WhenLambo - Smart Contract Audit Report

Summary

WhenLambo is a new token with automatic liquidity adds that pays users dividends in CAKE tokens.

We audited the project team's WhenLambo and TokenSplitter contracts at commit 988ead756beb8161f42db2d543f7ea9311c5fa86 on the team's Github repository.

Overview of the Contracts:

WhenLambo Contract:
The total supply of the WHENLAMBO token is set to 100 billion and is initially minted to the owner.
No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.

There is a maximum transaction amount enforced for all transactions except those in which the owner is either a sender or a recipient.
Users who are blacklisted may not engage in transfers of any kind.
The first time the owner performs a sell transaction to PancakeSwap, the "launchedAt" variable will be set to the current block number.
There is a tax fee charged on each transaction that is stored in the contract balance; fees are increased by 1% on sell transactions to PancakeSwap, and increased by 70% on buy transactions from PancakeSwap if the current block number is within 2 blocks from the "launchedAt" value.
Once a threshold value of 2 million tokens is met, a portion of the contract balance up to the maximum transaction amount is swapped for CAKE tokens and sent to the marketing address and the prize pool address, both of which are controlled by the team.
Another portion is allocated to funding PancakeSwap liquidity.
Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
The newly created LP tokens are locked forever in the burn address.
The remaining tokens in the contract balance are swapped for CAKE tokens and are automatically distributed as dividends to the token holders eligible for dividends.
A user must hold 200,000 WHENLAMBO tokens to be eligible for dividends.

Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
Alternatively, a user can manually claim dividends as an individual.
There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
Claimed dividends are sent to the user's wallet address.

The owner is able to set the total fees charged on transactions to any value at any time.
The owner is able to set the percentage of the fees allocated to any fund (liquidity, marketing, prize pool give-away, dividends) at any time.
The owner is able to blacklist any wallet or contract address at any time, disallowing them to participate in transactions.
The owner is able to set the max transaction amount to any value at any time.
The owner is able to exclude any address from dividends or fees at any time.
The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 750,000 at any time; the initial value is 450,000.
The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
TokenSplitter Contract:
The TokenSplitter contract is used to proportionally divide the contract's balance of CAKE tokens between addresses who are considered Shareholders according to their share of ownership.
Anyone can trigger a distribution at any time; distributions can be paid in CAKE tokens, BUSD, or BNB depending on which function is executed.
The owner is able to add or remove any address as a Shareholder at any time; the owner must specify the amount of shares granted to the Shareholder.
The owner can withdraw any amount of any BEP20 token or BNB from the contract at any time.

The team worked with us to optimize these contracts for gas efficiency.
Usage of ReentrancyGuard in applicable functions to prevent re-entrancy attacks.
The contracts utilize the SafeMath library to prevent overflows along with following the BEP20 standard.

Audit Findings Summary
No security threats from outside attackers were identified.
As with any presale, ensure trust in the team prior to investing.
Further, ensure trust in the team as they have substantial control in the ecosystem.
Date: August 5th, 2021

External Threat Results

Vulnerability Category	Notes	Result
Arbitrary Storage Write	N/A	PASS
Arbitrary Jump	N/A	PASS
Delegate Call to Untrusted Contract	N/A	PASS
Dependence on Predictable Variables	N/A	PASS
Deprecated Opcodes	N/A	PASS
Ether Thief	N/A	PASS
Exceptions	N/A	PASS
External Calls	N/A	PASS
Integer Over/Underflow	N/A	PASS
Multiple Sends	N/A	PASS
Suicide	N/A	PASS
State Change External Calls	N/A	Pass
Unchecked Retval	N/A	PASS
User Supplied Assertion	N/A	PASS
Critical Solidity Compiler	N/A	PASS
Overall Contract Safety		PASS

WhenLambo Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IBEP20Metadata (IBEP20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 +  BEP20 (Context, IBEP20, IBEP20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] withdrawDividend #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  DividendPayingToken (BEP20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: BEP20
    - [Pub] distributeCAKEDividends #
       - modifiers: onlyOwner
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  WhenLambo (BEP20, Ownable)
    - [Pub]  #
       - modifiers: BEP20
    - [Ext]  ($)
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Pub] setMarketingWallet #
       - modifiers: onlyOwner
    - [Pub] setPrizePoolWallet #
       - modifiers: onlyOwner
    - [Ext] setCAKERewardsFee #
       - modifiers: onlyOwner
    - [Ext] setLiquiditFee #
       - modifiers: onlyOwner
    - [Ext] setMarketingFee #
       - modifiers: onlyOwner
    - [Ext] setPrizePoolFee #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Ext] blacklistAddress #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders
    - [Int] _transfer #
    - [Prv] swapAndSendToFee #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] swapTokensForCake #
    - [Prv] addLiquidity #
    - [Prv] swapAndSendDividends #

 +  WhenLamboDividendTracker (Ownable, DividendPayingToken)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer #
    - [Pub] withdrawDividend #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner

TokenSplitter Contract