SonOfABit - Smart Contract Audit Report
Summary
Son Of A Bit is creating a new dividend paying token with liquidity adds and a buyback system for burning supply. They are also building a new staking platform where users can earn additional rewards.
Notes on the Contracts:
SonOfABit Contract:SonOfABitStaking Contract:
- The total supply of Son of a Bit tokens ($SOB) is set to one quadrillion (1,000,000,000,000,000).
- At the time of writing this report, 100% of tokens are in possession of the owner.
- No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- When buying or selling, a 'rewards' fee, 'liquidity' fee, 'buyback' fee, 'staking' fee, 'marketing' fee, 'charity' fee, and 'retirement' fee are each taken. There are no fees on non buys/sells.
- At the time of writing this report, there is a 14% total buy fee and a 35% total sell fee.
- The sum of these fees can be updated by the owner to a maximum of 20% when buying and 30% when selling.
- The fees charged on transactions are stored in the contract. Once a threshold value is met, tokens are used to fund PancakeSwap liquidity, distribute fees, and prepare buybacks.
- Liquidity-adds are funded by swapping a portion of tokens collected as liquidity fees for BNB, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the 0x..dead address.
- The remainder of the tokens from fees are swapped for BNB. A portion of this BNB is stored in the contract for buybacks, and the rest is sent to the designated fee addresses.
- Any remaining BNB after a liquidity add is stored in the contract and can only be used for buybacks.
- The owner can execute a buyback at any time, which swaps BNB for $SOB and subsequently burns them. In order to reduce the risk of frontrunning, buybacks are limited to 10 BNB at once.
- A user must hold 10,000 $SOB to be eligible for dividends.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer. Dividends are paid in BUSD.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is an owner-specified wait-time between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- Users must wait a minimum delay of one block between transfers until this functionality is disabled by the owner.
- This token includes anti-whale logic, which prevents users from executing transfers above a certain maximum transaction amount. In addition, users will be prevented from receiving transfers if it results in their token balance exceeding a maximum wallet amount.
- The owner is exempt from the transfer delay and anti-whale logic.
- The transfer delay and anti-whale logic can be disabled by the owner ay any time. Once these limitations are disabled, they cannot be reenabled.
- At the time of writing this report, trading is 'inactive'. While 'inactive', only addresses excluded from fees can transfer tokens. The owner can enable trading at any time; once trading is enabled, it cannot be disabled again.
- Once trading is enabled, users must wait two blocks before trading or they will pay a 99% fee. This is implemented to prevent bot trading.
- The owner can withdraw any BNB in the contract while trading is 'inactive'.
- The owner is able to include or exclude any address from dividends at any time.
- The owner is able to update the marketing, staking, charity, and retirement wallet addresses at any time.
- The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time; the initial value is 400,000.
- The owner is able to update the amount of time a user must wait between claiming dividends to a value between 20 minutes and 24 hours.
- The owner can update the maximum transaction amount to any value greater than .1% of the total supply.
- The owner can update the maximum wallet amount to any value greater than 1% of the total supply.
- The owner is able to toggle the swap and liquify functionality at any time.
General Notes Across Contracts:
- This contract allows users to stake their $SOB in order to receive rewards in either BNB or a user-specified token.
- This contract receives funds through staking fees sent from the SonOfABit contract. This contract also receives BUSD dividends from the tokens staked in this contract.
- When dividends are distributed, the BUSD in the contract is coverted to BNB and added to the BNB received from staking fees as dividends to be paid to users.
- If desired, a users share of dividends can be swapped for a token of their choice when claiming rewards.
- There is an owner-specified wait-time between claiming rewards.
- A user must have 100 $SOB staked to be eligible for dividends.
- The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 second and 24 hours.
Audit Findings Summary
- As the contracts are implemented with Solidity 0.8.x, they are protected from overflows.
- ReentrancyGuard is utilized in both contracts where applicable, protecting them from any potential reentrancy attacks.
- No external threats were identified.
- Ensure trust in the team as they have some control in the ecosystem.
- After trading is enabled, users should not buy or sell tokens until two blocks have passed, or they will pay a 99% fee. This is implemented to prevent bot trading.
- Date: December 16th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | The owner has the permissions mentioned above. | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unbounded Loop | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: SonOfABit Contract
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Lib] IterableMapping
- [Pub] get
- [Pub] getIndexOfKey
- [Pub] getKeyAtIndex
- [Pub] size
- [Pub] set #
- [Pub] remove #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Int] DividendPayingTokenOptionalInterface
- [Ext] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Ext] accumulativeDividendOf
+ [Int] DividendPayingTokenInterface
- [Ext] dividendOf
- [Ext] distributeDividends ($)
- [Ext] withdrawDividend #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMathInt
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
- [Int] abs
- [Int] toUint256Safe
+ [Lib] SafeMathUint
- [Int] toInt256Safe
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ DividendPayingToken (DividendPayingTokenInterface, DividendPayingTokenOptionalInterface, Ownable)
- [Ext] ($)
- [Pub] distributeDividends ($)
- [Ext] distributeTokenDividends #
- modifiers: onlyOwner
- [Ext] withdrawDividend #
- [Int] _withdrawDividendOfUser #
- [Ext] dividendOf
- [Pub] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Pub] accumulativeDividendOf
- [Int] _increase #
- [Int] _reduce #
- [Int] _setBalance #
+ SonOfABit (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Ext] ($)
- [Ext] addPresaleAddressForExclusions #
- modifiers: onlyOwner
- [Ext] disableTransferDelay #
- modifiers: onlyOwner
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] includeInDividends #
- modifiers: onlyOwner
- [Ext] enableTrading #
- modifiers: onlyOwner
- [Ext] updateSwapEnabled #
- modifiers: onlyOwner
- [Ext] updateMaxAmount #
- modifiers: onlyOwner
- [Ext] updateMaxWalletAmount #
- modifiers: onlyOwner
- [Ext] updateBuyFees #
- modifiers: onlyOwner
- [Ext] updateSellFees #
- modifiers: onlyOwner
- [Pub] excludeFromMaxTransaction #
- modifiers: onlyOwner
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Ext] excludeMultipleAccountsFromFees #
- modifiers: onlyOwner
- [Ext] setAutomatedMarketMakerPair #
- modifiers: onlyOwner
- [Prv] _setAutomatedMarketMakerPair #
- [Ext] updateMarketingWallet #
- modifiers: onlyOwner
- [Ext] updateStakingAddress #
- modifiers: onlyOwner
- [Ext] updateRetirementAddress #
- modifiers: onlyOwner
- [Ext] updateCharityAddress #
- modifiers: onlyOwner
- [Ext] updateGasForProcessing #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getClaimWait
- [Ext] getTotalDividendsDistributed
- [Ext] isExcludedFromFees
- [Ext] withdrawableDividendOf
- [Ext] dividendTokenBalanceOf
- [Ext] getAccountDividendsInfo
- [Ext] getAccountDividendsInfoAtIndex
- [Ext] processDividendTracker #
- [Ext] claim #
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfDividendTokenHolders
- [Ext] getNumberOfDividends
- [Ext] removeLimits #
- modifiers: onlyOwner
- [Int] _transfer #
- [Prv] swapBnbForRewardToken #
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] swapBack #
- [Ext] buyBackTokens #
- modifiers: onlyOwner
- [Ext] withdrawStuckEth #
- modifiers: onlyOwner
+ DividendTracker (DividendPayingToken)
- [Pub] #
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] includeInDividends #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Ext] getAccountAtIndex
- [Prv] canAutoClaim
- [Ext] setBalance #
- modifiers: onlyOwner
- [Ext] process #
- [Pub] processAccount #
- modifiers: onlyOwner
Details: SOBStaking Contract
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Lib] IterableMapping
- [Pub] get
- [Pub] getIndexOfKey
- [Pub] getKeyAtIndex
- [Pub] size
- [Pub] set #
- [Pub] remove #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ [Int] DividendPayingTokenOptionalInterface
- [Ext] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Ext] accumulativeDividendOf
+ [Int] DividendPayingTokenInterface
- [Ext] dividendOf
- [Ext] distributeDividends ($)
- [Ext] withdrawDividend #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMathInt
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
- [Int] abs
- [Int] toUint256Safe
+ [Lib] SafeMathUint
- [Int] toInt256Safe
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ DividendPayingToken (DividendPayingTokenInterface, DividendPayingTokenOptionalInterface, Ownable)
- [Ext] ($)
- [Pub] distributeDividends ($)
- [Ext] withdrawDividend #
- [Int] buyTokens #
- [Int] sellBusdForBnb #
- [Int] _withdrawDividendOfUser #
- [Int] _withdrawDividendOfUserWithReward #
- [Ext] dividendOf
- [Pub] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Pub] accumulativeDividendOf
- [Int] _increase #
- [Int] _reduce #
- [Int] _setBalance #
+ SonOfABitStaking (Ownable, DividendPayingToken)
- [Pub] #
- [Ext] stake #
- modifiers: nonReentrant
- [Ext] unstake #
- modifiers: nonReentrant
- [Ext] claim #
- modifiers: nonReentrant
- [Ext] claimWithCustomReward #
- modifiers: nonReentrant
- [Int] excludeFromDividends #
- [Int] includeInDividends #
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Ext] getAccountAtIndex
- [Prv] canAutoClaim
- [Int] setBalance #
- [Int] processAccount #
- [Int] processAccountWithReward #