METASINO - Smart Contract Audit Report
Summary
METASINO ($CASINO) is a new BEP-20 token on the Binance Smart Chain that is an automatic liquidity providing protocol that pays out static rewards to holders.
Notes on the Contract:Ownership Controls:
- The total supply of the token is set to 2 bllion $CASINO [2,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, 83.69% of the total supply belongs to the owner.
- The remaining 16.31% of the total supply belongs to an unverified contract.
- There is a Reflect fee, Liquidity fee, Marketing fee, GameAdv fee, and Burn fee on all transfers via Pancakeswap where neither the sender nor the recipient is excluded from fees.
- A separate fee structure can be set by the team to apply different fee percentages depending on whether the user is buying or selling during the transfer.
- A third fee structure can be set by the team to apply different fee percentages for all other transfers that do not involve Pancakeswap.
- The tokens collected from the Reflect fee are removed from the circulating supply; This serves as a frictionless fee redistribution which automatically benefits all token holders at the time of each transaction.
- The tokens collected from the liquidity fee during transfers are stored in the contract address balance. Once the threshold value of 25,000 tokens is met, a swap will occur for the purpose of funding Pancakeswap liquidity.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after the threshold number of tokens is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The recipient of the newly created LP tokens is the 0x..dead address.
- The tokens collected from the Marketing fee and GameAdv fee are swapped for BNB and sent to the team's Marketing wallet and GameAdv wallet respectively.
- The tokens collected from the Burn fee are sent to the 0x..dead address.
- A maximum wallet amount is enforced on all transfers which ensures that the recipient's token balance does not exceed the limit number of tokens (determined by the owner) after the transfer takes place.
- A transfer delay is enforced which prevents a transfer from occurring if the user is attempting a transfer via Pancakeswap more than one time per block.
- The gas price on transfers must not exceed the gas price limit set by the team.
- Although logic for an anti-sniper mechanism exists in the contract, it is not utilized as the _checkLiquidityAdd() function is never called.
- Although the SafeMath library is utilized, the contract is deployed with Solidity v0.8.11 which has built-in overflow checks. SafeMath could be safely removed to reduce contract size and deployment costs.
Audit Findings Summary
- Ownership has not been renounced.
- The owner can modify the total fees charged on all transfers to any percentage up to 55% at any time.
- The owner can modify the percentage of the fees allocated to any fund (Reflect fee, Liquidity fee, Marketing fee, and Burn fee) for all three fee structures at any time. The GameAdv fee is 5% on all transfers with Pancakeswap and cannot be modified.
- The owner can exclude and include accounts from transfer fees and reward distribution.
- The owner can set and update a maximum transaction amount at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction. The maximum transaction amount must be greater than 500,000 tokens (0.1% of total supply).
- The owner can update the maximum wallet amount to any value greater than 500,000 tokens (0.1% of total supply).
- The owner can enable/disable automatic liquidity adds at any time.
- The owner can update the gas price limit per transaction to any value. After it has been updated once, it cannot be updated again. The owner can also enable/disable this gas restriction on transfers.
- The owner can update the team's Marketing wallet to any address at any time.
- The owner can update the Pancakeswap Router and Pair addresses at any time.
- No external threats were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem and currently own a large portion of the total supply.
- Date: January 14th, 2022
- Updated: January 27th, 2022 to reflect the contract's newly deployed mainnet address.
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Centralization of Control | WARNING | |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritance Chart
Functions Overview
($) = payable function
# = non-constant function
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ [Int] IUniswapV2Factory
- [Ext] feeTo
- [Ext] feeToSetter
- [Ext] getPair
- [Ext] allPairs
- [Ext] allPairsLength
- [Ext] createPair #
- [Ext] setFeeTo #
- [Ext] setFeeToSetter #
+ [Int] IUniswapV2Pair
- [Ext] name
- [Ext] symbol
- [Ext] decimals
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] allowance
- [Ext] approve #
- [Ext] transfer #
- [Ext] transferFrom #
- [Ext] DOMAIN_SEPARATOR
- [Ext] PERMIT_TYPEHASH
- [Ext] nonces
- [Ext] permit #
- [Ext] MINIMUM_LIQUIDITY
- [Ext] factory
- [Ext] token0
- [Ext] token1
- [Ext] getReserves
- [Ext] price0CumulativeLast
- [Ext] price1CumulativeLast
- [Ext] kLast
- [Ext] mint #
- [Ext] burn #
- [Ext] swap #
- [Ext] skim #
- [Ext] sync #
- [Ext] initialize #
+ [Int] IUniswapV2Router01
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] removeLiquidity #
- [Ext] removeLiquidityETH #
- [Ext] removeLiquidityWithPermit #
- [Ext] removeLiquidityETHWithPermit #
- [Ext] swapExactTokensForTokens #
- [Ext] swapTokensForExactTokens #
- [Ext] swapExactETHForTokens ($)
- [Ext] swapTokensForExactETH #
- [Ext] swapExactTokensForETH #
- [Ext] swapETHForExactTokens ($)
- [Ext] quote
- [Ext] getAmountOut
- [Ext] getAmountIn
- [Ext] getAmountsOut
- [Ext] getAmountsIn
+ [Int] IUniswapV2Router02 (IUniswapV2Router01)
- [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
- [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Metasino (Context, IERC20)
- [Pub] ($)
- [Ext] ($)
- [Pub] owner
- [Ext] transferOwner #
- modifiers: onlyOwner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] allowance
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] setNewRouter #
- modifiers: onlyOwner
- [Ext] setLpPair #
- modifiers: onlyOwner
- [Pub] isExcludedFromReward
- [Pub] isExcludedFromFee
- [Pub] isTransferTaxExcluded
- [Pub] isSniper
- [Ext] isProtected #
- modifiers: onlyOwner
- [Ext] removeSniper #
- modifiers: onlyOwner
- [Ext] setProtectionSettings #
- modifiers: onlyOwner
- [Ext] setStartingProtections #
- modifiers: onlyOwner
- [Ext] setBuyTaxes #
- modifiers: onlyOwner
- [Ext] setSellTaxes #
- modifiers: onlyOwner
- [Ext] setTransferTaxes #
- modifiers: onlyOwner
- [Ext] setMaxTxPercent #
- modifiers: onlyOwner
- [Ext] setMaxWalletSize #
- modifiers: onlyOwner
- [Ext] setMarketingWallet #
- modifiers: onlyOwner
- [Ext] setSwapAndLiquifyEnabled #
- modifiers: onlyOwner
- [Pub] setExcludedFromReward #
- modifiers: onlyOwner
- [Pub] setExcludedFromFee #
- modifiers: onlyOwner
- [Ext] setExcludedFromTransferTax #
- modifiers: onlyOwner
- [Ext] setExcludedFromTransferTaxBatch #
- modifiers: onlyOwner
- [Pub] totalFees
- [Prv] _hasLimits
- [Pub] tokenFromReflection
- [Prv] _approve #
- [Int] adjustTaxes #
- [Int] _transfer #
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Int] sendBNBout #
- [Prv] swapTokensForEth #
- [Prv] addLiquidity #
- [Prv] _checkLiquidityAdd #
- [Prv] _finalizeTransfer #
- [Int] getBNBFee
- [Prv] _getValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _takeReflect #
- [Prv] _takeLiquidity #
- [Prv] _takeBurn #