NAFTY Token - Smart Contract Audit Report
Summary
NAFTY ($Nafty) is a new DeFi project that is claimed to be the tokenized solution for the adult entertainment industry; while also automatically providing rewards to users who hold the token via frictionless fee redistribution and implementing an automatic burn.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is initially set to 100 billion $Nafty [100,000,000,000].
- No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 80.52% of the total $Nafty token supply has been sent to the 0x...dead address.
- 1.60% of the total supply is stored in an unverified contract.
- 0.72% of the total supply belongs to Pancakeswap liquidity. Most of this liquidity is unlocked, as the LP tokens are allocated across several addresses.
- There is a 'Reflect fee', 'Operations fee', 'Buyback fee', 'Liquidity fee', and 'Marketing fee' on all transactions for any "non-excluded" address that participates in a transfer. The owner can also set a different fee structure for transfers to Pancakeswap (selling).
- Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the 'Reflect fee' are removed from the circulating supply.
- The tokens that are taxed via the Marketing fee on tranfers are sent directly to the Marketing Wallet which is controlled by the team.
- The tokens that are taxed via the Operations, Liquidity, and Buyback fees on tranfers are stored in the contract address and once a threshold of value (determined by the owner) is met, are swapped for BNB which is allocated according to their respective purposes.
- On each transfer that occurs while the minimum threshold of tokens (determined by the owner) is met, the protocol will spend 1% of the buyback limit (in BNB) toward buying $Nafty tokens that will subsequently be burned.
- Liquidity-adds are funded by selling a portion of the tokens collected as fees (after a certain threshhold as determined by the owner is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The LP tokens that are created from this process are subsequently burned.
- The portion of BNB collected from the operations fee is sent to the team's Operations Address.
Ownership Controls:- Ownership has not been renounced.
- The owner has the ability to update the fees to any percentage at any time. This also includes the seperate fee structure that is applied to "sell" transactions.
- The owner of the contract can exclude and include accounts from transfer fees and reward distribution.
- The owner has the ability to enable trading.
- The owner has the ability to set and update the maximum "buy" and "sell" amounts for a given transaction.
- The owner has the ability to enable and disable the swap and buyback functionality. The owner can also modify the "buyback upper limit".
- The owner has the ability to update the contract's token threshold required to trigger the swap functionality.
- The owner has the ability to update the address associated with the Pancakeswap router to a new address at any time. The owner can also update the marketing and operations wallets at any time.
- There exists logic in the code for bot protection which serves as a blacklist feature for addresses that have been identified by the owner. The owner has the ability to blacklist any address at any time.
- The owner has the ability to transfer the contract's token and BNB balance to themself at any time.
- The contract implements the BEP20 token standard.
- As the project is compiled with Solidity version ^0.8.x, it is protected from overflows.
- No external threats were identified.
- We recommend that the team monitors the trading activity regarding the contract's buyback mechanism, as the transactions could be susceptible to front-running as the contract's BNB balance increases. As a protective measure, the team could lower the threshold for swapping to make the buyback more frequent and less predictable.
- Please ensure trust in the team prior to investing as they have notable control in the ecosystem.
- Date: September 12th, 2021
Audit Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Int] functionStaticCall
- [Int] functionStaticCall
- [Int] functionDelegateCall #
- [Int] functionDelegateCall #
- [Prv] _verifyCallResult
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ [Int] IFactory
- [Ext] createPair #
- [Ext] getPair
+ [Int] IRouter
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidityETH ($)
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ Nafty (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcludedFromReward
- [Pub] deliver #
- [Pub] reflectionFromToken
- [Ext] startTrading #
- modifiers: onlyOwner
- [Pub] tokenFromReflection
- [Pub] excludeFromReward #
- modifiers: onlyOwner
- [Ext] includeInReward #
- modifiers: onlyOwner
- [Pub] excludeFromFee #
- modifiers: onlyOwner
- [Pub] includeInFee #
- modifiers: onlyOwner
- [Pub] isExcludedFromFee
- [Ext] setFeeRates #
- modifiers: onlyOwner
- [Ext] setSellFeeRates #
- modifiers: onlyOwner
- [Prv] _reflectRfi #
- [Prv] _takeOperations #
- [Prv] _takeBuyback #
- [Prv] _takeLiquidity #
- [Prv] _takeMarketing #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _tokenTransfer #
- [Prv] buyBackTokens #
- modifiers: lockTheSwap
- [Prv] swapETHForTokens #
- [Prv] swapAndLiquify #
- modifiers: lockTheSwap
- [Prv] addLiquidity #
- [Prv] swapTokensForBNB #
- [Ext] updateMarketingWallet #
- modifiers: onlyOwner
- [Ext] updateOperationsWallet #
- modifiers: onlyOwner
- [Ext] setMaxBuyAndSellAmount #
- modifiers: onlyOwner
- [Ext] updateSwapTokensAtAmount #
- modifiers: onlyOwner
- [Ext] updateSwapEnabled #
- modifiers: onlyOwner
- [Ext] updateBuybackEnabled #
- modifiers: onlyOwner
- [Ext] setAntibot #
- modifiers: onlyOwner
- [Ext] setBuybackUpperLimit #
- modifiers: onlyOwner
- [Pub] isBot
- [Ext] rescueBNB #
- modifiers: onlyOwner
- [Ext] rescueBEP20Tokens #
- modifiers: onlyOwner
- [Ext] setRouterAddress #
- modifiers: onlyOwner
- [Ext] ($)