HODL - Smart Contract Audit Report
Summary
HODL ($HODL) is a new community-driven Defi token on the Ethereum Blockchain that pays out static rewards to holders.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is initially set to 1 quadrillion $HODL [1,000,000,000,000,000]. However, the token supply is increasing with each transfer that occurs within the protocol. This is due to a "Dev Fee" that is added to the contract address' balance during transfers but not deducted from the sender. Thus, resulting in an artificial mint to the 'dev team'. Currently, the total supply is 1,243,570,463,079,590 $HODL.
- No direct minting or burn functions are present in the HODL Token Contract; However, reflection tokens are both minted and burned during transfers as described further in this report. Additionally, holders can send tokens to the 0x...Dead address if desired. As ownership has been renounced and the dead address is not excluded from reflections, it will participate in the frictionless redistribution (as a regular holder) and increase proportionally to the reflection tokens it receives. This is often used as a deflationary mechanism.
- This being said, it created a rather interesting financial ecosystem that is still deflationary when it comes to the token supply; as the burn outweighs the artificial mint. The ratio of burn:mint will only increase over time as the burn address continues to consume it's share of the circulating supply.
- As of the date of this report, 76.23% of the token's supply is within the Dead address.
- 2.08% of the total supply is in Uniswap liquidity.
- Out of that liquidity, 99.74% is locked for 100 years.
- The top ten holders own ~5.91% of the total $HODL supply across their wallets.
- We find it of value to note that the artificial mint bug in the contract has caused Etherscan to incorrectly calculate the percentages of each holder's token balance.
- There is a 20% 'Tax Fee' and a 5% 'Dev Fee' on all transactions for any address that participates in a transfer.
- Users who hold tokens will benefit from the frictionless fee redistribution with the 20% "Tax Fee" that is applied at the time of each transaction. Keeping in mind that the Burn address also benefits from this redistribution, it currently receives 15.25% of each reflection benefit during transfers, leaving 4.75% of the reflection benefit for the community of holders. The ratio of "Minting to Dev Team":"Non-burn Holder Redistribution" will also increase over time (in favor of the mint) as the burn address continues to consume it's share of the circulating supply.
- The 5% "Dev Fee" is never deducted from users during transactions. Instead, the contract address' balance is updated to add 5% of the transaction's tokens. After a threshold of 50 million $HODL tokens in the contract address balance is met, the "swapTokensForETH" function is used to buy ETH, which is subsequently sent to the Dev Team address. The owner has the ability to update and change the 'Dev Wallet' address at any time. As ownership is now renounced, the dev wallet will remain this address.
- In brief, each transfer will mint 5% of the transfer amount to the project team, and then burn a large majority of the 20% tax fee. As the burn address continues to accumulate an even larger majority of the total supply, the 5% mint to the team (and instant sells to Uniswap for ETH) will ensure an increasingly negative price impact over time.
- The contract features a blacklist mechanism where the owner of the contract was previously capable of preventing addresses from being able to participate in transfers.
- For additional anti-bot protection, the contract implemented a 'cooldown' mechanism, which (when enabled by the owner) enforces a 30 second period that must be elapsed between transfers.
- There are no "automatic liquidity adds" supported by the protocol.
- The owner of the contract was previously able to exclude and include accounts from fees and reward distribution.
- The contract utilizes SafeMath libraries along with following the ERC20 standard.
- No external threats were identified.
- The $HODL Smart Contract contains logical issues that cause an imbalance within the intended total supply.
- Please ensure trust in the team as they have control of the Tokens/ETH that is accumulated from fees.
- Date: July 28th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Logical Issues | Token supply imbalance | Warning |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Int] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Hodl (Context, IERC20, Ownable)
- [Pub] #
- [Ext] initContract #
- modifiers: onlyOwner
- [Ext] postInit #
- modifiers: onlyOwner
- [Ext] openTrading #
- modifiers: onlyOwner
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcluded
- [Pub] isBlackListed
- [Ext] setExcludeFromFee #
- modifiers: onlyOwner
- [Pub] totalFees
- [Pub] deliver #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Ext] excludeAccount #
- modifiers: onlyOwner
- [Ext] includeAccount #
- modifiers: onlyOwner
- [Ext] RemoveSniper #
- modifiers: onlyOwner
- [Ext] amnestySniper #
- modifiers: onlyOwner
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Pub] isExcludedFromFee
- [Ext] setMaxTxPercent #
- modifiers: onlyOwner
- [Ext] enableSecuritySweep #
- modifiers: onlyOwner
- [Ext] disableSecuritySweep #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] swapTokensForEth #
- modifiers: lockTheSwap
- [Prv] sendETHToTeamDev #
- [Ext] manualSwap #
- modifiers: onlyOwner
- [Ext] manualSend #
- modifiers: onlyOwner
- [Ext] setSwapEnabled #
- modifiers: onlyOwner
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _takeCharity #
- [Prv] _reflectFee #
- [Ext] ($)
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _getTaxFee
- [Prv] _getMaxTxAmount
- [Pub] _getETHBalance
- [Ext] _removeTxLimit #
- modifiers: onlyOwner
- [Ext] _removeDestLimit #
- modifiers: onlyOwner
- [Ext] _disableCooldown #
- modifiers: onlyOwner
- [Ext] _enableCooldown #
- modifiers: onlyOwner
- [Ext] _enableAutoSnipeProtection #
- modifiers: onlyOwner
- [Ext] _disableAutoSnipeProtection #
- modifiers: onlyOwner
- [Ext] _setExtWallet #
- modifiers: onlyOwner