1UP - Smart Contract Audit Report
Summary
1UP is a new blockchain project which has built a custom token contract and a series of contracts to support a presale and vesting of tokens to investors.
We reviewed 1UP's token and presale platform at commit 66b2af1eb139fc4a150c2943689463e7765198ef on GitHub.
Notes on the Token Contract:Notes on the Sales & Vesting Contracts:
- The token can be minted by any user with the Minter Role; by default the owner of the contract.
- The token contract has a maximum supply of 100 million 100,000,000 tokens.
- An anti-bot mechanism has been implemented, so users can only transfer tokens every 1 minute.
- In addition, there is a maximum transfer amount of 240,000 tokens in a single transaction.
- After 15 minutes the maximum transfer amount restriction will be lifted
- Owner can whitelist to exempt from the transfer limit and time restriction
- Utilization of SafeMath to prevent overflows.
- There is a private and public sale, allowing users to buy 1UP tokens.
- Owner can whitelist users in the presale contract, allowing them to purchase tokens with ETH up to an amount determined by the team in the private sale.
- All token purchases in the presale will be vested to users over time in the team's vesting contracts.
- The private sale will vest 85% of the purchased tokens over 90 days; and the public sale will vest 50% over 90 days.
- When the time deadline or the hard cap is reached, any user can call endPublicSale(). Thirty minutes later, anyone can have the contract add liquidity by calling addLiquidity().
- 60% of raised funds will be added to liquidity. The remaining 40% of the raised funds will be sent to the team.
- After the liquidity pool is created during presale, tokens will be minted and locked, vesting to the team over time.
- The team's fund will receive 4 million tokens, the marketing fund 4 million tokens, and the reserve fund 500,000 tokens; all in a vested manner.
- The team can manually allocate tokens to investors as well, with vesting.
- The LP tokens created from this process will be locked and claimable by the team 6 months after the presale concludes.
- The owner of the contract can recover any ERC20 tokens erroneously sent to the presale.
- In case of an issue with adding liquidity, users can withdraw their contributed funds one day after the presale concludes.
- Utilization of SafeMath to prevent overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- As with any presale, ensure trust in the team prior to investing.
- Further, ensure trust in the team as they have some control in the ecosystem.
- Date: June 22nd, 2021.
- Update Date: June 24th, 2021 - Updated token allocations.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
InvestorsVesting Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IOneUp (IERC20)
- [Ext] burn #
- [Ext] setTradingStart #
- [Ext] mint #
+ [Int] IVesting
- [Ext] submit #
- [Ext] submitMulti #
- [Ext] setStart #
- [Ext] claimTgeTokens #
- [Ext] claimLockedTokens #
- [Ext] reset #
- [Ext] isPrivilegedInvestor
- [Ext] getReleasableLockedTokens
- [Ext] getUserData
+ InvestorsVesting (IVesting, Ownable)
- [Pub] #
- [Pub] submit #
- modifiers: onlyOwner
- [Pub] reset #
- modifiers: onlyOwner
- [Ext] submitMulti #
- modifiers: onlyOwner
- [Ext] setStart #
- modifiers: onlyOwner
- [Pub] claimTgeTokens #
- [Pub] claimLockedTokens #
- [Pub] getReleasableLockedTokens
- [Pub] getUserData
- [Pub] isPrivilegedInvestor
- [Prv] _releasableAmount
- [Prv] _vestedAmount
- [Pub] getStartTime LiquidityProvider Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] ILiquidityProvider
- [Ext] addLiquidity #
- [Ext] recoverERC20 #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IOneUp (IERC20)
- [Ext] burn #
- [Ext] setTradingStart #
- [Ext] mint #
+ LiquidityProvider (ILiquidityProvider, Ownable)
- [Pub] #
- [Ext] ($)
- [Pub] addLiquidity #
- modifiers: onlyOwner
- [Pub] recoverERC20 #
- modifiers: onlyOwner OneUp Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ ERC20Burnable (Context, ERC20)
- [Pub] burn #
- [Pub] burnFrom #
+ Pausable (Context)
- [Pub] #
- [Pub] paused
- [Int] _pause #
- modifiers: whenNotPaused
- [Int] _unpause #
- modifiers: whenPaused
+ ERC20Pausable (ERC20, Pausable)
- [Int] _beforeTokenTransfer #
+ [Lib] Strings
- [Int] toString
- [Int] toHexString
- [Int] toHexString
+ [Int] IERC165
- [Ext] supportsInterface
+ ERC165 (IERC165)
- [Pub] supportsInterface
+ [Int] IAccessControl
- [Ext] hasRole
- [Ext] getRoleAdmin
- [Ext] grantRole #
- [Ext] revokeRole #
- [Ext] renounceRole #
+ AccessControl (Context, IAccessControl, ERC165)
- [Pub] supportsInterface
- [Pub] hasRole
- [Int] _checkRole
- [Pub] getRoleAdmin
- [Pub] grantRole #
- modifiers: onlyRole
- [Pub] revokeRole #
- modifiers: onlyRole
- [Pub] renounceRole #
- [Int] _setupRole #
- [Int] _setRoleAdmin #
- [Prv] _grantRole #
- [Prv] _revokeRole #
+ [Lib] EnumerableSet
- [Prv] _add #
- [Prv] _remove #
- [Prv] _contains
- [Prv] _length
- [Prv] _at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
- [Int] add #
- [Int] remove #
- [Int] contains
- [Int] length
- [Int] at
+ [Int] IAccessControlEnumerable
- [Ext] getRoleMember
- [Ext] getRoleMemberCount
+ AccessControlEnumerable (IAccessControlEnumerable, AccessControl)
- [Pub] supportsInterface
- [Pub] getRoleMember
- [Pub] getRoleMemberCount
- [Pub] grantRole #
- [Pub] revokeRole #
- [Pub] renounceRole #
- [Int] _setupRole #
+ ERC20PresetMinterPauser (Context, AccessControlEnumerable, ERC20Burnable, ERC20Pausable)
- [Pub] #
- modifiers: ERC20
- [Pub] mint #
- [Pub] pause #
- [Pub] unpause #
- [Int] _beforeTokenTransfer #
+ OneUp (ERC20PresetMinterPauser, Ownable)
- [Pub] #
- modifiers: ERC20PresetMinterPauser
- [Ext] setTradingStart #
- [Ext] whitelistAccount #
- modifiers: onlyOwner
- [Ext] removeWhitelistedAccount #
- modifiers: onlyOwner
- [Ext] decreaseDelayBetweenTx #
- modifiers: onlyOwner
- [Pub] lastTx
- [Pub] isWhitelisted
- [Int] _mint #
- [Int] _beforeTokenTransfer #
- modifiers: launchRestrict PublicSale Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IOneUp (IERC20)
- [Ext] burn #
- [Ext] setTradingStart #
- [Ext] mint #
+ [Int] IVesting
- [Ext] submit #
- [Ext] submitMulti #
- [Ext] setStart #
- [Ext] claimTgeTokens #
- [Ext] claimLockedTokens #
- [Ext] reset #
- [Ext] isPrivilegedInvestor
- [Ext] getReleasableLockedTokens
- [Ext] getUserData
+ InvestorsVesting (IVesting, Ownable)
- [Pub] #
- [Pub] submit #
- modifiers: onlyOwner
- [Pub] reset #
- modifiers: onlyOwner
- [Ext] submitMulti #
- modifiers: onlyOwner
- [Ext] setStart #
- modifiers: onlyOwner
- [Pub] claimTgeTokens #
- [Pub] claimLockedTokens #
- [Pub] getReleasableLockedTokens
- [Pub] getUserData
- [Pub] isPrivilegedInvestor
- [Prv] _releasableAmount
- [Prv] _vestedAmount
- [Pub] getStartTime
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] ILiquidityProvider
- [Ext] addLiquidity #
- [Ext] recoverERC20 #
+ LiquidityProvider (ILiquidityProvider, Ownable)
- [Pub] #
- [Ext] ($)
- [Pub] addLiquidity #
- modifiers: onlyOwner
- [Pub] recoverERC20 #
- modifiers: onlyOwner
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ [Lib] SafeERC20
- [Int] safeTransfer #
- [Int] safeTransferFrom #
- [Int] safeApprove #
- [Int] safeIncreaseAllowance #
- [Int] safeDecreaseAllowance #
- [Prv] _callOptionalReturn #
+ CliffVesting (Ownable)
- [Pub] #
- [Pub] release #
- [Prv] _releasableAmount
- [Prv] _vestedAmount
+ [Int] IPublicSale
- [Ext] addLiquidity #
- [Ext] endPublicSale #
- [Ext] endPrivateSale #
- [Ext] emergencyWithdrawFunds #
- [Ext] recoverERC20 #
- [Ext] recoverLpToken #
- [Ext] addPrivateAllocations #
- [Ext] lockCompanyTokens #
- [Ext] whitelistUsers #
- [Ext] getWhitelistedAmount
- [Ext] getUserDeposits
+ PublicSale (IPublicSale, Ownable)
- [Pub] #
- [Ext] ($)
- [Pub] deposit ($)
- [Ext] endPublicSale #
- [Ext] addLiquidity #
- [Ext] emergencyWithdrawFunds #
- [Pub] addPrivateAllocations #
- modifiers: onlyOwner
- [Ext] endPrivateSale #
- modifiers: onlyOwner
- [Ext] recoverERC20 #
- modifiers: onlyOwner
- [Ext] recoverLpToken #
- modifiers: onlyOwner
- [Ext] lockCompanyTokens #
- [Ext] whitelistUsers #
- modifiers: onlyOwner
- [Pub] getWhitelistedAmount
- [Pub] getUserDeposits
- [Pub] getTotalDeposits