Dinosaur - Smart Contract Audit Report
Summary
Dinosaur ($DINO) is a new token contract on the Binance Smart Chain that contains the functionality of frictionless fee redistribution, liquidity adds, BNB rewards, and a lottery system.
Overview of the Contract:Audit Findings Summary
- The total supply of the token is initially set to two million [2,000,000] $DINO.
- No minting or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 100% of the total supply is in possesion of the owner as the project was recently deployed.
- There is a 'tax fee' and 'liquidity fee' on all transactions for any "non-excluded" address that participates in a transfer. The owner has the ability to modify both fees to any percentage up to 30% any time.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
- The liquidity fee charged on transactions is stored in the contract and, once a threshold value is met, is used to fund Pancakeswap liquidity. This functionality can be enabled/disabled by the owner.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold as determined by the owner is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the owner of the contract. The team is responsible for locking these newly acquired LP tokens.
- A final portion of the fees charged on transfers is used to fund BNB rewards, which will be claimable by token holders. This is also used to fund a lottery system, allowing users to win extra rewards on a psuedo-random basis.
- Ownership has not been renounced.
- The owner of the contract can exclude and include accounts from transfer fees and reward distribution.
- The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner has the ability to exclude and include addresses from this maximum transaction amount.
- The owner can recover any ERC20 tokens erroneously sent to the contract.
- After the contract has been deployed, the owner can call the "Activate Contract" function, which will enable the functionality for DINO reward claiming for holders; as well as enabling the swap and liquify functionality, and providing the necessary approvals for the PancakeSwap Router.
- The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
- The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
- We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
- The randomness function, to an extent, relies on predictable environment variables. This is common, albiet not best practice; but the probability of miners maliciously changing these variables is extremley low.
- Some functions could have been declared external instead of public to save some gas.
- BNB claiming logic is properly structured to prevent reentrancy attacks.
- The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.
- No external threats were identified.
- There are potential risks that exist for holders regarding the team's ability to retain control of the contract.
- We recommend that the team renounces ownership without ever calling the lock function after a successful launch.
- Please ensure trust in the team prior to investing as they have notable control within the ecosystem.
- Date: September 6th, 2021
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | Randomness relies on a series of environmental variables. Probability of a negative impact is very low. | WARNING |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] geUnlockTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IPancakeFactory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IPancakePair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IPancakeRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IPancakeRouter02 (IPancakeRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Lib] Utils
- [Pub] calculateBNBReward
- [Pub] calculateTopUpClaim
- [Pub] swapTokensForEth #
- [Pub] swapETHForTokens #
- [Pub] addLiquidity #
+ ReentrancyGuard
- [Pub] #
+ DinoToken (Context, IBEP20, Ownable, ReentrancyGuard)
- [Pub] ($)
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcludedFromReward
- [Pub] totalFees
- [Pub] deliver #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Prv] _transferBothExcluded #
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Ext] setTaxFeePercent #
- modifiers: onlyOwner
- [Ext] setLiquidityFeePercent #
- modifiers: onlyOwner
- [Pub] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Ext] ($)
- [Ext] ($)
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeLiquidity #
- [Prv] calculateTaxFee
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Pub] isExcludedFromFee
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Pub] setMaxTxPercent #
- modifiers: onlyOwner
- [Pub] setExcludeFromMaxTx #
- modifiers: onlyOwner
- [Pub] calculateBNBReward
- [Pub] getRewardCycleBlock
- [Pub] setRewardCycleBlock #
- modifiers: onlyOwner
- [Pub] claimBNBReward #
- modifiers: isHuman,nonReentrant
- [Prv] topUpClaimCycleAfterTransfer #
- [Prv] ensureMaxTxAmount
- [Pub] disruptiveTransfer ($)
- [Prv] swapAndLiquify #
- [Pub] activateContract #
- modifiers: onlyOwner
- [Pub] transferAnyERC20Token #
- modifiers: onlyOwner