Kickpad Token & Presale Platform - Smart Contract Audit Report
Summary
Kickpad is building a launchpad for projects on the Binance Smart Chain to launch in a safe, trusted, and decentralized manner.
Notes on the Token Contract:The total supply of the token is 203,768,315. At the time of deployment all tokens are delivered to the deployer's address. There is no way for more tokens to be minted. A small amount of gas can be saved via marking functions external instead of public. The contract utilizes SafeMath to prevent overflow issues.
Notes on the SalesFactory & Related Contracts:The SalesFactory contract exists to deploy Presale and LiquidityLock contracts. Any user can call the deployContract() function to generate a presale, passing in variables around the presale duration, cost, liquidity lock time & percentage, etc. The owner has the power to update the native token (The KPAD Token) address in the SalesFactory contract at any time The owner can also withdraw BNB mistakely sent to the factory contract Presales are automatically considered active upon deployment. In order to participate in a presale, users must have at least an amount of KPAD tokens as defined by the team setting up the presale. This value can be 0 if the team setting up the presale so chooses. While the sale is active, users can deposit BNB to purchase tokens in a presale. The team running the presale can also end the sale early if they so choose. After liquidity has been added to PancakeSwap, users who bought into the presale can claim their tokens. Also after liquidity has been added, the owner can withdraw the BNB raised as well as leftover unsold tokens. In case of an issue, the team running the presale can call a function to abruptly end the sale; placing the contract in an 'emergency state.' The contract will also enter an emergency state if liquidity could not be added for more than 7 days after the end of the sale. The emergency state, when activated, allows users to withdraw their contributed BNB. Upon adding liquidity to PancakeSwap, the amount of liquidity set by the team running the presale will be sent to and locked in the LiquidityLock contract. Once the liquidity lockup time has expired, the project team running the presale will be able to claim all available LP tokens. The Kickad team will receive 2% of the BNB raised from each sale as a development fee. The contract utilizes SafeMath to prevent overflow issues. Proper structuring of logic around BNB transfers to prevent reentrancy issues.
Audit Findings Summary:
- No security issues from outside attackers were identified.
- As with any presale, ensure trust in the team prior to investing.
- Date: March 13th, 2021.
External Threats
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | Pass |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details - KickPad Token Contract
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] ERC20
- [Ext] balanceOf
- [Ext] allowance
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] approve #
+ [Lib] SafeMath
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
+ KickPad (ERC20)
- [Pub] #
- [Pub] owner
- [Pub] balanceOf
- [Pub] allowance
- [Pub] transfer #
- [Pub] transferFrom #
- [Pub] approve #
- [Pub] increaseApproval #
- [Pub] decreaseApproval #
Details - SalesFactory & Related Contracts
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IPancakeRouter01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IPancakeRouter02 (IPancakeRouter01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] mul
- [Int] div
- [Int] sub
- [Int] add
+ LiquidityLock
- [Pub] #
- [Pub] initializeAssosiation #
- [Pub] initiateLockup #
- modifiers: onlyDeployer
- [Pub] releaseLPTokens #
+ Sale
- [Pub] #
- [Pub] endSaleEarly #
- modifiers: onlyOwner,activeSale
- [Pub] getApproval #
- modifiers: onlyOwner
- [Pub] addLiquidity #
- modifiers: onlyOwner
- [Pub] deposit ($)
- modifiers: activeSale
- [Pub] withdrawTokens #
- modifiers: tokensUnlocked
- [Pub] withdrawLeftoverTokens #
- modifiers: onlyOwner,tokensUnlocked
- [Pub] withdrawSaleEther #
- modifiers: onlyOwner,tokensUnlocked
- [Pub] abruptlyEndSale #
- modifiers: onlyOwner,activeSale
- [Pub] emergencyWithdrawEther #
- modifiers: emergencyState
+ SalesFactory
- [Pub] #
- [Pub] changeNativeToken #
- modifiers: onlyOwner
- [Ext] deployContract #
- [Pub] withdrawEther #
- modifiers: onlyOwner
- [Ext] ($)