| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
GemStone Token - Smart Contract Audit Report
Summary
GemStone intends to build a digital collectibles marketplace with task-based NFTs.
We reviewed GemStone's token contrct on the the Binance Smart Chain mainnet at 0x444a0e0c139cac67e8f9be945c6dfe01a2766ed1. Please note we have not reviewed the team's upcoming staking contract.
Notes on the Contract:The token has an total supply of 14 million. No further tokens can be minted. The exchange address was allocated 5 million tokens, which were added to liquidity and locked for 1 year. 1.5 million tokens were allocated to an address to conduct airdrops and provide future staking rewards. The team conducted an airdrop to distribute 100,000 tokens; the rest remain in the control of the team. 2.5 million tokens were allocated to a "burn address," which cannot be transferred. 150,000 tokens can be burned from this address periodically when the team makes transfers, or once a month by the team by calling monthlyBurn(). The marketing address was allocated 2.25 million tokens, some of which it has been selling. The team address holds 3.75 million tokens; 1.5 million of which are released every 90 days. This is more than what is available in the liquidity pool. While liquidity has been locked for 1 year, three wallets (excluding the projects "burn address") hold more tokens than the amount in liquidity. These whales may pose a risk to investors. The token has a 5% fee on transfers which will end after 1 million tokens have been burned There is a limit on the amount of tokens a user can sell which is set at 1.5 million per transaction. The team can enable or disable this limit at any time. In addition, the addresses of DEXs are determined by the team and can be updated at any time. A number of variables can be constant and functions public to save gas; but as the code is already deployed this is informational. The contract utilizes SafeMath to check for and revert on overflows.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- The team has locked tokens on our recommendation, though they did so in an insecure team-created contract, leading to an individual being able to obtain and sell a number of tokens. The risk posed from this mistake has concluded as of March 23rd.
- More tokens than liquidity are to be released to the team each month; so ensure trust in the team prior to investing.
- KYC Conducted: No
- Date: March 17th, 2021.
- Update Date: March 19th, 2021 - Movement of tokens into unverified lock contract.
- Update Date: March 24th, 2021 - Locked tokens lost.
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ BEP20Basic
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
+ [Lib] SafeMath
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
+ BasicToken (BEP20Basic)
- [Pub] totalSupply
- [Pub] transfer #
- [Pub] balanceOf
+ BurnableToken (BasicToken)
- [Pub] burn #
- [Int] _burn #
+ BEP20 (BEP20Basic)
- [Pub] allowance
- [Pub] transferFrom #
- [Pub] approve #
+ StandardToken (BEP20, BasicToken)
- [Pub] transferFrom #
- [Pub] approve #
- [Pub] allowance
- [Pub] increaseApproval #
- [Pub] decreaseApproval #
+ Ownable
- [Pub] #
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Int] _transferOwnership #
+ MintableToken (StandardToken, Ownable)
- [Pub] mint #
- modifiers: hasMintPermission,canMint
- [Pub] finishMinting #
- modifiers: onlyOwner,canMint
+ DetailedBEP20 (BEP20)
- [Pub] #
+ BEP677 (BEP20)
- [Ext] transferAndCall #
+ IBurnableMintableBEP677Token (BEP677)
- [Pub] mint #
- [Pub] burn #
- [Pub] claimTokens #
+ BEP677Receiver
- [Ext] onTokenTransfer #
+ BEP677BridgeToken (IBurnableMintableBEP677Token, DetailedBEP20, BurnableToken, MintableToken)
- [Pub] #
- modifiers: DetailedBEP20
- [Pub] setBridgeContract #
- modifiers: onlyOwner
- [Ext] transferAndCall #
- modifiers: validRecipient
- [Pub] getTokenInterfacesVersion
- [Int] superTransfer #
- [Pub] transfer #
- [Prv] contractFallback #
- [Prv] isContract
- [Pub] finishMinting #
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] claimTokens #
- modifiers: onlyOwner
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
+ Owned
+ ForeignToken
- [Pub] balanceOf
- [Pub] transfer #
+ BEP20Basic
- [Pub] balanceOf
- [Pub] transfer #
+ BEP20 (BEP20Basic)
- [Pub] allowance
- [Pub] transferFrom #
- [Pub] approve #
+ [Int] Token
- [Ext] distr #
- [Ext] totalSupply
- [Ext] balanceOf
+ DailySwap (BEP20)
- [Pub] Daily #
- modifiers: onlyOwner
- [Pub] finishDistribution #
- modifiers: onlyOwner,canDistr
- [Prv] distr #
- modifiers: canDistr
- [Ext] ($)
- [Pub] getTokens ($)
- modifiers: canDistr,onlyWhitelist
- [Pub] balanceOf
- [Pub] transfer #
- modifiers: onlyPayloadSize
- [Pub] transferFrom #
- modifiers: onlyPayloadSize
- [Pub] approve #
- [Pub] allowance
- [Pub] getTokenBalance
- [Pub] withdraw #
- modifiers: onlyOwner
- [Pub] burn #
- modifiers: onlyOwner
- [Pub] withdrawForeignTokens #
- modifiers: onlyOwner