Decentralized Publication Platform - Smart Contract Audit Report
Audit Summary
Decentralized Publication Platform ($PUBL) is building a new ERC-20 token with a Liquidity Generation Event.
For this audit, we reviewed the PublCoin contract using code that was provided to us by the project team.
Audit Findings
Please ensure trust in the team prior to investing as they will be minted 100% of the total supply upon deployment.
Date: February 25th, 2022.
Updated: March 4th, 2022 to reflect the new contract provided to us by the team that resolves Findings #1 & #2.Finding #1 - PublCoin - Informational (Resolved)
Description: Several functions are declared public, but are never called internally.Recommendation: We recommend declaring these functions external for additional gas savings on each call.burn, transfer, approve, transferFrom, increaseAllowance, decreaseAllowance
Resolution: The team has declared the above functions external.Finding #2 - PublCoin - Informational (Resolved)
Description: Although the SafeMath library is utilized, the contract is implemented with Solidity v0.8.x which has built-in overflow checks.
Recommendation: SafeMath could be safely removed to reduce contract size and deployment costs.
Resolution: The team has removed the SafeMath library.
Contract Overview
- The total supply of the token is set to 5 billion $PUBL [5,000,000,000] and will be minted to the owner upon deployment.
- No mint functions are accessible beyond deployment.
- Any user can burn their own tokens to reduce the total supply.
- There was no token allocation for our team to analyze as the contract has yet to be deployed to the mainnet.
- The contract supports a Liquidity Generation Event consisting of one or many rounds as determined by the owner.
- Each round has a set duration, a maximum contribution amount per user, and a whitelist of addresses that are able to participate; these values are determined by the PGE Whitelister address, which is set by the owner.
- After the rounds are created and the Pair address is set, anyone may kick off the Liquidity Generation Event by transferring tokens to the Pair address.
- Only whitelisted users may participate in the Liquidity Generation Event by purchasing tokens from the Pair; there may be a different set of whitelisted users for every round.
- During the Liquidity Generation Event, the amount of purchased tokens is recorded to ensure it does not exceed the maximum allowed amount per user per round.
- The PGE Whitelister address can set the Pair address, delete the round data, modify the round duration, maximum contribution amount, and list of whitelisted users for any round at any time.
- The owner can set the PGE Whitelister address to any address at any time; initially, the owner is set as the PGE Whitelister.
- There are no fees associated with transferring tokens.
- The owner can withdraw any tokens from the contract at any time.
- As the contract is implemented with Solidity v0.8.x it is protected from overflows/underflows.
- The contract complies with the ERC-20 token standard.
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | 100% of the total supply will be minted to the deployer. | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ WhiteListed (Context, Ownable)
- [Pub] #
- [Ext] renounceWhitelister #
- modifiers: onlyWhitelister
- [Ext] transferWhitelister #
- modifiers: onlyOwner
- [Int] _transferWhitelister #
- [Ext] createPGEWhitelist #
- modifiers: onlyWhitelister
- [Ext] modifyPGEWhitelist #
- modifiers: onlyWhitelister
- [Pub] getPGEWhitelistRound
- [Int] _applyPGEWhitelist #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ PublCoin (Ownable, IERC20, WhiteListed)
- [Pub] #
- [Ext] getOwner
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] totalSupply
- [Ext] balanceOf
- [Pub] burn #
- [Int] _mint #
- [Int] _burn #
- [Pub] transfer #
- [Ext] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Ext] withdrawToken #
- modifiers: onlyOwner
- [Int] _approve #