Matrix Protocol Token - Smart Contract Audit Report
Matrix Protocol ($MTX) is a new community-driven DeFi token on the Binance Smart Chain that is an automatic liquidity providing protocol that pays out static rewards to holders.
Notes on the Contract:
Audit Findings Summary
- The total supply of the token is initially set to 1 quadrillion $MTX [1,000,000,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- There is a tax fee, liquidity fee, marketing fee, and charity fee on all transactions for any "non-excluded" address that participates in a transfer. The owner has the ability to modify these fees to any percentage at any time.
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the tax fee are removed from the circulating supply.
- The liquidity fee charged on transactions is stored in the contract and, once a threshold value (determined by the owner) met, is used to fund Pancakeswap liquidity. This functionality can be enabled/disabled by the owner.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the token threshold is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the owner of the contract. The team is responsible for locking these newly acquired LP tokens.
- The marketing fee and charity fee that gets collected on all transaction is allocated to the team's marketing wallet and charity wallet respectively.
- Any user can call the claimAirdrop() function at any time which will accept BNB entered by the user, send that BNB to the owner, and subsequently send the user $MTX tokens. The amount of tokens the user will receive is based on the amount of BNB entered and the current 'airdropRate'. The owner has the ability to modify the airdropRate to any value at any time.
- The contract utilizes "anti-sniper" logic which can be toggled on/off by the owner. When toggled on, it is used to identify addresses that are attempting to buy when trading is disabled by the owner. The address attempting the transfer will be added to a blacklist, and the amount of tokens being transferred will be sent to the contract address.
- The contract utilizes SafeMath libraries along with following the BEP20 standard.
- Ownership has not been renounced.
- The owner has the ability to enable/disable trading at any time.
- The owner of the contract can exclude and include accounts from transfer fees and reward distribution.
- The owner has the ability to set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
- This maximum transaction amount does not apply to the owner during transactions where the owner is either the sender or the recipient.
- The owner has the ability to update the marketing address and charity address at any time.
- The owner has the ability to use the "lock" function in order to temporarily set ownership to address(0). Ownership is restored after the duration of time determined by the owner has passed and they use the 'unlock' function.
- The unlock function has the potential to be used after ownership is renounced, which will restore ownership to the original owner that initially created the ownership lock. This can be used in a nefarious way by the project team to restore ownership and change fee structures.
- We recommend that the unlock function is modified to set the "previous owner" = "address(0)" at the end of the unlock function to prevent it from being used more than once per lock.
- No external threats were identified.
- We strongly discourage the use of the Lock() function within this contract as there are potential risks that exist for holders regarding the team's ability to retain control of the contract.
- We recommend the team renounces ownership without ever using the Lock() function.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Date: September 10th, 2021
- Updated: September 29th, 2021 to reflect the address of the first deployment.
- Updated: November 3rd, 2021 to reflect the mainnet address of the latest deployment.
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Lib] SafeMath - [Int] add - [Int] sub - [Int] sub - [Int] mul - [Int] div - [Int] div - [Int] mod - [Int] mod + Context - [Int] _msgSender - [Int] _msgData + [Lib] Address - [Int] isContract - [Int] sendValue # - [Int] functionCall # - [Int] functionCall # - [Int] functionCallWithValue # - [Int] functionCallWithValue # - [Prv] _functionCallWithValue # + Ownable (Context) - [Int]
# - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Pub] geUnlockTime - [Pub] lock # - modifiers: onlyOwner - [Pub] unlock # + [Int] IUniswapV2Factory - [Ext] feeTo - [Ext] feeToSetter - [Ext] getPair - [Ext] allPairs - [Ext] allPairsLength - [Ext] createPair # - [Ext] setFeeTo # - [Ext] setFeeToSetter # + [Int] IUniswapV2Pair - [Ext] name - [Ext] symbol - [Ext] decimals - [Ext] totalSupply - [Ext] balanceOf - [Ext] allowance - [Ext] approve # - [Ext] transfer # - [Ext] transferFrom # - [Ext] DOMAIN_SEPARATOR - [Ext] PERMIT_TYPEHASH - [Ext] nonces - [Ext] permit # - [Ext] MINIMUM_LIQUIDITY - [Ext] factory - [Ext] token0 - [Ext] token1 - [Ext] getReserves - [Ext] price0CumulativeLast - [Ext] price1CumulativeLast - [Ext] kLast - [Ext] mint # - [Ext] burn # - [Ext] swap # - [Ext] skim # - [Ext] sync # - [Ext] initialize # + [Int] IUniswapV2Router01 - [Ext] factory - [Ext] WETH - [Ext] addLiquidity # - [Ext] addLiquidityETH ($) - [Ext] removeLiquidity # - [Ext] removeLiquidityETH # - [Ext] removeLiquidityWithPermit # - [Ext] removeLiquidityETHWithPermit # - [Ext] swapExactTokensForTokens # - [Ext] swapTokensForExactTokens # - [Ext] swapExactETHForTokens ($) - [Ext] swapTokensForExactETH # - [Ext] swapExactTokensForETH # - [Ext] swapETHForExactTokens ($) - [Ext] quote - [Ext] getAmountOut - [Ext] getAmountIn - [Ext] getAmountsOut - [Ext] getAmountsIn + [Int] IUniswapV2Router02 (IUniswapV2Router01) - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens # - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens # - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens # - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($) - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens # + AntiLPSniper (Ownable) - [Int] banHammer # - [Ext] updateBlacklist # - modifiers: onlyOwner - [Ext] enableAntiSniper # - modifiers: onlyOwner - [Ext] openTrading # - modifiers: onlyOwner + MatrixProtocol (IERC20, AntiLPSniper) - [Pub] # - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Pub] isExcludedFromReward - [Pub] totalFees - [Pub] deliver # - [Pub] tokenFromReflection - [Pub] excludeFromReward # - modifiers: onlyOwner - [Ext] includeInReward # - modifiers: onlyOwner - [Pub] whiteList # - modifiers: onlyOwner - [Pub] setPaused # - modifiers: onlyOwner - [Pub] setAirdropRate # - modifiers: onlyOwner - [Pub] claimAirdrop ($) - [Prv] _transferBothExcluded # - [Pub] excludeFromFee # - modifiers: onlyOwner - [Pub] includeInFee # - modifiers: onlyOwner - [Ext] setTaxFeePercent # - modifiers: onlyOwner - [Ext] setLiquidityFeePercent # - modifiers: onlyOwner - [Ext] setMarketingFeePercent # - modifiers: onlyOwner - [Ext] setCharityFeePercent # - modifiers: onlyOwner - [Ext] setMarketingWallet # - modifiers: onlyOwner - [Ext] setCharityWallet # - modifiers: onlyOwner - [Ext] setMaxTxPercent # - modifiers: onlyOwner - [Pub] setSwapAndLiquifyEnabled # - modifiers: onlyOwner - [Ext] ($) - [Prv] _reflectFee # - [Prv] _getValues # - [Prv] _getTValues - [Prv] _getRValues # - [Prv] _getRate - [Prv] _getCurrentSupply - [Prv] _takeLiquidity # - [Prv] _takeCharityMarketing # - [Prv] calculateTaxFee - [Prv] calculateLiquidityFee - [Prv] removeAllFee # - [Prv] restoreAllFee # - [Pub] isExcludedFromFee - [Prv] _approve # - [Prv] _transfer # - [Prv] swapAndLiquify # - modifiers: lockTheSwap - [Prv] swapTokensForEth # - [Prv] swapTokensForCurrency # - [Prv] addLiquidity # - [Prv] _tokenTransfer # - [Prv] _transferStandard # - [Prv] _transferToExcluded # - [Prv] _transferFromExcluded #