magicbox.game - Smart Contract Audit Report

Summary

magicbox.game Audit Report magicbox.game is a new token on the Binance Smart Chain with liquidity adds and a buyback system for burning supply that pays users dividends in BUSD.

We reviewed the magicbox.game contract that is deployed at 0x4ce2DB133035519F538b7849201D6D541972164c on the Binance Smartchain mainnet.

Notes on the Contract:

  • The total supply of the token is set to 1 quadrillion [1,000,000,000,000,000] $MBT.
  • No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
  • At the time of writing this report, 51.34% of the total supply has been sent to the 0x..dead address.
  • 6.96% of the total supply is in Pancakeswap liquidity.
  • Of that liquidity, 88.44% of the LP tokens are stored in a token locking contract behind a proxy. This contract also holds 5% of the total supply.
  • 11.44% of the LP tokens belong to a wallet controlled by the team. We advise the team lock these LP tokens.
  • The next 5 holders own a cumulative 6.88% of the total supply.

  • There is a tax fee charged on each transaction that gets stored in the contract balance; fees can be increased during a sell to PancakeSwap up to a value proportional to the time left in the buyback multiplier period (if any).
  • Once a threshold value of tokens in the contract balance is met, a portion of the contract balance is swapped for BNB and distributed as dividends, and another portion is sent to the marketing wallet which is controlled by the project team.
  • Another portion is allocated to funding PancakeSwap liquidity, unless the liquidity cap set by the team has already been met.
  • Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The newly created LP tokens are sent to a wallet controlled by the team. The team is responsible for locking these newly acquired LP tokens.
  • If the auto buyback functionality is enabled, and the amount of BNB in the contract reaches the autobuyback threshold value determined by the owner, the BNB will be swapped for $MBT tokens and sent to the burn address.

  • Any user that holds any amount of $MBT tokens are eligible to claim dividends once the amount of dividends they are due reaches a minimum threshold value determined by team.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • Ownership Controls:
  • The owner can assign multiple addresses to an 'authorized' role. The assigned addresses have access to specific functions in the contract.
  • Any authorized address can set the total fees charged on transactions to any value up to 25% at any time.
  • Any authorized address can set the percentage of the fees allocated to any fund (liquidity, marketing, buyback, dividends) at any time.
  • Any authorized address can exclude any address from dividends at any time.
  • Any authorized address can update the minimum threshold value of rewards needed that determines when a user can claim their dividends.
  • Any authorized address can set a maximum transaction limit which is enforced during sell transactions to PancakeSwap. Any authorized address can also exclude accounts from this maximum transaction limit.
  • Any authorized address can automatically trigger a buyback at any time.
  • Any authorized address can set or disable the buyback fee multiplier at any time.
  • Any authorized address can disable the autobuyback system and set any the threshold BNB value to trigger a buyback.
  • Any authorized address can disable the automatic liquidity adds at any time and set any threshold value related to it.
  • Any authorized address can update the Dividend Distributor and PancakeSwap Router contract addresses at any time.
  • Any authorized address can update the maximum amount of gas used for processing to a value up to 750,000 at any time.
  • Any authorized address can update the amount of time a user must wait between claiming dividends to any value at any time.
  • Any authorized address can enable/disable automatic liquidity adds at any time.
Audit Findings Summary
  • No security threats from outside attackers were identified.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Please be aware of the amount of liquidity available in proportion to the largest wallets
  • Date: November 18th, 2021

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

magicbox.game Contract

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Ownable 
    - [Pub]  #
    - [Pub] authorize #
       - modifiers: onlyOwner
    - [Pub] unauthorize #
       - modifiers: onlyOwner
    - [Pub] isOwner
    - [Pub] isAuthorized
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] ISwapFactory 
    - [Ext] createPair #

 + [Int] ISwapRouter 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IRewardDistributor 
    - [Ext] setDistributionCriteria #
    - [Ext] setStock #
    - [Ext] deposit ($)
    - [Ext] process #

 +  RewardDistributor (IRewardDistributor)
    - [Pub]  #
    - [Ext] setDistributionCriteria #
       - modifiers: onlyToken
    - [Ext] setStock #
       - modifiers: onlyToken
    - [Ext] deposit ($)
       - modifiers: onlyToken
    - [Ext] process #
       - modifiers: onlyToken
    - [Int] shouldDistribute
    - [Int] distributeRewards #
    - [Ext] claimReward #
    - [Pub] getUnpaidEarnings
    - [Int] getCumulativeRewards
    - [Int] addStockholder #
    - [Int] removeStockholder #

 +  MagicBox (IBEP20, Ownable)
    - [Pub]  #
       - modifiers: Ownable
    - [Ext]  ($)
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Pub] balanceOf
    - [Ext] allowance
    - [Pub] approve #
    - [Ext] approveMax #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Int] _transferFrom #
    - [Int] _transferStandard #
    - [Int] checkTxLimit
    - [Int] shouldTakeFee
    - [Pub] getTotalFee
    - [Pub] getMultipliedFee
    - [Int] takeFee #
    - [Int] checkSwapBack
    - [Int] swapBack #
       - modifiers: lockTheSwap
    - [Int] checkAutoBuyback
    - [Ext] triggerZeusBuyback #
       - modifiers: authorized
    - [Ext] clearBuybackMultiplier #
       - modifiers: authorized
    - [Int] triggerAutoBuyback #
    - [Int] buyTokens #
       - modifiers: lockTheSwap
    - [Ext] setAutoBuybackSettings #
       - modifiers: authorized
    - [Ext] setBuybackMultiplierSettings #
       - modifiers: authorized
    - [Int] launched
    - [Pub] launch #
       - modifiers: authorized
    - [Ext] setTxLimit #
       - modifiers: authorized
    - [Ext] setIsExcludedStock #
       - modifiers: authorized
    - [Ext] setIsExcludedFee #
       - modifiers: authorized
    - [Ext] setIsExcludedTxLimit #
       - modifiers: authorized
    - [Ext] setFees #
       - modifiers: authorized
    - [Ext] setFeeReceivers #
       - modifiers: authorized
    - [Ext] setSwapBackSettings #
       - modifiers: authorized
    - [Ext] setTargetLiquidity #
       - modifiers: authorized
    - [Ext] setDistributionCriteria #
       - modifiers: authorized
    - [Ext] setDistributorSettings #
       - modifiers: authorized
    - [Ext] setReserved #
       - modifiers: authorized
    - [Pub] getCirculatingSupply
    - [Pub] getLiquidityBacking
    - [Pub] isOverLiquified