Waifu Inu - Smart Contract Audit Report

Summary

Waifu Inu Audit Report Waifu Inu is a new DeFi token on the Binance Smart Chain.

We audited Waifu Inu's Token and Private Sale contract at 0xe338946b3fd443e5019079c439a9830ce762c475 on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to eight hundred million $WFINU [800,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 60% of the total supply is in possession of the presale contract as the project was recently deployed.
  • The owner retained 40% of the total supply. The team intends to use 30% of this 40% to support their private sale.

  • The code implements automatic liquidity adding functionality; however, there are no fees applied to transactions. Therefore, there will not be a supply of tokens to fuel the automatic liquidity adds. Thus resulting in the functionality of a standard ERC20 token, with the presence of code that will largely be unused.
  • There is a threshold of value equal to the total token supply that would activate a "Swap and Liquify" where half of the tokens are swapped for BNB and paired with the other half to add liquidity, however this can theoretically never happen.
  • The contract features a "blacklist" function where the owner of the contract can exclude holders from participating in transfers, approvals, transfers from, and allowance increases. This means that the owner can prevent transactions from being possible for as many holders as they would like, at any time.
  • The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction. Upon launch of the contract, the maximum transaction amount is set to zero.

  • The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function. Ownership can additionally be restored (even if ownership was previously renounced), by using the unlock function a second time.
  • Some state variables could have been declared constant to save some gas.
  • Some functions could have been declared external instead of public to save some gas.
  • The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.

  • Notes on the Private Sale Contract:
  • The owner has the ability to add and remove accounts from being eligible to participate in the private sale.
  • Upon deployment of the contract, the owner/deployer will determine the Start and End times of the sale; as well as the fundraising goal, the initial price of the $WFINU token, and the maximum amount of tokens that a user can buy during the sale.
  • At any time during the private sale, the owner can withdraw the BNB balance from the contract address and send it to the owner.

Audit Findings Summary
  • The "Exclude" function allows the owner to blacklist any account at any time from being able to participate in transfers.
  • We strongly recommend that the team renounces ownership after their presale.
  • Ensure trust in the team as they have substantial control in the ecosystem.
  • Date: July 10th, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Pub]  #
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] geUnlockTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #
    - [Int] getBlockTimestamp
    - [Int] checkTimelock #
    - [Pub] getStartBlock

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  WFINU (Context, IBEP20, Ownable)
    - [Ext] setPrivateSale #
       - modifiers: onlyOwner
    - [Pub] buyTokens #
       - modifiers: onlyCrowdsale
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcluded
    - [Ext] excludeAccount #
       - modifiers: onlyOwner
    - [Ext] setUnicrypt #
       - modifiers: onlyOwner
    - [Prv] _transferStandard #
    - [Ext] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext]  ($)
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #

 +  Privatesale 
    - [Pub]  #
    - [Pub] participantBlance
    - [Pub] buy ($)
    - [Pub] withdraw #
       - modifiers: onlyOwner
    - [Ext] addPrivate #
       - modifiers: onlyOwner