MAMMON - Smart Contract Audit Report
Summary
MAMMON ($MAMMON) is a new community-driven DeFi token on the Binance Smart Chain that is an automatic liquidity providing protocol that features a rewards mechansim.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is set to 100 billion $MAMMON [100,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 100% of the total supply belongs to the owner as the contract was recently deployed.
- There is a liquidity fee, fomo fee, burn fee, marketing fee, and txGold fee on all transactions for any "non-excluded" address that participates in a transfer.
- The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value of tokens (determined by the owner) is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the owner. We recommend that the team locks these newly acquired LP tokens.
- The tokens collected from the fomo fee are sent to the fomo wallet set by the team and are used to fund the fomo rewards mechanism. A user will win the fomo rewards if they buy any amount of tokens via Pancakeswap after the fomo end time (determined by the owner) has passed since any last buying transaction of the token. The balance of the team's fomo wallet is sent to the winning user.
- Each time a user purchases any amount of tokens from Pancakeswap the fomo end time is extended by the amount of time determined by the owner.
- The contract features a lucky holders mechanism which restricts holders from being able to sell their tokens unless they are dealt a "lucky number" between 0-99 that is randomly generated for them when attempting to sell tokens. If the the number generated for the user is 30 or less that user is considered "lucky" and is able to complete up to 10 selling transfers of their tokens.
- If the number generated for the user is greater than 30, the transaction will revert and the user must wait until the end time (determined by the owner) has passed until they can attempt to sell their tokens again.
- The tokens collected from the burn fee are sent to the Burn address.
- The tokens collected from the marketing fee and txGold fee are sent to the team's Marketing wallet and txGold wallet respectively.
- The contract features an anti-whale mechanism that, when enabled, enforces a maximum transaction amount and maximum wallet amount when buying from Pancakeswap.
- The contract utilizes the Safemath library to prevent overflows/underflows.
Ownership Controls:- The owner can modify the liquidity fee to any percentage at any time. The owner can modify the fomo fee, burn fee, marketing fee, and txGold fee to any percentages as long as the total percentages combined does not exceed 100%.
- The owner can exclude and include accounts from transfer fees.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- The owner can enable/disable automatic liquidity adds at any time.
- The owner can update the threshold value needed to trigger an automatic liquidity add to any value.
- The owner can enable/disable the anti-whale mechanism, exclude/include accounts from it, update the number of tokens that a user can buy per transaction, and update the maximum wallet amount that a user can hold.
- The owner can enable/disable the fomo rewards mechanism.
- The owner can update the the amount of time needed between buying transactions from Pancakeswap that determines the fomo rewards winner.
- The owner can update the lucky number range that determines if a user is allowed to sell their tokens or not.
- The owner can update the end time of the lucky holders mechanism to any value.
- The owner can update the amount of sells a user is granted after being generated a lucky number.
- The owner can withdraw any WBNB, BSC-USD, BUSD, BNB, and $MAMMON from the contract address at any time.
- The owner can update the team's Marketing wallet and txGold wallet to any addresses at any time.
- The owner can update the Pancakeswap Pair and Router addresses at any time.
- The owner can use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
- The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
- We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Further ensure trust as the team is responsible for properly setting the fomo rewards and lucky holders mechanisms. Please be aware that users will not be able to sell their tokens unless they are dealt a lucky number.
- Date: December 6th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | Decisions are made based on environment variables which can be manipulated by a malicious miner. This is extremley unlikely to occur. | WARNING |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] getUnlockTime
- [Pub] lockShortTime #
- modifiers: onlyOwner
- [Pub] lockLongTime #
- modifiers: onlyOwner
- [Pub] unlock #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ MAMMON (Context, IBEP20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcludedFromFee
- [Pub] isExcludedFromAntiWhale
- [Pub] isExcludedSendDraw
- [Pub] isLuckAddress #
- [Ext] setUniswapRouter #
- modifiers: onlyOwner
- [Ext] setUniswapPair #
- modifiers: onlyOwner
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Ext] setTxgoldFeePercent #
- modifiers: onlyOwner
- [Ext] setMarketingFeePercent #
- modifiers: onlyOwner
- [Ext] setBurnFeePercent #
- modifiers: onlyOwner
- [Ext] setFomoFeePercent #
- modifiers: onlyOwner
- [Ext] setFomoEnable #
- modifiers: onlyOwner
- [Ext] setNumTokensSellToAddToLiquidity #
- modifiers: onlyOwner
- [Pub] setTxgoldAddress #
- modifiers: onlyOwner
- [Pub] setMarketingAddress #
- modifiers: onlyOwner
- [Ext] setLiquidityFeePercent #
- modifiers: onlyOwner
- [Ext] setFomoSpacedTime #
- modifiers: onlyOwner
- [Ext] setMaxTxPercent #
- modifiers: onlyOwner
- [Pub] setSwapAndLiquidityEnabled #
- modifiers: onlyOwner
- [Ext] setAntiWhaleEnabled #
- modifiers: onlyOwner
- [Ext] setAntiWhaleThreshold #
- modifiers: onlyOwner
- [Ext] setExcludedFromAntiWhale #
- modifiers: onlyOwner
- [Ext] setExcludedSendDraw #
- modifiers: onlyOwner
- [Pub] setDrawNumerator #
- modifiers: onlyOwner
- [Pub] setDrawTime #
- modifiers: onlyOwner
- [Pub] setDaySellNumber #
- modifiers: onlyOwner
- [Pub] rescueWBNB #
- modifiers: onlyOwner
- [Pub] rescueUSDT #
- modifiers: onlyOwner
- [Pub] rescueBUSD #
- modifiers: onlyOwner
- [Ext] rescueBNB #
- modifiers: onlyOwner
- [Pub] recoverTokens #
- modifiers: onlyOwner
- [Prv] _getValues
- [Ext] ($)
- [Prv] _takeTxgold #
- [Prv] _takeMarketing #
- [Prv] _takeBurn #
- [Prv] _takeFomo #
- [Prv] _takeLiquidity #
- [Prv] calculateTxgoldFee
- [Prv] calculateMarketingFee
- [Prv] calculateBurnFee
- [Prv] calculateFomoFee
- [Prv] calculateLiquidityFee
- [Prv] removeAllFee #
- [Prv] restoreAllFee #
- [Prv] judgeRoundAndSetState #
- [Prv] calculateLuck #
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] checkAddressState #
- [Prv] checkFomo #
- [Prv] nextTime #
- [Prv] startNextTime #
- [Prv] randomRandomNum #
- [Prv] swapAndLiquidity #
- modifiers: lockTheSwap
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] _tokenTransfer #
- [Prv] _transferStandard #