Wolf Safe Poor People Token + Airdrop - Smart Contract Audit Report
Summary
Wolf Safe Poor People ($WSPP) is a DeFi protocol on the Binance Smart Chain that is said to reward the community and to encourage liquidity providers to the DEX.
For this audit we reviewed the project's Token / Airdrop contract deployed at 0x46d502fac9aea7c5bc7b13c8ec9d02378c33d36f on the Binance Smart Chain mainnet. We did not review the staking contract.
Notes of the Token Contract:Notes on the Airdrop Contract:
- The initial total supply of the token is fifty quadrillion [50,000,000,000,000,000].
- No minting functions are accessible after deployment.
- At the time of writing this report, 50% of the total supply has been burned.
- At the time of writing this report, 15.26% is in a Hotbit2 wallet; and the owner has 4.73% of the total supply.
- Pancakeswap currently holds 3.56% of liquidity and of that percentage, 99.5% of it is in an unverified contract
- There is currently 3.64% of the total token supply in what is assumed to be the protocol's staking contract.
- Any holder may transfer their tokens to the burn address to act as a deflationary mechanism.
- The token contract complies with the ERC20 standard.
- The contract utilizes SafeMath to prevent overflows.
Audit Findings Summary
- This contract allows any address to participate in and claim airdrops for a period of time and for an amount of $WSPP that is specified by the owner.
- There is no limit set to the number of times that an individual address can claim an airdrop. If the airdrop token amount is ever set to a price where it is higher than the gas costs of the transaction, it is likely that this will be exploited and this will most likely have an adverse effect on the price of the token.
- The owner can also create "token sales" for a period of time where there is a specified 'chuck' of tokens that can be purchased at a price that is determined by the owner. The owner has the ability to set a limit to the number of tokens that can be sold as a result of this process. The proceeds of the sale (in BNB) are stored in the contract which can then be claimed by the owner.
- Some functions could have been declared external instead of public to save some gas, but as this is already deployed this is merely informational.
- The contract utilizes SafeMath to prevent overflows.
- No external security issues were identified.
- As with any token, ensure trust in the team prior to investing as the owner has control in the ecosystem.
- Date: June 17th, 2021.
External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether/Token Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
+ BEP20Interface
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] allowance
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
+ ApproveAndCallFallBack
- [Pub] receiveApproval #
+ Owned
- [Pub] #
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] acceptOwnership #
+ TokenBEP20 (BEP20Interface, Owned)
- [Pub] #
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] allowance
- [Pub] approveAndCall #
- [Ext] ($)
+ WolfSafePoorPeople (TokenBEP20)
- [Pub] getAirdrop #
- [Pub] tokenSale ($)
- [Pub] viewAirdrop
- [Pub] viewSale
- [Pub] startAirdrop #
- modifiers: onlyOwner
- [Pub] startSale #
- modifiers: onlyOwner
- [Pub] clearETH #
- modifiers: onlyOwner
- [Ext] ($)