THRUST - Smart Contract Audit Report
Summary
THRUST is a new token on the Binance Smart Chain that features automatic liquidity adds and pays users dividends in various reward tokens.
We audited THRUST's token contract, deployed at 0x8b772f35f7bd400bd9d35a0a18f4790b02fbd940 on the Binance Smart Chain mainnet.
Overview of the Contract:
- The total supply of the THRUST token is set to 100 billion and is initially minted to the owner.
- No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, 13.10% of the token supply is held in PancakeSwap V2 Liquidity.
- Out of that liquidity, 94.87% of the LP tokens are held in a Legion Network Vesting Contract. The date and time that these LP tokens will unlock and vest to the team is unknown.
- There is an address that is in possession of 10.42% of the total $THRUST token supply.
- There is a tax fee charged on each transaction that is stored in the contract balance; fees are increased by 1% on sell transactions to PancakeSwap. The owner has the ability to allocate this tax fee to three different funds: "Marketing", "Liquidity", and "Dividend Rewards". The allocation for these funds can vary from 0%-100% and can be changed bt the owner at any time.
- Once a threshold value of 2 million tokens is met, a portion of the tokens in the contract balance (allocated to the "Marketing Fund") is swapped for "Reward" tokens and sent to the marketing address which is controlled by the team.
- Another portion of the tokens in the contract balance (allocated to the "Liquidity Fund") and is used to fund PancakeSwap liquidity.
- Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The newly created LP tokens are locked forever in the burn address.
- Any remaining tokens in the contract balance are swapped for "Reward" tokens and are automatically distributed as dividends to the token holders eligible for dividends.
- A user must hold 200,000 $THRUST tokens to be eligible for dividends. This is equal to 0.0002% of the total supply.
- At the time of writing this report, there are 1561 $THRUST holders, and 1359 are eligible for dividends. This is equal to 0.0002% of the total supply.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual. The method may need to be used in the event that the gas limit is reached when processing dividends for all eligible holders.
- There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- The contracts utilize the SafeMath library to prevent overflows.
- The contracts complies with the BEP20 Token Standard.
Ownership Controls:- The owner is able to set the total fees that are charged on transfers to any value at any time.
- The owner is able to set the percentage of the fees allocated to any fund ("Liquidity", "Marketing", and "Dividend Rewards") at any time.
- The owner is able to withdraw all of the BNB and $THRUST from the contract balance at any time.
- The THRUST contract utilizes blacklist functionality where the owner is able to blacklist any wallet or contract address at any time. Users/Addresses that are blacklisted will not be able participate in transfers of any kind.
- The owner may also exclude designated addresses from receiving dividends.
- The owner has the ability to update a "Maximum Transaction Amount" to any value at any time. This will impose a limit to the number of tokens than can be transferred during a given transaction.
- The owner is able to exclude any address from fees at any time.
- The owner is able to set the "Reward Token" to a new address at any time.
- The owner is able to set the "Marketing Wallet" to a new address at any time.
- The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
- The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time; the initial value is 300,000.
- The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
Audit Findings Summary
- No security threats from outside attackers were identified.
- Ensure trust in the team as they have substantial control in the ecosystem.
- Further, ensure trust in the team as they have control of the contract's token and BNB Balance.
- Date: August 10th, 2021
- Updated: September 29th, 2021 to reflect the mainnet deployment.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
THRUST Contract
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeMathUint
- [Int] toInt256Safe
+ [Lib] SafeMathInt
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
- [Int] abs
- [Int] toUint256Safe
+ [Int] DividendPayingTokenInterface
- [Ext] dividendOf
- [Ext] withdrawDividend #
+ [Int] DividendPayingTokenOptionalInterface
- [Ext] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Ext] accumulativeDividendOf
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
- [Pub] #
- modifiers: ERC20
- [Pub] distributeREWARDTOKENDividends #
- modifiers: onlyOwner
- [Pub] withdrawDividend #
- [Int] _withdrawDividendOfUser #
- [Pub] dividendOf
- [Pub] withdrawableDividendOf
- [Pub] withdrawnDividendOf
- [Pub] accumulativeDividendOf
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _setBalance #
- [Pub] setRewardTokenAddress #
+ [Lib] IterableMapping
- [Pub] get
- [Pub] getIndexOfKey
- [Pub] getKeyAtIndex
- [Pub] size
- [Pub] set #
- [Pub] remove #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ THRUST (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Ext] ($)
- [Pub] updateDividendTracker #
- modifiers: onlyOwner
- [Pub] updateUniswapV2Router #
- modifiers: onlyOwner
- [Pub] excludeFromFees #
- modifiers: onlyOwner
- [Pub] excludeMultipleAccountsFromFees #
- modifiers: onlyOwner
- [Ext] setMarketingWallet #
- modifiers: onlyOwner
- [Ext] setTOKENRewardsFee #
- modifiers: onlyOwner
- [Ext] setLiquiditFee #
- modifiers: onlyOwner
- [Ext] setMarketingFee #
- modifiers: onlyOwner
- [Pub] setAutomatedMarketMakerPair #
- modifiers: onlyOwner
- [Ext] blacklistAddress #
- modifiers: onlyOwner
- [Prv] _setAutomatedMarketMakerPair #
- [Pub] updateGasForProcessing #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getClaimWait
- [Ext] getTotalDividendsDistributed
- [Pub] isExcludedFromFees
- [Pub] withdrawableDividendOf
- [Pub] dividendTokenBalanceOf
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] getAccountDividendsInfo
- [Ext] getAccountDividendsInfoAtIndex
- [Ext] processDividendTracker #
- [Ext] claim #
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfDividendTokenHolders
- [Int] _transfer #
- [Prv] swapAndSendToFee #
- [Prv] swapAndLiquify #
- [Prv] swapTokensForEth #
- [Prv] swapTokensForRewardToken #
- [Prv] addLiquidity #
- [Prv] swapAndSendDividends #
- [Pub] setRewardTokenAddress #
+ THRUSTDividendTracker (Ownable, DividendPayingToken)
- [Pub] #
- modifiers: DividendPayingToken
- [Int] _transfer #
- [Pub] withdrawDividend #
- [Ext] excludeFromDividends #
- modifiers: onlyOwner
- [Ext] updateClaimWait #
- modifiers: onlyOwner
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Pub] getAccountAtIndex
- [Prv] canAutoClaim
- [Ext] setBalance #
- modifiers: onlyOwner
- [Pub] process #
- [Pub] processAccount #
- modifiers: onlyOwner