Santa Doge - Audit Report

Summary

Santa Doge Audit Report Santa Doge ($SANTA) is a new community-driven token on the Fantom Blockchain that provides automatic liquidity adds and pays dividends to holders.

We reviewed the Santa Doge contract that is deployed at 0x652f4e07f09E00d5f63152FE3FD7Df9799c2757B on the Fantom mainnet.

Notes on the Contract:

  • The total supply of the token is set to 25 trillion [25,000,000,000,000].
  • No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • At the time of writing this report, 20.49% of the total supply belongs to an unverified contract.
  • 19.26% of the total supply is in Spookyswap liquidity.
  • Of that liquidity, 99.49% of the LP tokens belong to an unverified contract.
  • 7.13% of the total supply belongs to the team's Liquidity wallet.
  • The next five holders own a cumulative 6.49% of the total supply.


  • There is a Reward fee, Marketing Fee, Lottery Fee, and Liquidity Fee, on all transfers where the transferring address is not excluded from fees.
  • The fees that are taxed on transactions are stored in the contract address balance. Once a threshold value of $SANTA (specified by the team) is met, the tokens are swapped for WFTM for the purpose of being distributed to the team's Lottery wallet, Marketing wallet, the Dividend Distributor Contract, and to support the automatic liquidity adding mechanism.
  • The portion that is allocated toward automatic liquidity adds will have half of the tokens swapped for WFTM, and will pair the received WFTM with the other half of the tokens, which are then added as liquidity to the pair.
  • The LP tokens received through this process are sent to the team's Liquidity wallet. We recommend that the team locks these newly acquired LP tokens.
  • The portion of the tokens collected from the Marketing Fee and Lottery Fee are swapped for WFTM and sent to team's Marketing Wallet and Lottery Wallet respectively.
  • The final portion of the tokens collected from the Reward Fee are swapped for WFTM and instantly sent to to the Dividend Distributor Contract by use of the deposit function. The WFTM that is received by the contract will automatically swap the WFTM for the reward token which is subsequently stored in the contract address until dividends are distributed.

  • A user must hold an amount of $SANTA tokens (specified by the team) to be eligible for dividends.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer. A user cannot manually claim dividends as an individual.
  • There is a wait-time of 2700 seconds (45 minutes) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.

  • There are several instances of multiplication occurring on the result of a division. In Solidity, division can lead to integer truncation, therefore dividing and subsequently multiplying can cause results to lose precision, thus becoming less accurate. We recommend performing all multiplication before division wherever possible.
  • The contract utilizes the SafeMath library to prevent overflows along with following the ERC20 standard.

    • Ownership Controls:
  • The owner can assign any addresses to an Authorized role which can be used to maintain control over various role-restricted functions within the ecosystem.
  • The owner can enable or disable trading at any time. This will prevent all transfers unless the sender or recipient is an Authorized address.
  • The owner can update the reward token that are paid to users as dividends.
  • The owner can update the ‘sell multiplier’ value to any amount at any time. The team should exercise caution when setting this multiplier to ensure that holders are not locked out of selling.
  • The owner can manually set the 'launched At' block to any value at any time. We strongly recommend that this function is only used once by providing the correct block, to avoid setting all non-selling transfer fees to 90%.
  • The owner can enable/disable the use of a blacklist, as well as add/remove addresses from it at any time. Addresses that are added to the blacklist will not be able to participate in token transfers.
  • The owner can set and update a cooldown time that must elapse in between transfers when the same address is buying tokens from the DEX.
  • The owner can set and update a maximum wallet amount at any time. The maximum wallet amount will prevent transfers from occurring if the recipient's amount of owned $SANTA tokens will exceed the limit that is set by the team.
  • The owner can set and update a maximum transaction percent at any time, which will impose a limit to the number of tokens that can be transferred during any given transaction.
  • The owner can airdrop any amount of tokens to any addresses at any time.
  • The owner can withdraw any tokens or FTM held in the contract address at any time.

  • Authorized addresses can set each fee percentage to any amount at any time as long as the sum of the fees does not exceed 50%.
  • Authorized addresses can enable/disable transfer fees on all buying transactions.
  • Authorized addresses can update the Liquidity, Marketing, and Lottery wallets to any addresses at any time.
  • Authorized addresses can exclude addresses from fees, cooldowns, and the maximum transaction percent at any time.
  • Authorized addresses can exclude any address from dividends at any time.
  • Authorized addresses can enable and disable swapping; and update the contract token balance threshold for swapping at any time.
  • Authorized addresses can update the maximum amount of gas used for processing to any value up to 900,000 at any time. We do not recommend setting a value below 200,000.
  • Authorized addresses can update the amount of time that must elapse between claiming dividends to any amount of time. Authorized addresses can also update the minimum rewards payout that a holder must have in order to be able to claim. We recommend the team exercises caution when setting these values, to avoid locking out holders from claiming entirely.
  • Authorized addresses can transfer any FTM that is held in the contract address balance to their own wallet or the team's Marketing wallet at any time.

Audit Findings Summary
  • No external threats were identified.
  • Please ensure trust in the team prior to investing, as they have substantial control in the ecosystem.
  • Further, ensure trust in the team as they have control of the tokens/WFTM accumulated from fees, and have various means of locking holders out of transfers and dividends.
  • Date: November 29th, 2021
  • Updated: December 6th, 2021 to reflect new mainnet deployment.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • The owner can set total fees up to 50%.
  • The owner is responsible for properly setting the dividend rewards mechanism.
    		• WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unbounded LoopN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    BEP20 Token Graph

    Multi-file Token

    												
($) = payable function
 # = non-constant function

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs

 + [Int] IBEP20 
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Auth 
    - [Pub]  #
    - [Pub] authorize #
       - modifiers: onlyOwner
    - [Pub] unauthorize #
       - modifiers: onlyOwner
    - [Pub] isOwner
    - [Pub] isAuthorized
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IDEXFactory 
    - [Ext] createPair #

 + [Int] InterfaceLP 
    - [Ext] sync #

 + [Int] IDEXRouter 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IDividendDistributor 
    - [Ext] setDistributionCriteria #
    - [Ext] setShare #
    - [Ext] deposit ($)
    - [Ext] process #
    - [Ext] setToken #

 +  DividendDistributor (IDividendDistributor)
    - [Pub]  #
    - [Ext] setToken #
       - modifiers: onlyToken
    - [Ext] setDistributionCriteria #
       - modifiers: onlyToken
    - [Ext] setShare #
       - modifiers: onlyToken
    - [Ext] deposit ($)
       - modifiers: onlyToken
    - [Ext] process #
       - modifiers: onlyToken
    - [Int] shouldDistribute
    - [Int] distributeDividend #
    - [Ext] claimDividend #
    - [Pub] getUnpaidEarnings
    - [Int] getCumulativeDividends
    - [Int] addShareholder #
    - [Int] removeShareholder #

 +  SantaDoge (IBEP20, Auth)
    - [Pub] rebase_percentage #
       - modifiers: onlyMaster
    - [Pub] rebase #
       - modifiers: onlyMaster
    - [Pub]  #
       - modifiers: Auth
    - [Ext]  ($)
    - [Ext] totalSupply
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] name
    - [Ext] getOwner
    - [Pub] balanceOf
    - [Ext] allowance
    - [Pub] approve #
    - [Pub] withdrawStuckTokens #
       - modifiers: onlyOwner
    - [Pub] withDraw #
       - modifiers: onlyOwner
    - [Ext] multiTransfer #
       - modifiers: onlyOwner
    - [Ext] multiTransfer_fixed #
       - modifiers: onlyOwner
    - [Ext] approveMax #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Int] _transferFrom #
    - [Int] _basicTransfer #
    - [Int] checkTxLimit
    - [Int] shouldTakeFee
    - [Int] takeFee #
    - [Int] shouldSwapBack
    - [Ext] clearStuckBalance #
       - modifiers: authorized
    - [Ext] clearStuckBalance_sender #
       - modifiers: authorized
    - [Ext] set_sell_multiplier #
       - modifiers: onlyOwner
    - [Pub] tradingStatus #
       - modifiers: onlyOwner
    - [Pub] launchStatus #
       - modifiers: onlyOwner
    - [Pub] enable_blacklist #
       - modifiers: onlyOwner
    - [Pub] manage_blacklist #
       - modifiers: onlyOwner
    - [Pub] cooldownEnabled #
       - modifiers: onlyOwner
    - [Int] swapBack #
       - modifiers: swapping
    - [Ext] setIsDividendExempt #
       - modifiers: authorized
    - [Ext] setIsFeeExempt #
       - modifiers: authorized
    - [Ext] setZeroBuyTaxMode #
       - modifiers: authorized
    - [Ext] setIsTxLimitExempt #
       - modifiers: authorized
    - [Ext] setIsTimelockExempt #
       - modifiers: authorized
    - [Ext] setFees #
       - modifiers: authorized
    - [Ext] setFeeReceivers #
       - modifiers: authorized
    - [Ext] setSwapBackSettings #
       - modifiers: authorized
    - [Ext] manualSync #
    - [Ext] setLP #
       - modifiers: onlyOwner
    - [Ext] setMaster #
       - modifiers: onlyOwner
    - [Ext] isNotInSwap
    - [Ext] checkSwapThreshold
    - [Ext] setDistributionCriteria #
       - modifiers: authorized
    - [Ext] setDistributorSettings #
       - modifiers: authorized
    - [Pub] rescueToken #
       - modifiers: onlyOwner
    - [Pub] getCirculatingSupply
    - [Pub] getLiquidityBacking
    - [Pub] isOverLiquified
    - [Ext] checkMaxWalletToken
    - [Ext] checkMaxTxAmount
    - [Ext] setMaxWalletPercent_base1000 #
       - modifiers: onlyOwner
    - [Ext] setMaxTxPercent_base1000 #
       - modifiers: onlyOwner
    - [Ext] changeRewardToken #
       - modifiers: onlyOwner