NAFTY Token - Smart Contract Audit Report


NAFTY Audit Report NAFTY ($Nafty) is a new DeFi project that is claimed to be the tokenized solution for the adult entertainment industry; while also automatically providing rewards to users who hold the token via frictionless fee redistribution and implementing an automatic burn.

NAFTY Token contract is deployed at 0x2eed4682197834708c0ea8d11d683440bbe104d1 on the Binance Smartchain mainnet.

Notes on the Contract:
  • The total supply of the token is initially set to 100 billion $Nafty [100,000,000,000].
  • No minting or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 80.52% of the total $Nafty token supply has been sent to the 0x...dead address.
  • 1.60% of the total supply is stored in an unverified contract.
  • 0.72% of the total supply belongs to Pancakeswap liquidity. Most of this liquidity is unlocked, as the LP tokens are allocated across several addresses.

  • There is a 'Reflect fee', 'Operations fee', 'Buyback fee', 'Liquidity fee', and 'Marketing fee' on all transactions for any "non-excluded" address that participates in a transfer. The owner can also set a different fee structure for transfers to Pancakeswap (selling).
  • Users who hold tokens will automatically benefit from the frictionless fee redistribution at the time of each transaction as the tokens collected through the 'Reflect fee' are removed from the circulating supply.
  • The tokens that are taxed via the Marketing fee on tranfers are sent directly to the Marketing Wallet which is controlled by the team.
  • The tokens that are taxed via the Operations, Liquidity, and Buyback fees on tranfers are stored in the contract address and once a threshold of value (determined by the owner) is met, are swapped for BNB which is allocated according to their respective purposes.
  • On each transfer that occurs while the minimum threshold of tokens (determined by the owner) is met, the protocol will spend 1% of the buyback limit (in BNB) toward buying $Nafty tokens that will subsequently be burned.
  • Liquidity-adds are funded by selling a portion of the tokens collected as fees (after a certain threshhold as determined by the owner is met), then pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The LP tokens that are created from this process are subsequently burned.
  • The portion of BNB collected from the operations fee is sent to the team's Operations Address.

  • Ownership Controls:
  • Ownership has not been renounced.
  • The owner has the ability to update the fees to any percentage at any time. This also includes the seperate fee structure that is applied to "sell" transactions.
  • The owner of the contract can exclude and include accounts from transfer fees and reward distribution.
  • The owner has the ability to enable trading.
  • The owner has the ability to set and update the maximum "buy" and "sell" amounts for a given transaction.
  • The owner has the ability to enable and disable the swap and buyback functionality. The owner can also modify the "buyback upper limit".
  • The owner has the ability to update the contract's token threshold required to trigger the swap functionality.
  • The owner has the ability to update the address associated with the Pancakeswap router to a new address at any time. The owner can also update the marketing and operations wallets at any time.
  • There exists logic in the code for bot protection which serves as a blacklist feature for addresses that have been identified by the owner. The owner has the ability to blacklist any address at any time.
  • The owner has the ability to transfer the contract's token and BNB balance to themself at any time.
  • The contract implements the BEP20 token standard.
  • As the project is compiled with Solidity version ^0.8.x, it is protected from overflows.
Audit Findings Summary
  • No external threats were identified.
  • We recommend that the team monitors the trading activity regarding the contract's buyback mechanism, as the transactions could be susceptible to front-running as the contract's BNB balance increases. As a protective measure, the team could lower the threshold for swapping to make the buyback more frequent and less predictable.
  • Please ensure trust in the team prior to investing as they have notable control in the ecosystem.
  • Date: September 12th, 2021

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

Function Graph

ERC20 Token Graph

Inheritence Chart

Multi-file Token

Functions Overview

 ($) = payable function
 # = non-constant function
 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] tryAdd
    - [Int] trySub
    - [Int] tryMul
    - [Int] tryDiv
    - [Int] tryMod
    - [Int] add
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] mod
    - [Int] sub
    - [Int] div
    - [Int] mod

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Int] functionStaticCall
    - [Int] functionStaticCall
    - [Int] functionDelegateCall #
    - [Int] functionDelegateCall #
    - [Prv] _verifyCallResult

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Prv] _setOwner #

 + [Int] IFactory 
    - [Ext] createPair #
    - [Ext] getPair

 + [Int] IRouter 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidityETH ($)
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 +  Nafty (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcludedFromReward
    - [Pub] deliver #
    - [Pub] reflectionFromToken
    - [Ext] startTrading #
       - modifiers: onlyOwner
    - [Pub] tokenFromReflection
    - [Pub] excludeFromReward #
       - modifiers: onlyOwner
    - [Ext] includeInReward #
       - modifiers: onlyOwner
    - [Pub] excludeFromFee #
       - modifiers: onlyOwner
    - [Pub] includeInFee #
       - modifiers: onlyOwner
    - [Pub] isExcludedFromFee
    - [Ext] setFeeRates #
       - modifiers: onlyOwner
    - [Ext] setSellFeeRates #
       - modifiers: onlyOwner
    - [Prv] _reflectRfi #
    - [Prv] _takeOperations #
    - [Prv] _takeBuyback #
    - [Prv] _takeLiquidity #
    - [Prv] _takeMarketing #
    - [Prv] _getValues
    - [Prv] _getTValues
    - [Prv] _getRValues
    - [Prv] _getRate
    - [Prv] _getCurrentSupply
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] _tokenTransfer #
    - [Prv] buyBackTokens #
       - modifiers: lockTheSwap
    - [Prv] swapETHForTokens #
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] addLiquidity #
    - [Prv] swapTokensForBNB #
    - [Ext] updateMarketingWallet #
       - modifiers: onlyOwner
    - [Ext] updateOperationsWallet #
       - modifiers: onlyOwner
    - [Ext] setMaxBuyAndSellAmount #
       - modifiers: onlyOwner
    - [Ext] updateSwapTokensAtAmount #
       - modifiers: onlyOwner
    - [Ext] updateSwapEnabled #
       - modifiers: onlyOwner
    - [Ext] updateBuybackEnabled #
       - modifiers: onlyOwner
    - [Ext] setAntibot #
       - modifiers: onlyOwner
    - [Ext] setBuybackUpperLimit #
       - modifiers: onlyOwner
    - [Pub] isBot
    - [Ext] rescueBNB #
       - modifiers: onlyOwner
    - [Ext] rescueBEP20Tokens #
       - modifiers: onlyOwner
    - [Ext] setRouterAddress #
       - modifiers: onlyOwner
    - [Ext]  ($)