Decentralized Publication Platform - Smart Contract Audit Report

Audit Summary

Decentralized Publication Platform Audit Report Decentralized Publication Platform ($PUBL) is building a new ERC-20 token with a Liquidity Generation Event.

For this audit, we reviewed the PublCoin contract using code that was provided to us by the project team.

Audit Findings

Please ensure trust in the team prior to investing as they will be minted 100% of the total supply upon deployment.
Date: February 25th, 2022.
Updated: March 4th, 2022 to reflect the new contract provided to us by the team that resolves Findings #1 & #2.

Finding #1 - PublCoin - Informational (Resolved)

Description: Several functions are declared public, but are never called internally.
burn, transfer, approve, transferFrom, increaseAllowance, decreaseAllowance
Recommendation: We recommend declaring these functions external for additional gas savings on each call.
Resolution: The team has declared the above functions external.

Finding #2 - PublCoin - Informational (Resolved)

Description: Although the SafeMath library is utilized, the contract is implemented with Solidity v0.8.x which has built-in overflow checks.
Recommendation: SafeMath could be safely removed to reduce contract size and deployment costs.
Resolution: The team has removed the SafeMath library.

Contract Overview

  • The total supply of the token is set to 5 billion $PUBL [5,000,000,000] and will be minted to the owner upon deployment.
  • No mint functions are accessible beyond deployment.
  • Any user can burn their own tokens to reduce the total supply.
  • There was no token allocation for our team to analyze as the contract has yet to be deployed to the mainnet.

  • The contract supports a Liquidity Generation Event consisting of one or many rounds as determined by the owner.
  • Each round has a set duration, a maximum contribution amount per user, and a whitelist of addresses that are able to participate; these values are determined by the PGE Whitelister address, which is set by the owner.
  • After the rounds are created and the Pair address is set, anyone may kick off the Liquidity Generation Event by transferring tokens to the Pair address.
  • Only whitelisted users may participate in the Liquidity Generation Event by purchasing tokens from the Pair; there may be a different set of whitelisted users for every round.
  • During the Liquidity Generation Event, the amount of purchased tokens is recorded to ensure it does not exceed the maximum allowed amount per user per round.
  • The PGE Whitelister address can set the Pair address, delete the round data, modify the round duration, maximum contribution amount, and list of whitelisted users for any round at any time.
  • The owner can set the PGE Whitelister address to any address at any time; initially, the owner is set as the PGE Whitelister.

  • There are no fees associated with transferring tokens.
  • The owner can withdraw any tokens from the contract at any time.
  • As the contract is implemented with Solidity v0.8.x it is protected from overflows/underflows.
  • The contract complies with the ERC-20 token standard.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control100% of the total supply will be minted to the deployer.PASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

BEP20 Token Graph

Inheritance Chart

Multi-file Token

Functions Overview

($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 +  WhiteListed (Context, Ownable)
    - [Pub]  #
    - [Ext] renounceWhitelister #
       - modifiers: onlyWhitelister
    - [Ext] transferWhitelister #
       - modifiers: onlyOwner
    - [Int] _transferWhitelister #
    - [Ext] createPGEWhitelist #
       - modifiers: onlyWhitelister
    - [Ext] modifyPGEWhitelist #
       - modifiers: onlyWhitelister
    - [Pub] getPGEWhitelistRound
    - [Int] _applyPGEWhitelist #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  PublCoin (Ownable, IERC20, WhiteListed)
    - [Pub]  #
    - [Ext] getOwner
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Pub] burn #
    - [Int] _mint #
    - [Int] _burn #
    - [Pub] transfer #
    - [Ext] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Ext] withdrawToken #
       - modifiers: onlyOwner
    - [Int] _approve #