EverestCoin - Smart Contract Audit Report


 EverestCoin Audit Report EverestCoin ($EVCoin) is a new token on the Binance Smart Chain that is an automatic liquidity providing protocol that provides static rewards for holders, and offers the opportunity to participate in lottery drawings.

We reviewed EverestCoin's contract at 0x84b7bb9614cf28226d1b0a07499472bc107e3000 on the BSC mainnet.

Notes of the Contract:
  • The total supply of the token upon deployment is 1 trillion $EVCoin [1,000,000,000,000].
  • No mint functions are present. No burn functions are accessible for holders other than the contract address itself; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • 100% of the total supply is in possession of the owner as the contract was recently deployed.

  • There is a reflect fee, burn fee, liquidity fee, marketing fee, dev fee, mod fee, gameAdv fee, and a charity fee that is applied on transfers. The owner has the ability to modify these fees to any percentage (up to a maximum cumulative 34% total fee) at any time.
  • The contract also allows the owner to customize a separate fee structure that will be applied if the holder is buying or selling their $EVCoins. (Buying may have a different fee structure than selling).
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through holder tax are removed from the circulating supply.
  • The tokens that are taxed as part of the burn fee are instantly burned at the time of the transaction.
  • The tokens that are taxed for the liquidity fee during transfers are stored in the contract. Once the threshold value of 0.05% of the total supply is met, a swap will occur for the purpose of funding Pancakeswap liquidity. This functionality can be disabled by the owner at any time by setting the liquidity fee to zero.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold as determined by the owner is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The recipient of the newly created LP tokens is the burn address to ensure the LP tokens are properly locked.
  • The tokens that are taxed for the marketing fee, dev fee, mod fee, gameAdv fee, and a charity fee are stored in the contract address. Once the threshold value of 0.05% of the total supply is met, the tokens are swapped for BNB and sent to their respective wallets which are controlled by the team.
  • The contract utilizes "anti-sniper" logic to identify addresses that are buying or selling within a specified amount of time within a liquidity add, the address attempting the transfer will be added to a blacklist, and the transaction will be reverted.
  • The contract features an "anti-whale" mechanism which will prevent a transaction from occuring if the receivers balance, after the transaction takes place, will become greater than a specified amount of $EVCoins (max wallet amount).

  • The contract contains logic that adds addresses to a "lottery array" if certain conditions are met. The lottery drawing and payouts are conducted outside of the EverestCoin contract. Our team did not review any code related to the lottery outside of this smart contract. Therefore, we cannot comment on the logic regarding the winner being selected, nor can we verify the reward associated with the drawing.
  • The owner of the contract has the ability to initiate a lottery as long as there is not currently an active lottery running. Upon setting up each lottery, the owner will specify the end time for the drawing. The lottery can be closed by the owner prior to reaching this end time.
  • If a holder exceeds the minimum required amount of $EVCoin, and buys $EVCoin within the window of time immediately after a sell occurs, the purchasing holder will be eligible to participate in the drawing and is subsequently added to the lottery array.
  • In order to be eligible for the lottery, a holder's EVCoin balance must be above the "minimum hold amount". A holder must also buy $EVCoin within the window of time immediately after a sell occurs to be added to the lottery array. The purchase of $EVCoin must be larger than the owner's specified BNB requirement, which is 0.19 BNB upon deployment.
  • As the project is compiled with Solidity v0.8.4, it is protected from overflows.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner of the contract can exclude accounts from transfer fees and frictionless fee redistribution.
  • The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
  • The owner has the ability to exclude accounts from being subjected to the maximum transaction percent.
  • The owner has the ability to modify the max wallet amount to any value at any time as long as it is above 0.1% of the total supply.
  • The owner has the ability to update the transfer fees at any time.
  • The owner has the ability to toggle the contract balance swapping (to BNB) functionality at any time.
  • The owner has the ability to remove blacklisted addresses at any time.
  • The owner has the ability to update the marketing wallet to a new address at any time.
  • The owner has the ability to modify the minimum BNB requirement (upon buying $EVCoin) for the purpose of being added to the lottery array.
  • The owner has the ability to modify the minimum $EVCoin balance that is required in order for a holder to be eligible for the lottery.
  • The owner has the ability to begin and end lotteries at any time.

Audit Findings Summary:
  • No external threats were identified during our analysis.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Further, ensure trust in the team as the lottery drawing is either conducted off chain, or occurs within a contract that our team was not provided.
  • Date: September 20th, 2021.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Smart Contract Graph

Contract Inheritance

 ($) = payable function
 # = non-constant function
 Int = Internal
 Ext = External
 Pub = Public
 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  LotteryArray 
    - [Pub]  #
    - [Ext] checkUser
       - modifiers: onlyToken
    - [Ext] checkUserAtIndex
       - modifiers: onlyToken
    - [Ext] addUserToLottery #
       - modifiers: onlyToken
    - [Ext] finishAndCloseLottery #
       - modifiers: onlyToken
    - [Pub] getLotteryUserLength
    - [Pub] getRemainingLotteryTime

 +  EverestCoin (Context, IERC20)
    - [Pub]  ($)
    - [Ext]  ($)
    - [Pub] owner
    - [Ext] transferOwner #
       - modifiers: onlyOwner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] allowance
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] setNewRouter #
       - modifiers: onlyOwner
    - [Ext] setLpPair #
       - modifiers: onlyOwner
    - [Pub] isExcludedFromReward
    - [Pub] isExcludedFromFee
    - [Pub] isTransferTaxExcluded
    - [Pub] isSniper
    - [Ext] isProtected #
       - modifiers: onlyOwner
    - [Ext] removeSniper #
       - modifiers: onlyOwner
    - [Ext] setProtectionSettings #
       - modifiers: onlyOwner
    - [Ext] setStartingProtections #
       - modifiers: onlyOwner
    - [Ext] setBuyTaxes #
       - modifiers: onlyOwner
    - [Ext] setSellTaxes #
       - modifiers: onlyOwner
    - [Ext] setTransferTaxes #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercent #
       - modifiers: onlyOwner
    - [Ext] setMaxWalletSize #
       - modifiers: onlyOwner
    - [Ext] setMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Pub] setExcludedFromReward #
       - modifiers: onlyOwner
    - [Pub] setExcludedFromFee #
       - modifiers: onlyOwner
    - [Ext] setExcludedFromTransferTax #
       - modifiers: onlyOwner
    - [Ext] setExcludedFromTransferTaxBatch #
       - modifiers: onlyOwner
    - [Pub] totalFees
    - [Prv] _hasLimits
    - [Pub] tokenFromReflection
    - [Prv] _approve #
    - [Int] adjustTaxes #
    - [Int] _transfer #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Int] sendBNBout #
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] _checkLiquidityAdd #
    - [Prv] _finalizeTransfer #
    - [Int] getBNBFee
    - [Prv] _getValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _takeReflect #
    - [Prv] _takeLiquidity #
    - [Prv] _takeBurn #
    - [Ext] startNewLottery #
       - modifiers: onlyOwner
    - [Pub] isUserInLottery
    - [Ext] getLotteryUserLength
    - [Ext] finishAndCloseLottery #
       - modifiers: onlyOwner
    - [Ext] setMinimumHoldForLottery #
       - modifiers: onlyOwner
    - [Pub] getRemainingLotteryTime
    - [Pub] getUserAtIndex
    - [Ext] setMinBNBBuyNeeded #
       - modifiers: onlyOwner