WEMP BSC Token and Bridge - Audit Report

Audit Summary

WEMP BSC Token and Bridges Audit Report WEMP is building a new token with frictionless fee redistributions and automatic liquidity adds, and a bridge contract to support cross-chain swaps.

For this audit, we reviewed the following contracts:

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and will operate off-chain logic to power the bridge used for cross-chain transfers.

Date: December 31st, 2021.

Audit Findings

BEP20-dev.sol - Finding #1 - Medium

Description: During token transfers, when fees are being distributed to each designated address, the tTotal is reduced by the tBurn amount, but the rTotal remains the same.
			
takeReflectionFee(rFee, tFee);
takeLiquidityFee(sender, tLiquidity);
takeCharityFee(sender, tCharityFee);
takeWomenWelfareFee(sender, tWelfareFee);
if(tBurn > 0) {
	_amount_burnt += tBurn;
	emit Transfer(sender, address(0), tBurn);
}
emit Transfer(sender, recipient, tTransferAmount);
			
takeReflectionFee(rFee, tFee);
takeLiquidityFee(sender, tLiquidity);
takeCharityFee(sender, tCharityFee);
takeWomenWelfareFee(sender, tWelfareFee);
if(tBurn > 0) {
	_amount_burnt += tBurn;
	emit Transfer(sender, address(0), tBurn);
}
emit Transfer(sender, recipient, tTransferAmount);
Risk/Impact: Due to the fact that users' tAmount balance is determined based on their proportion of rAmount in relation to the rSupply, every user's token balance will decrease on every burn without actually decreasing the total underlying value of their tokens.
Recommendation: The project team should reduce the rTotal, in addition to reducing the tTotal, by a proportional amount of tokens on every burn.

Contracts Overview

WempBep20Dev Contract:
  • The total supply of the token is initially set to 600 trillion.
  • No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to the 0x..dead address.
  • Initially, 100% of the total supply is be held by the bridge contract.
  • "Paused" addresses are not able to participate in transfers of any kind.
  • There is a tax fee, liquidity fee, burn fee, charity fee, and women welfare fee on all transactions while fees are enabled and neither the sender nor the recipient are excluded from fees.
  • The tokens collected through the tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
  • The tokens collected through the charity fee are sent to the charity wallet controlled by the team.
  • The tokens collected through the women welfare fee are sent to the welfare wallet controlled by the team.
  • The tokens collected through the burn fee are removed from the total supply.
  • The tokens collected through the liquidity fee are stored in the contract and, once a threshold value of 100 $WEMP_BEP20 tokens is met, used to fund Pancakeswap liquidity; this can be disabled by the owner at any time.
  • Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The newly created LP tokens are stored in the owner's wallet address. We recommend that this liquidity is locked at the time of acquisition.
  • The owner can prevent any address from participating in transfers at any time.
  • The owner can set the tax, liquidity, burn, charity, and women welfare fees to any value up to 100% at any time; we recommend the project team impose a limit on the value that these fees can be set to.
  • The owner can enable or disable fees at any time.
  • The owner can also exclude anyone from rewards or fees, and toggle the swap and liquify functionality but can renounce ownership.
  • The owner can set the charity wallet address and the Pancakeswap Router address to any address at any time.
BridgeBscDev and BridgeEthDev Contracts:
  • These contracts serve as a cross-chain bridge which will allow users to transfer their tokens between the Ethereum and Binance Smart Chain blockchains.
  • The two contracts serve as the on and off ramp for moving tokens from chain to chain.
  • While the functionality is not paused, users can deposit tokens into the contract on the Ethereum blockchain to obtain them on the Binance Smart Chain, and vice versa.
  • There is a maximum deposit amount enforced on all deposits.
  • There is a wait time between any subsequent transactions on a single chain, whether deposit or withdraw, maintained by each contract.
  • In order to withdraw, the user must provide a signature which is used to verify that the platform's admin address has signed the hashed message containing the withdraw data; initially, the platform's admin address is the deployer of the contract.
  • The user must also provide a nonce, which can only be used once for each user, to ensure that the signature can only be used once.
  • The owner has the Default Admin role, the Pauser role, and the Updater role.
  • The owner can grant or revoke roles from any address at any time.
  • The Pauser role can pause or unpause the deposit and withdraw functionality at any time.
  • The Updater role can set the address of the token that users can deposit or withdraw into the contract at any time.
  • The Updater role can set the maximum deposit amount enforced on all deposits.
  • The Updater role can set the wait time between transactions to any value at least 60 seconds.
  • The Updater role can set the platform admin address used to verify signed messages at any time.
  • The Updater role can withdraw any BEP-20/ERC20 or BNB/ETH from the contracts at any time.
  • Cross-chain swaps involve some off-chain logic run by the team. Please note we have not reviewed the off-chain logic related to the bridge.
  • The contract utilizes ReentrancyGuard to prevent re-entrancy attacks in applicable functions.
  • The contracts are deployed with Solidity v0.8.10, preventing any overflow-related issues.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The team operates off-chain logic to power the Bridge used for cross-chain transfers.
  • The team can withdraw any tokens or ETH from the Bridge contracts.
  • WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Logical IssuesThe burn on transfers does not function as intended, as the underlying tokens are never burned.WARNING
    Multiple SendsN/APASS
    SuicideN/APASS
    State Change External CallsN/APass
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety WARNING

    WempBep20Dev Contract

    BEP20 Token Graph

    Multi-file Token

    												
    ($) = payable function
     # = non-constant function
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
        - [Prv] _setOwner #
    
     +  Pausable (Context)
        - [Pub]  #
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     + [Lib] SafeMath 
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Int] verifyCallResult
    
     + [Int] IUniswapV2Factory 
        - [Ext] feeTo
        - [Ext] feeToSetter
        - [Ext] getPair
        - [Ext] allPairs
        - [Ext] allPairsLength
        - [Ext] createPair #
        - [Ext] setFeeTo #
        - [Ext] setFeeToSetter #
    
     + [Int] IUniswapV2Router01 
        - [Ext] factory
        - [Ext] WETH
        - [Ext] addLiquidity #
        - [Ext] addLiquidityETH ($)
        - [Ext] removeLiquidity #
        - [Ext] removeLiquidityETH #
        - [Ext] removeLiquidityWithPermit #
        - [Ext] removeLiquidityETHWithPermit #
        - [Ext] swapExactTokensForTokens #
        - [Ext] swapTokensForExactTokens #
        - [Ext] swapExactETHForTokens ($)
        - [Ext] swapTokensForExactETH #
        - [Ext] swapExactTokensForETH #
        - [Ext] swapETHForExactTokens ($)
        - [Ext] quote
        - [Ext] getAmountOut
        - [Ext] getAmountIn
        - [Ext] getAmountsOut
        - [Ext] getAmountsIn
    
     + [Int] IUniswapV2Router02 (IUniswapV2Router01)
        - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
        - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
        - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
        - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
        - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    
     +  WempBep20Dev (Context, IERC20, IERC20Metadata, Ownable, Pausable)
        - [Pub]  #
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
        - [Ext] totalSupply
        - [Pub] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
        - [Ext] increaseAllowance #
        - [Ext] decreaseAllowance #
        - [Ext] pauseContract #
           - modifiers: onlyOwner
        - [Ext] unPauseContract #
           - modifiers: onlyOwner
        - [Ext] pauseAddress #
           - modifiers: onlyOwner
        - [Ext] unPauseAddress #
           - modifiers: onlyOwner
        - [Ext] isAddressPaused
        - [Int] tokenDeflation #
        - [Ext] totalFees
        - [Pub] tokenFromReflection
        - [Pub] excludeFromReward #
           - modifiers: onlyOwner
        - [Pub] includeInReward #
           - modifiers: onlyOwner
        - [Ext] isExcludedFromReward
        - [Ext] excludeFromFee #
           - modifiers: onlyOwner
        - [Ext] includeInFee #
           - modifiers: onlyOwner
        - [Ext] isIncludedInFee
        - [Ext] setTaxFeePercent #
           - modifiers: onlyOwner
        - [Ext] setLiquidityFeePercent #
           - modifiers: onlyOwner
        - [Ext] setBurnPercent #
           - modifiers: onlyOwner
        - [Ext] setCharityFeePercent #
           - modifiers: onlyOwner
        - [Ext] setWomenWelfareFeePercent #
           - modifiers: onlyOwner
        - [Ext] updateCharityWallet #
           - modifiers: onlyOwner
        - [Ext] setSwapAndLiquifyEnabled #
           - modifiers: onlyOwner
        - [Ext] setEnableFee #
           - modifiers: onlyOwner
        - [Int] takeReflectionFee #
        - [Int] getTValues
        - [Int] getRValues
        - [Int] getRate
        - [Int] getCurrentSupply
        - [Int] takeCharityFee #
        - [Int] takeWomenWelfareFee #
        - [Int] takeLiquidityFee #
        - [Int] calculateTaxFee
        - [Int] calculateLiquidityFee
        - [Int] calculateTransactionBurn
        - [Int] calculateCharityFee
        - [Int] calculateWomenWelfareFee
        - [Int] removeAllFee #
        - [Int] restoreAllFee #
        - [Ext]  ($)
        - [Int] _approve #
        - [Int] _transfer #
        - [Int] _tokenTransfer #
        - [Int] _transferStandard #
        - [Int] _transferBothExcluded #
        - [Int] _transferToExcluded #
        - [Int] _transferFromExcluded #
        - [Int] _swapAndLiquify #
        - [Int] swapAndLiquify #
           - modifiers: lockTheSwap
        - [Int] swapTokensForEth #
        - [Int] addLiquidity #
        - [Ext] withdrawToken #
           - modifiers: onlyOwner
        - [Int] _beforeTokenTransfer #

    BridgeBscDev Contract

    Bridge Contract Graph

    Multi-file Token

    												
    ($) = payable function
     # = non-constant function
    
     + [Int] IAccessControl 
        - [Ext] hasRole
        - [Ext] getRoleAdmin
        - [Ext] grantRole #
        - [Ext] revokeRole #
        - [Ext] renounceRole #
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Lib] Strings 
        - [Int] toString
        - [Int] toHexString
        - [Int] toHexString
    
     + [Int] IERC165 
        - [Ext] supportsInterface
    
     +  ERC165 (IERC165)
        - [Pub] supportsInterface
    
     +  AccessControl (Context, IAccessControl, ERC165)
        - [Pub] supportsInterface
        - [Pub] hasRole
        - [Int] _checkRole
        - [Pub] getRoleAdmin
        - [Pub] grantRole #
           - modifiers: onlyRole
        - [Pub] revokeRole #
           - modifiers: onlyRole
        - [Pub] renounceRole #
        - [Int] _setupRole #
        - [Int] _setRoleAdmin #
        - [Prv] _grantRole #
        - [Prv] _revokeRole #
    
     +  Pausable (Context)
        - [Pub]  #
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     +  ReentrancyGuard 
        - [Pub]  #
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Int] verifyCallResult
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     + [Lib] ECDSA 
        - [Prv] _throwError
        - [Int] tryRecover
        - [Int] recover
        - [Int] tryRecover
        - [Int] recover
        - [Int] tryRecover
        - [Int] recover
        - [Int] toEthSignedMessageHash
        - [Int] toTypedDataHash
    
     +  BridgeBscDev (AccessControl, Pausable, ReentrancyGuard)
        - [Pub]  #
        - [Ext] deposit #
           - modifiers: nonReentrant,whenNotPaused
        - [Ext] withdraw #
           - modifiers: nonReentrant,whenNotPaused
        - [Int] _verify
        - [Ext] pause #
           - modifiers: onlyRole
        - [Ext] unpause #
           - modifiers: onlyRole
        - [Ext] updateToken #
           - modifiers: onlyRole
        - [Ext] updateMaxBridgeAmount #
           - modifiers: onlyRole
        - [Ext] updatebridgeTimeBound #
           - modifiers: onlyRole
        - [Ext] updateAdminAddress #
           - modifiers: onlyRole
        - [Ext] withdrawBEP20Token #
           - modifiers: onlyRole
        - [Pub] getBalance
        - [Ext] withdrawBnbFromContract #
           - modifiers: onlyRole

    BridgeEthDev Contract

    Bridge Contract Graph

    Multi-file Token

    												
    ($) = payable function
     # = non-constant function
    
     + [Int] IAccessControl 
        - [Ext] hasRole
        - [Ext] getRoleAdmin
        - [Ext] grantRole #
        - [Ext] revokeRole #
        - [Ext] renounceRole #
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Lib] Strings 
        - [Int] toString
        - [Int] toHexString
        - [Int] toHexString
    
     + [Int] IERC165 
        - [Ext] supportsInterface
    
     +  ERC165 (IERC165)
        - [Pub] supportsInterface
    
     +  AccessControl (Context, IAccessControl, ERC165)
        - [Pub] supportsInterface
        - [Pub] hasRole
        - [Int] _checkRole
        - [Pub] getRoleAdmin
        - [Pub] grantRole #
           - modifiers: onlyRole
        - [Pub] revokeRole #
           - modifiers: onlyRole
        - [Pub] renounceRole #
        - [Int] _setupRole #
        - [Int] _setRoleAdmin #
        - [Prv] _grantRole #
        - [Prv] _revokeRole #
    
     +  Pausable (Context)
        - [Pub]  #
        - [Pub] paused
        - [Int] _pause #
           - modifiers: whenNotPaused
        - [Int] _unpause #
           - modifiers: whenPaused
    
     +  ReentrancyGuard 
        - [Pub]  #
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     + [Lib] Address 
        - [Int] isContract
        - [Int] sendValue #
        - [Int] functionCall #
        - [Int] functionCall #
        - [Int] functionCallWithValue #
        - [Int] functionCallWithValue #
        - [Int] functionStaticCall
        - [Int] functionStaticCall
        - [Int] functionDelegateCall #
        - [Int] functionDelegateCall #
        - [Int] verifyCallResult
    
     + [Lib] SafeERC20 
        - [Int] safeTransfer #
        - [Int] safeTransferFrom #
        - [Int] safeApprove #
        - [Int] safeIncreaseAllowance #
        - [Int] safeDecreaseAllowance #
        - [Prv] _callOptionalReturn #
    
     + [Lib] ECDSA 
        - [Prv] _throwError
        - [Int] tryRecover
        - [Int] recover
        - [Int] tryRecover
        - [Int] recover
        - [Int] tryRecover
        - [Int] recover
        - [Int] toEthSignedMessageHash
        - [Int] toTypedDataHash
    
     +  BridgeEthDev (AccessControl, Pausable, ReentrancyGuard)
        - [Pub]  #
        - [Ext] deposit #
           - modifiers: nonReentrant,whenNotPaused
        - [Ext] withdraw #
           - modifiers: nonReentrant,whenNotPaused
        - [Int] _verify
        - [Ext] pause #
           - modifiers: onlyRole
        - [Ext] unpause #
           - modifiers: onlyRole
        - [Ext] updateToken #
           - modifiers: onlyRole
        - [Ext] updateMaxBridgeAmount #
           - modifiers: onlyRole
        - [Ext] updatebridgeTimeBound #
           - modifiers: onlyRole
        - [Ext] updateAdminAddress #
           - modifiers: onlyRole
        - [Ext] withdrawERC20Token #
           - modifiers: onlyRole
        - [Pub] getBalance
        - [Ext] withdrawEthFromContract #
           - modifiers: onlyRole