EverOwn - Smart Contract Audit Report
EverOwn is a platform that the project team can use to manage their client's token contracts.We audited the project team's EverOwnFactory and EverOwn contracts at 0xeb40B3a0d8c0fA222cD497aD8b15d369F3E5d215 on the Binance SmartChain Mainnet.
Notes on the Contracts:
Audit Findings Summary
- This platform is intended to be used for owners of token contracts that inherit the Ownable library or contain the relevant functions.
- The EverOwn contract may not be compatible with all token contracts so users should exercise caution and ensure the token contract has a compatible transferOwnership() and owner() function before sending any funds to the project team.
- The owner of the EverOwnFactory contract is able to deploy new EverOwn contracts on behalf of token contract owners.
- Once the new EverOwn contract is created, 12 BNB is transferred from the Factory contract to the team's EverRise token contract where it will eventually be used to perform a buyback and burn. Another 6 BNB is swapped for EverRise tokens via Pancakeswap and subsequently burned. This only applies while the buy-and-distribute functionality is enabled.
- The project team must ensure sufficient funds are available to support this logic.
- The EverRise token contract was not included in the scope of this audit, so we are unable to provide an assessment of this contract with regards to security.
- The ownership of the newly created EverOwn contract is transferred to the owner of the token contract.
- Although the EverOwn contract is owned by the user, the owner of the EverOwnFactory contract has complete control over the functionality of all EverOwn contracts.
- The owner of the EverOwnFactory contract can withdraw any BNB or tokens in any EverOwn contract or the EverOwnFactory contract at any time.
- The owner of the EverOwnFactory contract can also transfer any tokens in the EverOwn contract to the owner of the EverOwn contract at any time.
- The owner of the EverOwnFactory contract can transfer ownership of the token contract back to the original owner or any other address specified by the owner of the EverOwn contract; this assumes that the ownership of the token contract has been transferred to the EverOwnFactory contract.
- The owner of the EverOwnFactory contract can set the BNB amount used within the buy-and-distribute functionality to any value at any time.
- The owner of the EverOwnFactory contract can pause and unpause the buy-and-distribute functionality at any time.
- Some functions could have been declared external, some state variables could have been declared constant, and some state variables could be removed to optimize space and gas usage.
- There is a logical issue within the buyTokens() function which can result in an unexpected amount of BNB swapped for tokens.
- As the contract is deployed with Solidity v0.8.7, it is protected from overflows. The team can safely remove SafeMath to enjoy reduced contract size and gas savings.
- No security threats from outside attackers were identified.
- Ensure trust in the team as they have complete control in the ecosystem and may also require ownership of the user's token contract.
- Date: November 4th, 2021
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + Context - [Int] _msgSender - [Int] _msgData + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + Ownable (Context) - [Pub]
# - [Pub] owner - [Pub] transferOwnership # - modifiers: onlyOwner - [Pub] transferFactoryOwnership # - modifiers: onlyFactory - [Pub] getUnlockTime - [Pub] getTime - [Pub] lock # - modifiers: onlyOwner - [Pub] unlock # + [Int] EverRise (IERC20) - [Ext] deliver # + [Int] IUniswapV2Factory - [Ext] feeTo - [Ext] feeToSetter - [Ext] getPair - [Ext] allPairs - [Ext] allPairsLength - [Ext] createPair # - [Ext] setFeeTo # - [Ext] setFeeToSetter # + [Int] IUniswapV2Pair - [Ext] name - [Ext] symbol - [Ext] decimals - [Ext] totalSupply - [Ext] balanceOf - [Ext] allowance - [Ext] approve # - [Ext] transfer # - [Ext] transferFrom # - [Ext] DOMAIN_SEPARATOR - [Ext] PERMIT_TYPEHASH - [Ext] nonces - [Ext] permit # - [Ext] MINIMUM_LIQUIDITY - [Ext] factory - [Ext] token0 - [Ext] token1 - [Ext] getReserves - [Ext] price0CumulativeLast - [Ext] price1CumulativeLast - [Ext] kLast - [Ext] burn # - [Ext] swap # - [Ext] skim # - [Ext] sync # - [Ext] initialize # + [Int] IUniswapV2Router01 - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] removeLiquidity # - [Ext] removeLiquidityETH # - [Ext] removeLiquidityWithPermit # - [Ext] removeLiquidityETHWithPermit # - [Ext] swapExactTokensForTokens # - [Ext] swapTokensForExactTokens # - [Ext] swapExactETHForTokens ($) - [Ext] swapTokensForExactETH # - [Ext] swapExactTokensForETH # - [Ext] swapETHForExactTokens ($) - [Ext] quote - [Ext] getAmountOut - [Ext] getAmountIn - [Ext] getAmountsOut - [Ext] getAmountsIn + [Int] IUniswapV2Router02 (IUniswapV2Router01) - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens # - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens # - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + EverOwn (Context, Ownable) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] addOwnership # - modifiers: onlyFactory - [Pub] addAltOwnership # - modifiers: onlyOwner - [Pub] unlockLiquidity # - modifiers: onlyFactory - [Pub] releaseOwnerShip # - modifiers: onlyFactory - [Pub] releaseAltOwnerShip # - modifiers: onlyFactory - [Pub] transferTokens # - modifiers: onlyFactory - [Ext] transferToAddressETH # - modifiers: onlyFactory - [Ext] ($) + EverOwnFactory (Context, Ownable) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] setKrakenpct # - modifiers: onlyOwner - [Pub] setHolderPct # - modifiers: onlyOwner - [Pub] setEverOwnFee # - modifiers: onlyOwner - [Pub] setBuyAndDistribute # - modifiers: onlyOwner - [Prv] buyAndDistribute # - [Pub] createEverOwn # - modifiers: onlyOwner - [Pub] transferTokens # - modifiers: onlyOwner - [Pub] unlockLiquidity # - modifiers: onlyOwner - [Pub] getContractAddress - [Pub] getOwnerOfEverOwn - [Pub] releaseOwnerShip # - modifiers: onlyOwner - [Pub] releaseAltOwnerShip # - modifiers: onlyOwner - [Prv] buyTokens # - [Prv] swapNativeForTokens # - [Ext] transferToAddressETHFromEO # - modifiers: onlyOwner - [Prv] transferToAddressETH # - [Ext] transferBalanceToAddressETH # - modifiers: onlyOwner - [Ext] ($)