|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
pQBERT - Audit Report
pQBERT is a new DeFi token that provides automatic liquidity adds and pays holders dividends in the native currency of the blockchain.For this audit report, we reviewed the pQBERT contracts on the team's github site.
Overview of the Contract:
Audit Findings Summary
- The initial total supply of the token upon deployment is set to eight hundred and fifty thousand $QBERT [850,000].
- The contract utilizes a minter role ("OnlyOwnerMint") that allows the assigned address to mint any amount of $QBERT tokens to any account at any time. The address that is assigned this role is not to be confused with the assigned "owner", as they can be two seperate accounts.
- No burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- As the contract has not been deployed, our team did not analyze the token allocation.
- In the current fee allocation, there is a 5% "Marketing Fee", 3% "Liquidity Fee", and 7% "Native Rewards Fee" on all transfers (given that the transferring address is not excluded from fees).
- The fees charged on transactions are stored in the contract and, once a threshold value of 1,000 $QBERT (determined by the owner) is met, the tokens allocated from the Marketing Fee are swapped for $MATIC and sent to the project team's "marketing" and "Dev" wallets in a 50-50 split; while Liquidity Fee tokens are used to automatically provide liquidity, and the tokens collected from the Native Reward Fee are applied toward funding the $MATIC dividend rewards for those who are eligible.
- Liquidity-adds are automatically done by selling half of the tokens collected as liquidity fees, pairing the received BNB with the token, and adding it as liquidity to the pair.
- The owner of the contract receives the LP tokens that are created through this process. We recommend that the owner implements a system to lock or burn these LP tokens.
- A user must hold 2,000 $QBERT tokens to be eligible for dividends. Which is roughly 0.235% of the initial token supply. The owner has the ability to update this minimum token requirement to a new value at any time.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- Some gas optimizations can be achieved through marking functions external instead of public. There are also some public variables that could be declared constant. This is merely informational as the contract has already been deployed.
- The contract utilizes the SafeMath library to prevent overflows along with following the ERC20 standard.
- The "Owner" and the "OwnerMinter" have the ability to renounce ownership of their roles by re-assigning them to the 0x...dead address. As this contract is not yet deployed to the mainnet, this has not been done.
- The owner is able to set the fee percentages to any amount at any time.
- The owner is able to exclude addresses from fees at any time.
- The owner is able to enable and disable the automatic swapping features of the contract. Fees would instead accumulate in the contract address and no dividends would be distributed, nor would liquidity be added.
- The owner is able to add addresses to a blacklist which will prevent them from participating in transfers.
- The owner is able to exclude any address from dividends at any time.
- The owner is able to update the Dividend Tracker and UniswapV2Router contract addresses at any time.
- The owner is able to update the 'Marketing' wallet and 'Dev' wallet at any time.
- The owner is able to update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
- The owner is able to update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
- No external security threats were identified during our analysis.
- We recommend that the team renounces ownership and minting priviledges after a successful launch.
- Please ensure trust in the team as they have substantial control in the ecosystem.
- Date: September 13th, 2021
($) = payable function # = non-constant function + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] ownermint - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] renounceOwnershipMint # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Pub] transferOwnershipMint # - modifiers: onlyOwnerMint + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + [Lib] SafeMathInt - [Int] mul - [Int] div - [Int] sub - [Int] add - [Int] abs - [Int] toUint256Safe + [Lib] SafeMathUint - [Int] toInt256Safe + [Lib] IterableMapping - [Pub] get - [Pub] getIndexOfKey - [Pub] getKeyAtIndex - [Pub] size - [Pub] set # - [Pub] remove # + [Int] IUniswapV2Factory - [Ext] feeTo - [Ext] feeToSetter - [Ext] getPair - [Ext] allPairs - [Ext] allPairsLength - [Ext] createPair # - [Ext] setFeeTo # - [Ext] setFeeToSetter # + [Int] IUniswapV2Pair - [Ext] name - [Ext] symbol - [Ext] decimals - [Ext] totalSupply - [Ext] balanceOf - [Ext] allowance - [Ext] approve # - [Ext] transfer # - [Ext] transferFrom # - [Ext] DOMAIN_SEPARATOR - [Ext] PERMIT_TYPEHASH - [Ext] nonces - [Ext] permit # - [Ext] MINIMUM_LIQUIDITY - [Ext] factory - [Ext] token0 - [Ext] token1 - [Ext] getReserves - [Ext] price0CumulativeLast - [Ext] price1CumulativeLast - [Ext] kLast - [Ext] mint # - [Ext] burn # - [Ext] swap # - [Ext] skim # - [Ext] sync # - [Ext] initialize # + [Int] IUniswapV2Router01 - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] removeLiquidity # - [Ext] removeLiquidityETH # - [Ext] removeLiquidityWithPermit # - [Ext] removeLiquidityETHWithPermit # - [Ext] swapExactTokensForTokens # - [Ext] swapTokensForExactTokens # - [Ext] swapExactETHForTokens ($) - [Ext] swapTokensForExactETH # - [Ext] swapExactTokensForETH # - [Ext] swapETHForExactTokens ($) - [Ext] quote - [Ext] getAmountOut - [Ext] getAmountIn - [Ext] getAmountsOut - [Ext] getAmountsIn + [Int] IUniswapV2Router02 (IUniswapV2Router01) - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens # - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens # - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Int] IERC20Metadata (IERC20) - [Ext] name - [Ext] symbol - [Ext] decimals + ERC20 (Context, IERC20, IERC20Metadata) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _beforeTokenTransfer # + [Int] DividendPayingTokenInterface - [Ext] dividendOf - [Ext] distributeDividends ($) - [Ext] withdrawDividend # + [Int] DividendPayingTokenOptionalInterface - [Ext] withdrawableDividendOf - [Ext] withdrawnDividendOf - [Ext] accumulativeDividendOf + DividendPayingToken (ERC20, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface) - [Pub] # - modifiers: ERC20 - [Ext] ($) - [Pub] distributeDividends ($) - [Pub] withdrawDividend # - [Int] _withdrawDividendOfUser # - [Pub] dividendOf - [Pub] withdrawableDividendOf - [Pub] withdrawnDividendOf - [Pub] accumulativeDividendOf - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _setBalance # + pQBERT (ERC20, Ownable) - [Pub] # - modifiers: ERC20 - [Ext] ($) - [Pub] mint # - modifiers: onlyOwnerMint - [Pub] updateDividendTracker # - modifiers: onlyOwner - [Pub] updateUniswapV2Router # - modifiers: onlyOwner - [Pub] excludeFromFees # - modifiers: onlyOwner - [Pub] excludeMultipleAccountsFromFees # - modifiers: onlyOwner - [Pub] setAutomatedMarketMakerPair # - modifiers: onlyOwner - [Prv] _setAutomatedMarketMakerPair # - [Ext] blacklistAddress # - modifiers: onlyOwner - [Pub] updateGasForProcessing # - modifiers: onlyOwner - [Ext] updateClaimWait # - modifiers: onlyOwner - [Ext] updateMinimumToken # - modifiers: onlyOwner - [Ext] getMinHold - [Ext] getClaimWait - [Ext] getTotalDividendsDistributed - [Pub] isExcludedFromFees - [Pub] withdrawableDividendOf - [Pub] dividendTokenBalanceOf - [Ext] excludeFromDividends # - modifiers: onlyOwner - [Ext] getAccountDividendsInfo - [Ext] getAccountDividendsInfoAtIndex - [Ext] processDividendTracker # - [Ext] claim # - [Ext] getLastProcessedIndex - [Ext] getNumberOfDividendTokenHolders - [Ext] setMarketingWallet # - modifiers: onlyOwner - [Ext] setDevWallet # - modifiers: onlyOwner - [Ext] setNATIVERewardsFee # - modifiers: onlyOwner - [Ext] setLiquiditFee # - modifiers: onlyOwner - [Ext] setMarketingFee # - modifiers: onlyOwner - [Ext] setSwapEnabled # - modifiers: onlyOwner - [Ext] changeMinSwap # - modifiers: onlyOwner - [Int] _transfer # - [Prv] swapAndSendToMarketing # - modifiers: lockTheSwap - [Prv] addLiquidity # - [Prv] swapAndLiquify # - modifiers: lockTheSwap - [Prv] swapTokensForEth # - [Prv] swapAndSendDividends # - modifiers: lockTheSwap + QBERTDividendTracker (DividendPayingToken, Ownable) - [Pub] # - modifiers: DividendPayingToken - [Int] _transfer # - [Pub] withdrawDividend # - [Ext] excludeFromDividends # - modifiers: onlyOwner - [Ext] updateClaimWait # - modifiers: onlyOwner - [Ext] updateMinimumToken # - modifiers: onlyOwner - [Ext] getLastProcessedIndex - [Ext] getNumberOfTokenHolders - [Pub] getAccount - [Pub] getAccountAtIndex - [Prv] canAutoClaim - [Ext] setBalance # - modifiers: onlyOwner - [Pub] process # - [Pub] processAccount # - modifiers: onlyOwner