #
- modifiers: onlyOwner
Details - SEPA_Token
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IUniswapV2Factory
- [Ext] createPair #
+ [Int] IUniswapV2Pair
- [Ext] sync #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
+ SEPA_Token (Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _approve #
- [Prv] _transfer #
- [Prv] _transferStandard #
- [Prv] _transferStandardSell #
- [Prv] _transferStandardTx #
- [Prv] swapAndLiquifyForEth #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] addLiquidityForEth #
- [Ext] ($)
- [Ext] _setMinTokensBeforeSwap #
- modifiers: onlyOwner
- [Ext] _enableTransfers #
- modifiers: onlyOwner
- [Int] _isUniswapPairAddress
- [Ext] _setUniswapPairAddress #
- modifiers: onlyOwner
- [Ext] _setReserveRepayAddr #
- modifiers: onlyOwner
- [Ext] _setRouterContract #
- modifiers: onlyOwner
- [Int] _mint #
- [Pub] _burn #
- [Pub] getCurrentPoolAddress
- [Pub] getCurrentPairTokenAddress
- [Ext] updateSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Ext] setAddrTransferWhitelist #
- modifiers: onlyOwner
- [Ext] setFees #
- modifiers: onlyOwner
Details - SEPA_Treasury
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] SEPA_token
- [Ext] balanceOf #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] _approve #
+ SEPA_Treasury (Ownable)
- [Pub] lock_tokens ($)
- modifiers: onlyOwner
- [Pub] withdraw #
- modifiers: onlyOwner
- [Pub] set_token_contract #
- modifiers: onlyOwner
Details - SEPA_Whitelist
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] SEPA_Token
- [Ext] balanceOf #
- [Ext] transfer #
- [Ext] transferFrom #
+ SEPA_Whitelist (Ownable)
- [Pub] #
- [Int] safeMultiply
- [Int] safeDivide
- [Pub] set_token_contract #
- modifiers: onlyOwner
- [Pub] buy_SEPA ($)
- [Pub] claim_SEPA #
- [Ext] ($)
- [Ext] adjustPrice #
- modifiers: onlyOwner
- [Ext] endSEPASeed #
- modifiers: onlyOwner
- [Ext] updateWhitelist #
- modifiers: onlyOwner