xYSL Token - Smart Contract Audit Report


xYSLToken Audit Report YSL.IO Protocol is launching a new deflationary BEP20 token with locking functionality.

For this audit we reviewed the project's xYSLToken contract at commit dc4f8b21e4c5ef30b41848f0f79fcc17c53a3e2b on the team's private GitHub.

Notes on the contract:
  • No tokens are minted upon deployment, however any address with the Minter role has the ability to mint any amount of tokens to any address at any time as long as it does not cause the token's total supply to exceed a cap of 80,000 $xYSL. This cap cannot be changed.
  • There is a 12.5% fee when transferring $xYSL. 7.5% is sent to an admin defined fee address, and 5% is sent to the 0x0 address as a burn fee. This fee is taken from the recipient of the transfer.
  • These fees are constant and cannot be changed.
  • Tokens taken as burn fees do not decrease the total supply. This means that after the total supply reaches 80,000, Minters will not be able to mint any further tokens. This will cause the circulating supply to decrease over time as tokens are burned from transfers.
  • Users can also decrease the ciruclating supply by transferring tokens to the 0x..dead address, if desired.
  • A Minter has the ability to airdrop tokens to a user from their own address. These tokens are locked, and vest linearly throughout the lock period specified by the Minter. For example: if 10% of the lock period has passed, 10% of the tokens will be available to the user.
  • If a user already has locked funds, the new airdrop funds will be added to the existing lock without increasing lock time. This can result in the user gaining immediate access to a portion of these funds.
  • Admins can change the fee address at any time.
  • Admins can add or remove any address from a "whitelist" at any time.
  • Fees will not be applied to transfers involving a whitelisted address.
  • Admins can grant or revoke the Minter role to any address at any time.
  • The admin role is given to the deployer of the contract.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have substantial control over the ecosystem.
  • Date: October 5th, 2021.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

ERC20 Token Graph

Multi-file Token

 ($) = payable function
 # = non-constant function
  + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 + [Int] IAccessControl 
    - [Ext] hasRole
    - [Ext] getRoleAdmin
    - [Ext] grantRole #
    - [Ext] revokeRole #
    - [Ext] renounceRole #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Strings 
    - [Int] toString
    - [Int] toHexString
    - [Int] toHexString

 + [Int] IERC165 
    - [Ext] supportsInterface

 +  ERC165 (IERC165)
    - [Pub] supportsInterface

 +  AccessControl (Context, IAccessControl, ERC165)
    - [Pub] supportsInterface
    - [Pub] hasRole
    - [Int] _checkRole
    - [Pub] getRoleAdmin
    - [Pub] grantRole #
       - modifiers: onlyRole
    - [Pub] revokeRole #
       - modifiers: onlyRole
    - [Pub] renounceRole #
    - [Int] _setupRole #
    - [Int] _setRoleAdmin #
    - [Prv] _grantRole #
    - [Prv] _revokeRole #

 + [Int] IxYSLAdapter 
    - [Ext] collectxYSLFee #
    - [Ext] transferSurcharge #

 +  xYSLToken (IERC20, IERC20Metadata, AccessControl)
    - [Pub]  #
    - [Ext] addToWhitelist #
       - modifiers: onlyRole
    - [Ext] removeFromWhitelist #
       - modifiers: onlyRole
    - [Ext] setMinter #
       - modifiers: onlyRole
    - [Ext] removeMinter #
       - modifiers: onlyRole
    - [Ext] setAdapter #
       - modifiers: onlyRole
    - [Pub] mint #
       - modifiers: minterOnly
    - [Pub] mintFor #
       - modifiers: minterOnly
    - [Ext] getAirdropped #
       - modifiers: minterOnly
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
       - modifiers: checkHardcap
    - [Int] _approve #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #
    - [Pub] lockedTokens
    - [Ext] unlockedTokens
    - [Pub] unlockable
    - [Ext] availableTokens
    - [Pub] unlock #
    - [Int] _vested