Sugar Kingdom - Smart Contract Audit Report
Audit Summary
Sugar Kingdom is building a new BEP-20 token on the Binance Smart Chain.
We reviewed the project team's SugarKingdomToken contract at 0x03436Fe878e33Be3C8CAEbd205ebc04A66aA3248 on the Binance Smart Chain Mainnet.
Audit Findings
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: February 21st, 2022.
Updated: April 7th, 2022 to reflect the contract's mainnet address.Finding #1 - SugarKingdomToken - Informational
Description: Several functions are declared public, but are never called internally.Recommendation: We recommend declaring these functions external for additional gas savings on each call.totalSupply, balanceOf, isWhitelisted, addWhitelisted, removeWhitelisted, isPool, addPool, removePool, setTaxAccount, changeFees
Contract Overview
Ownership Controls:
- The total supply of the token is initially set to 100 million $CANDY [100,000,000].
- Any user can burn their own tokens to reduce the total supply.
- Any user can burn tokens on another user's behalf if an allowance has been granted.
- No mint functions are accessible beyond deployment.
- At the time of writing this report, 100% of the total supply belongs to the owner.
- There is a tax fee and a burn fee charged on all transfers where neither the sender nor the recipient is excluded from fees.
- A separate fee structure can be set by the team to apply different fee percentages depending on whether the user is buying or selling to an approved DEX during the transfer.
- A third fee structure can be set by the team to apply different fee percentages for all other transfers that do not involve an approved DEX.
- The tokens collected from the tax fee are sent to a fee wallet controlled by the team.
- The tokens collected from the burn fee are removed from the total supply.
- The contract interacts with an external Anti-sniper contract and an external Liquidity Restriction contract on all transfers. The security of these two contracts cannot be confirmed by our team as they are both out of scope for the purpose of this audit.
- As the contract is implemented with Solidity v0.8.x it is protected from overflows/underflows.
- The contract complies with the ERC-20 token standard.
- The owner can set the tax fee and burn fee to any percentages as long as the percentages combined do not exceed the maximum fee cap set by the owner upon deployment.
- The owner can exclude/include accounts from transfer fees.
- The owner can disable the Anti-sniper and Liquidity Restriction mechanisms at any time. Once disabled, they can never be re-enabled.
- The owner can add any address as an approved DEX at any time.
- The owner can update the team's fee wallet to any address at any time.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _spendAllowance #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ ERC20Burnable (Context, ERC20)
- [Pub] burn #
- [Pub] burnFrom #
+ ReentrancyGuard
- [Pub] #
+ [Int] ILiquidityRestrictor
- [Ext] assureLiquidityRestrictions #
+ [Int] IAntisnipe
- [Ext] assureCanTransfer #
+ SugarKingdomToken (ERC20, Ownable, ERC20Burnable, ReentrancyGuard)
- [Pub] #
- modifiers: ERC20
- [Pub] balanceOf
- [Pub] totalSupply
- [Pub] isWhitelisted
- [Pub] addWhitelisted #
- modifiers: onlyOwner
- [Pub] removeWhitelisted #
- modifiers: onlyOwner
- [Pub] isPool
- [Pub] addPool #
- modifiers: onlyOwner
- [Pub] removePool #
- modifiers: onlyOwner
- [Pub] setTaxAccount #
- modifiers: onlyOwner
- [Int] initFees #
- [Pub] changeFees #
- modifiers: onlyOwner
- [Pub] getFees
- [Int] _mint #
- [Int] _burn #
- [Pub] calculateFees
- [Int] _transfer #
- modifiers: nonReentrant
- [Int] _beforeTokenTransfer #
- [Ext] setAntisnipeDisable #
- modifiers: onlyOwner
- [Ext] setLiquidityRestrictorDisable #
- modifiers: onlyOwner
- [Ext] setAntisnipeAddress #
- modifiers: onlyOwner
- [Ext] setLiquidityRestrictionAddress #
- modifiers: onlyOwner