WEBFOUR - Smart Contract Audit Report
Summary
WEBFOUR ($WEBFOUR) is a new BEP20 token on the Binance Smart Chain with frictionless fee redistribution that pays out additional rewards in BNB.
Notes on the Contract:Ownership Controls:
- The total supply of the token is set to 500 billion $WEBFOUR [500,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, the top holder is in possession of 5.89% of the total supply.
- 5.09% of the total supply is in Pancakeswap liquidity.
- Of that liquidity, 91.98% of the LP tokens have been sent to the 0x..dead address.
- 2.91% of the total supply has been sent to the 0x..dead address.
- The next five holders own a cumulative 17.78% of the total supply.
- There is a reflection fee, BNB Rewards fee, treasury fee, and buyback fee on all transfers where neither the sender nor the recipient is excluded from fees.
- The tokens collected from the reflection fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
- The tokens collected from fees during transfers are stored in the contract address balance. Once the threshold value of tokens (determined by the owner) in the Pancakeswap pair address is met, a swap will occur for the purpose of funding the BNB Rewards mechanism, the buyback mechanism, and the team's treasury wallet.
- The tokens collected from the treasury fee are swapped for BNB and sent to the team's treasury wallet.
- The tokens collected from the buyback fee are swapped back to $WEBFOUR from BNB and are sent to the buyBackReceiver address. This address is currently set to the 0x..dead address but can be updated by the owner at any time.
- A user is eligible to manually claim BNB rewards if they hold any amount of $WEBFOUR tokens and the wait time (specified by the owner) has passed since that user's previous transfer. The amount of BNB rewarded is based on the user's token balance and the contract's BNB rewards fee balance in proportion to the circulating supply.
- The contract utilizes anti-sniper logic to identify addresses that are buying instantly after launch. The address attempting the transfer will be added to a blacklist.
- Although the Safemath library is utilized, the contract is implemented with Solidity v0.8.x which has built-in overflow checks. Safemath could be safely removed to reduce contract size and increase gas savings.
Audit Findings Summary
- The owner can modify the reflection fee, BNB Rewards fee, treasury fee, and buyback fee to any percentages at any time.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can set and update a maximum sell amount at any time, which will impose a limit to the number of tokens that can be sold to Pancakeswap in any given transfer.
- The owner can update the time that a user must wait between claiming BNB rewards to any value at any time.
- The owner can manually add/remove accounts from the anti-sniper blacklist.
- The owner can update the number of tokens needed to trigger the swapping functionality at any time.
- The owner can withdraw any BNB from the contract address at any time.
- The owner can pause/unpause all trading at any time.
- The owner can update the token address used in the buyback mechanism.
- The owner can update the buyBackReceiver and Treasury addresses at any time.
- The owner can update the Pancakeswap Router and Pancakeswap Pair addresses at any time.
- No external threats were identified.
- As with any presale, please ensure trust in the team prior to investing.
- Further, ensure trust in the team as they have substantial control in the ecosystem.
- Date: December 27th, 2021
- Updated: January 4th, 2022 to reflect the contract's mainnet address.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Int] verifyCallResult
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ WEBFOUR (Context, IERC20, Ownable)
- [Pub] #
- [Ext] initContract #
- modifiers: onlyOwner
- [Ext] openTrading #
- modifiers: onlyOwner
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Pub] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
- [Ext] increaseAllowance #
- [Ext] decreaseAllowance #
- [Ext] getLastbnbRewardsFeeClaim
- [Ext] totalFees
- [Ext] deliver #
- [Ext] reflectionFromToken
- [Pub] tokenFromReflection
- [Ext] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _swapTokens #
- modifiers: lockTheSwap
- [Prv] _sendBNBToTreasury #
- [Prv] _buyBackTokens #
- [Prv] _swapTokensForBNB #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] _calculateReflectFee
- [Prv] _liquidityFeeAggregate
- [Prv] _calculateLiquidityFee
- [Prv] _removeAllFee #
- [Prv] _restoreAllFee #
- [Ext] getSellSlippage
- [Ext] isPancakeSwapPair
- [Ext] isSwapFeesEnabled
- [Pub] isExcludedFromFee
- [Ext] isExcludedFromReward
- [Ext] excludeFromFee #
- modifiers: onlyOwner
- [Ext] includeInFee #
- modifiers: onlyOwner
- [Ext] setRewardsClaimTimeSeconds #
- modifiers: onlyOwner
- [Ext] setReflectionFeePercent #
- modifiers: onlyOwner
- [Ext] setTreasuryFeePercent #
- modifiers: onlyOwner
- [Ext] setBNBRewardsFeePercent #
- modifiers: onlyOwner
- [Ext] setBuybackFeePercent #
- modifiers: onlyOwner
- [Ext] setTreasuryAddress #
- modifiers: onlyOwner
- [Ext] setIsSwapFeesEnabled #
- modifiers: onlyOwner
- [Ext] setMaxSellAmount #
- modifiers: onlyOwner
- [Ext] setPancakeSwapRouter #
- modifiers: onlyOwner
- [Ext] setBuybackTokenAddress #
- modifiers: onlyOwner
- [Ext] setBuybackReceiver #
- modifiers: onlyOwner
- [Ext] addPancakeSwapPair #
- modifiers: onlyOwner
- [Ext] removePancakeSwapPair #
- modifiers: onlyOwner
- [Ext] setCanTransfer #
- modifiers: onlyOwner
- [Ext] isRemovedSniper
- [Ext] removeSniper #
- modifiers: onlyOwner
- [Ext] amnestySniper #
- modifiers: onlyOwner
- [Pub] calculateBNBRewards
- [Pub] canClaimRewards
- [Ext] claimBNBRewards #
- [Ext] setFeeRate #
- modifiers: onlyOwner
- [Ext] emergencyWithdraw #
- modifiers: onlyOwner
- [Ext] ($)
- [Int] _deliverFunds #