Waifer - Smart Contract Audit Report
Audit Summary
Waifer ($WAIF) is a new BEP-20 token on the Binance Smart Chain that is an automatic liquidity providing protocol that pays out static rewards to holders.
We reviewed the Waifer implementation contract at 0xBA9Cf6636c9e28FECA9fce11285828d7E126aDCb and Proxy contract at 0x72EF0CF8dC02fE91150a2472CC551DE929e22FaC on the Binance Smart Chain Mainnet.
Audit Findings
Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: February 23rd, 2022.
Updated: May 16th, 2022 after the team completed KYC procedures and to reflect the current state of token holders.
The team has successfully completed KYC procedures with KYC Capital.
Contract Overview
Ownership Controls:
- The total supply of the token is currently ~999.1 trillion $WAIF [999,147,943,715,259].
- No mint functions are accessible beyond deployment.
- The owner can burn their own tokens to reduce the total supply.
- At the time of writing this report, there are 957 total token holders. The token allocation is as follows:
- 25.02% of the total supply belongs to an externally-owned account.
- 8.63% of the total supply belongs to an upgradeable proxy contract. This contract was out of scope for the purpose of this audit.
- 5.09% of the total supply belongs to the deployer.
- The next five holders own a cumulative 15.94% of the total supply.
- There is a Tax fee, Liquidity fee, and Marketing fee on all transfers via Pancakeswap where neither the sender nor the recipient is excluded from fees.
- The tokens collected through the Tax fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
- The Liquidity fee charged during transfers is stored in the contract address. The tokens are swapped for BNB for the purpose of funding Pancakeswap liquidity when the following conditions are met:
- The automatic liquidity add functionality is enabled by the team.
- The threshold number of tokens in the contract address (determined by the owner) has been reached.
- The contract is not currently performing an automatic liquidity add.
- The transfer is not a buying transaction via Pancakeswap.
- Liquidity-adds are automatically performed by selling the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
- The LP tokens received through this process are sent to the owner. We recommend that the team lock these newly acquired LP tokens.
- The tokens collected from the Marketing fee are swapped for BNB and sent to the team's Marketing wallet.
- The contract features an Antiwhale mechanism that prevents a sell from occurring if the amount of tokens being sold is more than a percentage (determined by the owner) of the token balance of the liquidity pool.
- The contract is upgradable, meaning the team can swap out the current contract for a new one at any time.
- As the contract is deployed with Solidity v0.8.11, it is protected from overflows/underflows.
- The contract complies with the BEP-20 token standard.
- The owner can modify the Tax fee, Liquidity fee, and Marketing fee to any percentages at any time.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can disable transfer fees at any time.
- The owner can pause the contract at any time which disables all transfers and ownership-restricted functions.
- The owner can update the threshold number of tokens needed to trigger an automatic liquidity add to any value at any time.
- The owner can enable/disable automatic liquidity adds at any time.
- The owner can enable/disable the automatic funding of the Marketing wallet at any time.
- The owner can enable/disable the Antiwhale mechanism at any time.
- The owner can set the Antiwhale percentage to any value at any time.
- The owner can withdraw all tokens and BNB from the contract at any time.
- The owner can assign an address to a Migrator role. The assigned address can airdrop tokens to any account at any time.
- The owner can update the team's Marketing wallet to any address at any time.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Lib] AddressUpgradeable
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] verifyCallResult
+ Initializable
- [Prv] _isConstructor
+ [Int] IBeaconUpgradeable
- [Ext] implementation
+ [Lib] StorageSlotUpgradeable
- [Int] getAddressSlot
- [Int] getBooleanSlot
- [Int] getBytes32Slot
- [Int] getUint256Slot
+ ERC1967UpgradeUpgradeable (Initializable)
- [Int] __ERC1967Upgrade_init #
- modifiers: onlyInitializing
- [Int] __ERC1967Upgrade_init_unchained #
- modifiers: onlyInitializing
- [Int] _getImplementation
- [Prv] _setImplementation #
- [Int] _upgradeTo #
- [Int] _upgradeToAndCall #
- [Int] _upgradeToAndCallSecure #
- [Int] _getAdmin
- [Prv] _setAdmin #
- [Int] _changeAdmin #
- [Int] _getBeacon
- [Prv] _setBeacon #
- [Int] _upgradeBeaconToAndCall #
- [Prv] _functionDelegateCall #
+ UUPSUpgradeable (Initializable, ERC1967UpgradeUpgradeable)
- [Int] __UUPSUpgradeable_init #
- modifiers: onlyInitializing
- [Int] __UUPSUpgradeable_init_unchained #
- modifiers: onlyInitializing
- [Ext] upgradeTo #
- modifiers: onlyProxy
- [Ext] upgradeToAndCall ($)
- modifiers: onlyProxy
- [Int] _authorizeUpgrade #
+ [Int] IERC20Upgradeable
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] migrateMint #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20MetadataUpgradeable (IERC20Upgradeable)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ContextUpgradeable (Initializable)
- [Int] __Context_init #
- modifiers: onlyInitializing
- [Int] __Context_init_unchained #
- modifiers: onlyInitializing
- [Int] _msgSender
- [Int] _msgData
+ OwnableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Ownable_init #
- modifiers: onlyInitializing
- [Int] __Ownable_init_unchained #
- modifiers: onlyInitializing
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ PausableUpgradeable (Initializable, ContextUpgradeable)
- [Int] __Pausable_init #
- modifiers: onlyInitializing
- [Int] __Pausable_init_unchained #
- modifiers: onlyInitializing
- [Pub] paused
- [Int] _pause #
- modifiers: whenNotPaused
- [Int] _unpause #
- modifiers: whenPaused
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Waifer (Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable, OwnableUpgradeable, PausableUpgradeable, UUPSUpgradeable)
- [Pub] initialize #
- modifiers: initializer
- [Int] _authorizeUpgrade #
- modifiers: onlyOwner
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Pub] balanceOf
- [Ext] isExcludedFromDexFee
- [Ext] isExcludedFromReward
- [Ext] totalFees
- [Ext] transfer #
- modifiers: whenNotPaused
- [Ext] allowance
- modifiers: whenNotPaused
- [Ext] approve #
- modifiers: whenNotPaused
- [Ext] transferFrom #
- modifiers: whenNotPaused
- [Ext] increaseAllowance #
- modifiers: whenNotPaused
- [Ext] decreaseAllowance #
- modifiers: whenNotPaused
- [Ext] pauseContract #
- modifiers: onlyOwner
- [Ext] unPauseContract #
- modifiers: onlyOwner
- [Ext] burn #
- modifiers: onlyOwner,whenNotPaused
- [Ext] excludeFromReward #
- modifiers: onlyOwner,whenNotPaused
- [Ext] includeInReward #
- modifiers: onlyOwner,whenNotPaused
- [Ext] excludeFromDexFee #
- modifiers: onlyOwner,whenNotPaused
- [Ext] includeInDexFee #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setTaxFeePercent #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setMarketingFeePercent #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setLiquidityFeePercent #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setAntiwhaleFeePercent #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setMarketingFeeEnabled #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setLiquidityFeeEnabled #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setAntiwhaleFeeEnabled #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setMinimumTokensBeforeSwap #
- modifiers: onlyOwner,whenNotPaused
- [Ext] updateMarketingWallet #
- modifiers: onlyOwner,whenNotPaused
- [Ext] setEnableFee #
- modifiers: onlyOwner,whenNotPaused
- [Ext] withdrawToken #
- modifiers: onlyOwner,whenNotPaused
- [Ext] withdrawBNBFromContract #
- modifiers: onlyOwner,whenNotPaused
- [Ext] ($)
- [Int] _approve #
- [Int] _transfer #
- [Int] antiWhaleBot #
- [Prv] swapAndLiquify #
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Int] _mint #
- [Int] _burn #
- [Int] _tokenTransfer #
- [Int] _transferStandard #
- [Int] _transferBothExcluded #
- [Int] _transferToExcluded #
- [Int] _transferFromExcluded #
- [Int] getTValues
- [Int] getRValues
- [Int] calculateTaxFee
- [Int] calculateMarketingFee
- [Int] calculateLiquidityFee
- [Int] takeReflectionFee #
- [Int] takeMarketingFee #
- [Int] takeLiquidityFee #
- [Int] removeAllFee #
- [Int] restoreAllFee #
- [Int] transferBNBToAddress #
- [Int] tokenFromReflection
- [Int] getRate
- [Int] getCurrentSupply
- [Ext] updateMigratorAdmin #
- modifiers: onlyOwner
- [Ext] migrateMint #