Bxie Infinity - Audit Report
SummaryBxie Infinity ($BXS) is a new BEP20 token on the Binance Smart Chain.
We audited Bxie Infinity's token contract that is deployed at 0xF2E71B054B6b0F3C5513Af505E6c072008ECFaCD on the Binance Smart Chain mainnet.
Notes on the Contract:
Audit Findings Summary
- The total supply of the token is initially set to 2.7 billion [2,700,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 100% of the total supply belongs to the owner as the contract was recently deployed.
- If a user grants an approval for the "Mainchain Gateway" wallet controlled by the team to spend any amount of tokens on their behalf, the Mainchain Gateway wallet can repeatedly call the TransferFrom() function and send the granted amount of tokens to any wallet as the allowances are not properly updated after each transferFrom() call by the Mainchain Gateway wallet.
- The owner can update the Mainchain Gateway wallet controlled by the team to any address at any time.
- The owner can withdraw any BNB or BEP20 tokens from the contract address balance.
- As the contract is deployed with Solidity v0.8.x, it is protected from overflows.
- Some functions could have been declared external instead of public to save some gas, but as this is already deployed this is merely informational.
- No external threats were identified.
- WARNING: A team wallet can spend more tokens than allowed on another user's behalf if any approval has been granted by the user. The team claims that centralized controls such as this, are needed to support their game.
- Ensure trust in the team as the owner has control over the total token supply.
- Date: November 24th, 2021
|Arbitrary Storage Write||N/A||PASS|
|Centralization of Control||A team wallet can spend more tokens than allowed on another user's behalf if any approval has been granted by the user.||WARNING/ACKNOWLEDGED|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||WARNING|
($) = payable function # = non-constant function + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Int] IERC20Metadata (IERC20) - [Ext] name - [Ext] symbol - [Ext] decimals + Context - [Int] _msgSender - [Int] _msgData + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Prv] _setOwner # + BXS (Ownable, IERC20, IERC20Metadata) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Ext] setGateway # - modifiers: onlyOwner - [Ext] ($) - [Ext] ($) - [Ext] sweepBNB # - modifiers: onlyOwner - [Ext] sweepToken # - modifiers: onlyOwner - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve #