Giftbag - Smart Contract Audit Report


Giftbag Audit Report Giftbag ($GBAG) is a new community-driven DeFi token on the Binance Smart Chain that pays out static rewards to holders.

We reviewed the Giftbag contract at 0x6820f244b81d0906D70266Cc9bCcC2A8EAa5464c on the Binance Smartchain mainnet.

Notes on the Contract:
  • The total supply of the token is set to 1 quadrillion $GBAG [1,000,000,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 50% of the total supply has been sent to the 0x..dead address.
  • 15.03% of the total supply is in Pancakeswap liquidity.
  • Of that liquidity, 99.99% of the LP tokens belong to a token locking contract behind a proxy.
  • The next five holders own a cumulative 7.47% of the total supply.

  • There is a tax fee and a redistribution fee on all transactions for any "non-excluded" address that participates in a transfer via Pancakeswap. A separate fee structure can be set by the team to apply different fee percentages depending on whether the user is buying or selling during the transfer.
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
  • The redistribution fee charged on transactions is swapped for ETH and sent to the contract address. The received ETH is then split between the team's marketing wallet and development wallet.
  • The contract features a blacklist mechanism which prevents user's from being able to participate in transfers if their address has been blacklisted by the owner.
  • As the contract is implemented with Solidity v0.8.x, it is protected from overflows.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner can modify the tax fee and redistribution fee for each fee structure to any percentages at any time.
  • The owner can pause/unpause trading at any time. Only accounts that have been added to a whitelist by the owner are able to trade when trading is set to paused.
  • The owner can exclude and include accounts from transfer fees.
  • The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
  • The owner can enable/disable the utilization of a maximum wallet amount which prevents a transaction from occuring if the buyer's balance will exceed the set number of tokens after the transaction takes place.
  • The owner can update the minimum threshold needed for swapping tokens to any value.
  • The owner can add/remove accounts from the blacklist mechanism.
Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
  • Date: November 27th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe team can set fees up to 100%.WARNING
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unbounded LoopN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph

Inheritence Chart

Multi-file Token

Functions Overview

 ($) = payable function
 # = non-constant function
 +  Context 
    - [Int] _msgSender

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div

 + [Int] IUniswapV2Factory 
    - [Ext] createPair #

 + [Int] IUniswapV2Router02 
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidityETH ($)

 +  Giftbag (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Prv] tokenFromReflection
    - [Prv] removeAllFee #
    - [Prv] restoreAllFee #
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] swapTokensForEth #
       - modifiers: lockTheSwap
    - [Prv] sendETHToFee #
    - [Pub] setTrading #
       - modifiers: onlyOwner
    - [Ext] manualswap #
    - [Ext] manualsend #
    - [Pub] blockBots #
       - modifiers: onlyOwner
    - [Pub] unblockBot #
       - modifiers: onlyOwner
    - [Prv] _tokenTransfer #
    - [Prv] _transferStandard #
    - [Prv] _takeTeam #
    - [Prv] _reflectFee #
    - [Ext]  ($)
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Pub] setFee #
       - modifiers: onlyOwner
    - [Pub] setMinSwapTokensThreshold #
       - modifiers: onlyOwner
    - [Pub] toggleSwap #
       - modifiers: onlyOwner
    - [Pub] setMaxTxnAmount #
       - modifiers: onlyOwner
    - [Pub] setMaxWalletSize #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Pub] allowPreTrading #
       - modifiers: onlyOwner