EverOwn - Smart Contract Audit Report
Summary
EverOwn is a platform that the project team can use to manage their client's token contracts.
Notes on the Contracts:Audit Findings Summary
- This platform is intended to be used for owners of token contracts that inherit the Ownable library or contain the relevant functions.
- The EverOwn contract may not be compatible with all token contracts so users should exercise caution and ensure the token contract has a compatible transferOwnership() and owner() function before sending any funds to the project team.
- The owner of the EverOwnFactory contract is able to deploy new EverOwn contracts on behalf of token contract owners.
- Once the new EverOwn contract is created, 12 BNB is transferred from the Factory contract to the team's EverRise token contract where it will eventually be used to perform a buyback and burn. Another 6 BNB is swapped for EverRise tokens via Pancakeswap and subsequently burned. This only applies while the buy-and-distribute functionality is enabled.
- The project team must ensure sufficient funds are available to support this logic.
- The EverRise token contract was not included in the scope of this audit, so we are unable to provide an assessment of this contract with regards to security.
- The ownership of the newly created EverOwn contract is transferred to the owner of the token contract.
- Although the EverOwn contract is owned by the user, the owner of the EverOwnFactory contract has complete control over the functionality of all EverOwn contracts.
- The owner of the EverOwnFactory contract can withdraw any BNB or tokens in any EverOwn contract or the EverOwnFactory contract at any time.
- The owner of the EverOwnFactory contract can also transfer any tokens in the EverOwn contract to the owner of the EverOwn contract at any time.
- The owner of the EverOwnFactory contract can transfer ownership of the token contract back to the original owner or any other address specified by the owner of the EverOwn contract; this assumes that the ownership of the token contract has been transferred to the EverOwnFactory contract.
- The owner of the EverOwnFactory contract can set the BNB amount used within the buy-and-distribute functionality to any value at any time.
- The owner of the EverOwnFactory contract can pause and unpause the buy-and-distribute functionality at any time.
- Some functions could have been declared external, some state variables could have been declared constant, and some state variables could be removed to optimize space and gas usage.
- There is a logical issue within the buyTokens() function which can result in an unexpected amount of BNB swapped for tokens.
- As the contract is deployed with Solidity v0.8.7, it is protected from overflows. The team can safely remove SafeMath to enjoy reduced contract size and gas savings.
- No security threats from outside attackers were identified.
- Ensure trust in the team as they have complete control in the ecosystem and may also require ownership of the user's token contract.
- Date: November 4th, 2021
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] transferFactoryOwnership #
- modifiers: onlyFactory
- [Pub] getUnlockTime
- [Pub] getTime
- [Pub] lock #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] EverRise (IERC20)
- [Ext] deliver #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ EverOwn (Context, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] addOwnership #
- modifiers: onlyFactory
- [Pub] addAltOwnership #
- modifiers: onlyOwner
- [Pub] unlockLiquidity #
- modifiers: onlyFactory
- [Pub] releaseOwnerShip #
- modifiers: onlyFactory
- [Pub] releaseAltOwnerShip #
- modifiers: onlyFactory
- [Pub] transferTokens #
- modifiers: onlyFactory
- [Ext] transferToAddressETH #
- modifiers: onlyFactory
- [Ext] ($)
+ EverOwnFactory (Context, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] setKrakenpct #
- modifiers: onlyOwner
- [Pub] setHolderPct #
- modifiers: onlyOwner
- [Pub] setEverOwnFee #
- modifiers: onlyOwner
- [Pub] setBuyAndDistribute #
- modifiers: onlyOwner
- [Prv] buyAndDistribute #
- [Pub] createEverOwn #
- modifiers: onlyOwner
- [Pub] transferTokens #
- modifiers: onlyOwner
- [Pub] unlockLiquidity #
- modifiers: onlyOwner
- [Pub] getContractAddress
- [Pub] getOwnerOfEverOwn
- [Pub] releaseOwnerShip #
- modifiers: onlyOwner
- [Pub] releaseAltOwnerShip #
- modifiers: onlyOwner
- [Prv] buyTokens #
- [Prv] swapNativeForTokens #
- [Ext] transferToAddressETHFromEO #
- modifiers: onlyOwner
- [Prv] transferToAddressETH #
- [Ext] transferBalanceToAddressETH #
- modifiers: onlyOwner
- [Ext] ($)