BogDaMorph - Smart Contract Audit Report
Summary
BogDaMorph ($BDM) is a new token that features automatic liquidity adds and pays holders dividends in $BOG.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is set to 10 million [10,000,000].
- No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- There is currently no token allocation for our team to analyze.
- There is a Liquidity Fee, Bog Rewards Fee, and Marketing fee on all transfers when interacting with Pancakeswap (given that the transferring address is not excluded from fees). A separate fee structure can be set by the team to apply different fee amounts depending on whether the user is buying or selling during the transfer.
- The fees charged on transactions are stored in the contract and once a threshold value of 2,000 tokens is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold value of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The LP tokens received through this process are sent to the the 0x00 address.
- The tokens collected from the marketing fee are swapped for BNB and sent to the team's Marketing wallet.
- The remaining portion of tokens are swapped for $BOG and used to fund dividend rewards for all eligible users.
- A user must hold 100 tokens to be eligible for dividends.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait-time of 3600 seconds (1 hour) between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
- The contract features a maximum transaction amount, which imposes a limit to the number of tokens that can be transferred when buying from or selling to Pancakeswap.
- The contract also features a maximum wallet amount which ensures that a user's token balance does not exceed 200,000 tokens (2% of the total supply) after a buying transaction.
- The contract utilizes the SafeMath library to prevent overflows along with following the BEP20 standard.
Ownership Controls:- The owner of the contract will be assigned to an Authorized role upon deployment. Assigned Authorized addresses have access to specific functions in the contract. If ownership is transferred to another address, the original owner will still remain an Authorized address along with the new owner.
- Any Authorized address can set the Liquidity Fee, Bog Rewards Fee, and Marketing fee for both fee structures to any percentages at any time.
- Any Authorized address can exclude any address from transfer fees and dividends at any time.
- Any Authorized address can withdraw any tokens or BNB from the contract address at any time.
- Any Authorized address can enable/disable automatic liquidity adds at any time and set the threshold number of tokens needed to trigger it to value.
- Any Authorized address can update the maximum transaction amounts to any values at any time.
- Any Authorized address can add any address to a blacklist which will prevent them from participating in transfers.
- If a user has pending withdrawable dividends, any Authorized address can manually send those dividends to the user at any time.
- Any Authorized address can update the maximum amount of gas used for processing to a value between 200,000 and 500,000 at any time.
- Any Authorized address can update the amount of time a user must wait between claiming dividends to a value between 1 and 24 hours (in seconds).
- Any Authorized address can whitelist any address (for presale purposes) which would exclude an account from fees and dividends, allow an account to trade even when trading is disabled, and exempt an account from maximum transaction/maximum wallet limits.
- Any Authorized address can update the team's Marketing wallet, Automated Market Maker Pair, and Pancakeswap Router addresses at any time.
- No external threats were identified.
- Please ensure trust in the team as they have substantial control in the ecosystem and can withdraw any amount of tokens and BNB from the contract.
- As with any presale, further ensure trust in the team prior to investing.
- Date: December 9th, 2021
- Updated: January 22nd, 2022 to remove mainnet address due to project's planned redeployment.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
+ [Lib] SafeMathUint
- [Int] toInt256Safe
+ [Lib] SafeMathInt
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
- [Int] abs
- [Int] toUint256Safe
+ [Int] DividendPayingTokenInterface
- [Ext] dividendOf
- [Ext] withdrawDividend #
+ [Int] DividendPayingTokenOptionalInterface
- [Ext] withdrawableDividendOf
- [Ext] withdrawnDividendOf
- [Ext] accumulativeDividendOf
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] admin
- [Int] _isAuthorized
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ DividendPayingToken (ERC20, Ownable, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
- [Pub] #
- modifiers: ERC20
- [Pub] distributeBOGDividends #
- modifiers: onlyAuthorized
- [Pub] withdrawDividend #
- [Int] _withdrawDividendOfUser #
- [Pub] dividendOf
- [Pub] withdrawableDividendOf
- [Pub] withdrawnDividendOf
- [Pub] accumulativeDividendOf
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _setBalance #
+ [Lib] IterableMapping
- [Pub] get
- [Pub] getIndexOfKey
- [Pub] getKeyAtIndex
- [Pub] size
- [Pub] set #
- [Pub] remove #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ BogDaMorph (ERC20, Ownable)
- [Pub] #
- modifiers: ERC20
- [Ext] ($)
- [Ext] withdrawToken #
- modifiers: onlyAuthorized
- [Pub] updateUniswapV2Router #
- modifiers: onlyAuthorized
- [Pub] excludeFromFees #
- modifiers: onlyAuthorized
- [Ext] setmrkt #
- modifiers: onlyAuthorized
- [Ext] setBOGRewardsFees #
- modifiers: onlyAuthorized
- [Ext] setSwapAndLiquify #
- modifiers: onlyAuthorized
- [Ext] setLiquidityFee #
- modifiers: onlyAuthorized
- [Ext] setMarketingFee #
- modifiers: onlyAuthorized
- [Pub] setAutomatedMarketMakerPair #
- modifiers: onlyAuthorized
- [Ext] blacklistAddress #
- modifiers: onlyAuthorized
- [Prv] _setAutomatedMarketMakerPair #
- [Pub] updateGasForProcessing #
- modifiers: onlyAuthorized
- [Ext] updateClaimWait #
- modifiers: onlyAuthorized
- [Ext] getClaimWait
- [Ext] updatePresaleMode #
- modifiers: onlyAuthorized
- [Ext] getTotalDividendsDistributed
- [Pub] isExcludedFromFees
- [Ext] updateCanJumpLimitOnWallet #
- modifiers: onlyAuthorized
- [Pub] withdrawableDividendOf
- [Pub] dividendTokenBalanceOf
- [Ext] excludeFromDividends #
- modifiers: onlyAuthorized
- [Ext] getAccountDividendsInfo
- [Ext] getAccountDividendsInfoAtIndex
- [Ext] processDividendTracker #
- [Ext] claim #
- [Ext] getNumberOfDividendTokenHoldersAndLastProcessedIndex
- [Prv] checkIfSell
- [Int] _transfer #
- [Prv] swapAndSendToFee #
- [Prv] swapAndLiquify #
- [Prv] swapTokensForEth #
- [Prv] swapTokensForBOG #
- [Prv] addLiquidity #
- [Prv] swapAndSendDividends #
+ BDMDividendTracker (Ownable, DividendPayingToken)
- [Pub] #
- modifiers: DividendPayingToken
- [Int] _transfer #
- [Pub] withdrawDividend #
- [Ext] excludeFromDividends #
- modifiers: onlyAuthorized
- [Ext] updateClaimWait #
- modifiers: onlyAuthorized
- [Ext] getLastProcessedIndex
- [Ext] getNumberOfTokenHolders
- [Pub] getAccount
- [Pub] getAccountAtIndex
- [Prv] canAutoClaim
- [Ext] setBalance #
- modifiers: onlyAuthorized
- [Pub] process #
- [Pub] processAccount #
- modifiers: onlyAuthorized