Sugar Kingdom - Smart Contract Audit Report

Audit Summary

Sugar Kingdom Audit Report Sugar Kingdom is building a new BEP-20 token on the Binance Smart Chain.

We reviewed the project team's SugarKingdomToken contract at 0x03436Fe878e33Be3C8CAEbd205ebc04A66aA3248 on the Binance Smart Chain Mainnet.

Audit Findings

Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
Date: February 21st, 2022.
Updated: April 7th, 2022 to reflect the contract's mainnet address.

Finding #1 - SugarKingdomToken - Informational

Description: Several functions are declared public, but are never called internally.
			
totalSupply, balanceOf, isWhitelisted, addWhitelisted, removeWhitelisted, isPool, addPool, removePool, setTaxAccount, changeFees
Recommendation: We recommend declaring these functions external for additional gas savings on each call.

Contract Overview

  • The total supply of the token is initially set to 100 million $CANDY [100,000,000].
  • Any user can burn their own tokens to reduce the total supply.
  • Any user can burn tokens on another user's behalf if an allowance has been granted.
  • No mint functions are accessible beyond deployment.
  • At the time of writing this report, 100% of the total supply belongs to the owner.

  • There is a tax fee and a burn fee charged on all transfers where neither the sender nor the recipient is excluded from fees.
  • A separate fee structure can be set by the team to apply different fee percentages depending on whether the user is buying or selling to an approved DEX during the transfer.
  • A third fee structure can be set by the team to apply different fee percentages for all other transfers that do not involve an approved DEX.
  • The tokens collected from the tax fee are sent to a fee wallet controlled by the team.
  • The tokens collected from the burn fee are removed from the total supply.
  • The contract interacts with an external Anti-sniper contract and an external Liquidity Restriction contract on all transfers. The security of these two contracts cannot be confirmed by our team as they are both out of scope for the purpose of this audit.
  • As the contract is implemented with Solidity v0.8.x it is protected from overflows/underflows.
  • The contract complies with the ERC-20 token standard.
Ownership Controls:
  • The owner can set the tax fee and burn fee to any percentages as long as the percentages combined do not exceed the maximum fee cap set by the owner upon deployment.
  • The owner can exclude/include accounts from transfer fees.
  • The owner can disable the Anti-sniper and Liquidity Restriction mechanisms at any time. Once disabled, they can never be re-enabled.
  • The owner can add any address as an approved DEX at any time.
  • The owner can update the team's fee wallet to any address at any time.

External Threat Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of Control
  • 100% of the total supply belongs to the owner.
  • The owner can set fee percentages up to the maximum fee cap set upon deployment.
  • WARNING
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    ExceptionsN/APASS
    External CallsN/APASS
    Flash LoansN/APASS
    Integer Over/UnderflowN/APASS
    Logical IssuesN/APASS
    Multiple SendsN/APASS
    OraclesN/APASS
    SuicideN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Function Graph

    BEP20 Token Graph

    Inheritance Chart

    Multi-file Token

    Functions Overview

    												
    ($) = payable function
     # = non-constant function
    
     + [Int] IERC20 
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
    
     +  Context 
        - [Int] _msgSender
        - [Int] _msgData
    
     + [Int] IERC20Metadata (IERC20)
        - [Ext] name
        - [Ext] symbol
        - [Ext] decimals
    
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
    
     +  ERC20 (Context, IERC20, IERC20Metadata)
        - [Pub]  #
        - [Pub] name
        - [Pub] symbol
        - [Pub] decimals
        - [Pub] totalSupply
        - [Pub] balanceOf
        - [Pub] transfer #
        - [Pub] allowance
        - [Pub] approve #
        - [Pub] transferFrom #
        - [Pub] increaseAllowance #
        - [Pub] decreaseAllowance #
        - [Int] _transfer #
        - [Int] _mint #
        - [Int] _burn #
        - [Int] _approve #
        - [Int] _spendAllowance #
        - [Int] _beforeTokenTransfer #
        - [Int] _afterTokenTransfer #
    
     +  ERC20Burnable (Context, ERC20)
        - [Pub] burn #
        - [Pub] burnFrom #
    
     +  ReentrancyGuard 
        - [Pub]  #
    
     + [Int] ILiquidityRestrictor 
        - [Ext] assureLiquidityRestrictions #
    
     + [Int] IAntisnipe 
        - [Ext] assureCanTransfer #
    
     +  SugarKingdomToken (ERC20, Ownable, ERC20Burnable, ReentrancyGuard)
        - [Pub]  #
           - modifiers: ERC20
        - [Pub] balanceOf
        - [Pub] totalSupply
        - [Pub] isWhitelisted
        - [Pub] addWhitelisted #
           - modifiers: onlyOwner
        - [Pub] removeWhitelisted #
           - modifiers: onlyOwner
        - [Pub] isPool
        - [Pub] addPool #
           - modifiers: onlyOwner
        - [Pub] removePool #
           - modifiers: onlyOwner
        - [Pub] setTaxAccount #
           - modifiers: onlyOwner
        - [Int] initFees #
        - [Pub] changeFees #
           - modifiers: onlyOwner
        - [Pub] getFees
        - [Int] _mint #
        - [Int] _burn #
        - [Pub] calculateFees
        - [Int] _transfer #
           - modifiers: nonReentrant
        - [Int] _beforeTokenTransfer #
        - [Ext] setAntisnipeDisable #
           - modifiers: onlyOwner
        - [Ext] setLiquidityRestrictorDisable #
           - modifiers: onlyOwner
        - [Ext] setAntisnipeAddress #
           - modifiers: onlyOwner
        - [Ext] setLiquidityRestrictionAddress #
           - modifiers: onlyOwner