Wraith Protocol - Smart Contract Audit Report

Summary

Wraith Protocol ($WRAITH) is a new community-driven DeFi token on the Binance Smart Chain that is an automatic liquidity providing protocol.

The Wraith Protocol contract is deployed at 0x8690Cb98496EF0f8c6417D78b5e0E29907668808 on the Binance Smartchain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 9.4 trillion $WRAITH [9,400,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 43.92% of the total $WRAITH token supply is in possession of the owner.
  • 6.54% of the total supply is in Pancakeswap liquidity.
  • 95.32% of the LP tokens are locked in a token locking contract that will vest to the team on November 5th, 2021.
  • The next five holders own a cumulative 6.63% of the total supply.

  • There is a liquidity fee, burn fee, vault fee, and treasury fee on all transactions for any "non-excluded" address that participates in a transfer.
  • The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value (determined by the owner) is met, a swap will occur for the purpose of funding Pancakeswap liquidity. This functionality can be disabled by the owner at any time.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold as determined by the owner is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The recipient of the newly created LP tokens is the owner. The owner is responsible for locking these LP tokens as they are received.
  • The tokens collected from the vault fee fee and treasury fee are swapped for BNB and split between the team's Vault and Treasury wallets respectively.
  • The tokens collected from the burn fee are sent directly to the burn address.
  • The swapAndLiquify() function used calculations where multiplication was being applied to the result of a divison. This can potentially result in calculations being less-precise. Dividing usually leads to integer truncation which is then subsequently multiplied. We recommend multiplying before dividing in calculations to reduce precision-loss as much as possible. As the project has already been deployed to the mainnet, this is merely informational.
  • As the project is implemented with Solidity v0.8.4, it is protected from overflows.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the liquidity fee, burn fee, vault fee, and treasury fee to any percentages at any time.
  • The owner can exclude and include accounts from transfer fees.
  • The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
  • This maximum transaction amount does not apply to the owner during transactions where the owner is either the sender or the recipient.
  • The owner can enable/disable the swap and liquify functionality at any time.
  • The owner can update the minimum threshold needed for swapping tokens at any time.
  • The owner can update the team's Vault wallet and Treasury wallet to any addresses at any time.
  • The owner can update the Pancakeswap Router address at any time.
  • The contract includes a "prepareForPresale" function that allows the owner to set fees to 0, and set the max transaction amount to more than 100% of the total token supply. There is also an "afterPresale" function where the fees are restored and the maximum transaction amount is set to 32% of the total token supply.
  • The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
  • The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
  • We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
Audit Findings Summary
  • No external threats were identified.
  • We strongly discourage the use of the Lock() function within this contract as there are potential risks that exist for holders regarding the team's ability to retain control of the contract.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Date: October 25th, 2021

Audit Results

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
Flash Loans N/A PASS
Integer Over/Underflow N/A PASS
Multiple Sends N/A PASS
Oracles N/A PASS
Suicide N/A PASS
State Change External Calls N/A PASS
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS

Function Graph

ERC20 Token Graph


Inheritence Chart

Multi-file Token


Functions Overview


 ($) = payable function
 # = non-constant function
 
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Pub] getUnlockTime
    - [Pub] getTime
    - [Pub] lock #
       - modifiers: onlyOwner
    - [Pub] unlock #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  WRAITH (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] minimumTokensBeforeSwapAmount
    - [Prv] deliver #
    - [Prv] reflectionFromToken
    - [Prv] tokenFromReflection
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _transferToExcluded #
    - [Prv] _transferFromExcluded #
    - [Prv] _transferBothExcluded #
    - [Prv] _getRate
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getCurrentSupply
    - [Prv] _takeLiquidity #
    - [Prv] calculateFee
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Pub] isExcludedFromFee
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Ext] setTaxes #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Ext] setNumTokensBeforeSwap #
       - modifiers: onlyOwner
    - [Ext] setvaultWalletAddress #
       - modifiers: onlyOwner
    - [Ext] settreasuryWalletAddress #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] setSwapAndLiquifyByLimitOnly #
       - modifiers: onlyOwner
    - [Ext] prepareForPreSale #
       - modifiers: onlyOwner
    - [Ext] prepareForLaunch #
       - modifiers: onlyOwner
    - [Prv] transferToAddressETH #
    - [Pub] changeRouterVersion #
       - modifiers: onlyOwner
    - [Ext]  ($)