Susumi Public Sale

Smart Contract Audit Report

Audit Summary

Susumi Public Sale Audit Report Susumi is building a new Public Sale platform where users can purchase Susumi Coin and earn bonuses.

For this audit, we reviewed the project team's SusumiPublicSale contract at 0x5086E7d83628b3EeD0d6aC79b296799A2DaCf620 on the Binance Smart Chain Mainnet.

We previously reviewed the project team's token contract here.

Audit Findings

Informational findings were identified and the team may want to review them.
Date: June 21st, 2022.

Finding #1 - SusumiPublicSale - Informational

Description: Although the buy() function requires the user to input a transaction type, the only valid transaction type that allows users to buy tokens is 1.
Recommendation: All logic related to the transaction type can be removed for additional gas savings on each call.

Contract Overview

  • This contract is used to facilitate the Public Sale of Susumi Coin.
  • Upon deployment, three phases of the public sale are set that each contain a unique price, token allocation, and expire time.
  • Phase one lasts for 7 days after the contract launch time, phase two lasts for 30 days after the conclusion of phase one, and phase three lasts for 7 days after the conclusion of phase two.
  • Phase one is allocated 450 million tokens, Phase two is allocated 200 million tokens, and Phase three is allocated 100 million tokens.
  • Any user can initiate a buy transaction of SUSU by specifying a BUSD amount, a referrer address, and the transaction type "1" that indicates the purchase is with BUSD.
  • The contract calls into an external OracleWrapper contract to calculate the price rate for each phase. The OracleWrapper contract is out of scope for this audit so we are unable to provide an assessment with regard to security.
  • The contract will automatically enter the next phase if the number of tokens the user is attempting to buy is more than the total number of allocated tokens for the current phase.
  • The referrer address must have already participated in a buy transaction in order to be considered a valid address.
  • Upon deployment, 75 million tokens are allocated to the Referral fund. On each buy transaction, both the referral address and buyer will receive a Referral bonus equivalent to 5% of the number of tokens being bought.
  • Upon deployment, 37.5 million tokens are allocated to the Airdrop fund. On each buy transaction, users will receive an Airdrop bonus equivalent to 5% of the number of tokens they are attempting to buy.
  • Users will receive a BUSD price discount if the number of tokens they are attempting to buy is more than one of the three minimum discount values set by the team.
  • The user must grant the contract an approval of BUSD for the amount of BUSD they are using to buy SUSU with in order for the transaction to successfully occur.
  • The BUSD provided by the user will be sent to the Receiver address set by the team.

  • Users can claim the $SUSU due to them at any time after the vesting period of 100 days has passed.
  • Users can also manually claim their Airdrop bonus and Referral bonus tokens at any time after the vesting period of 100 days has passed since phase three has ended.
  • After the final phase time has ended, the owner can send the remaining tokens in the contract to the Crowd Funding address set by the team at any time.
  • The owner can set the BUSD address, BUSD Oracle address, Crowd Funding address, and Receiver address to any addresses at any time.
  • The owner can update the threshold number of tokens a user must buy to qualify for a discount and the discount percentage for each serial number to any values at any time.
  • The contract utilizes ReentrancyGuard to prevent reentrancy attacks in applicable functions.
  • As the contract is deployed with Solidity v0.8.7, it is safe from any possible overflows/underflows.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Jump/Storage WriteN/APASS
Centralization of ControlN/APASS
Compiler IssuesN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Ether/Token TheftN/APASS
Flash LoansN/APASS
Front RunningN/APASS
Improper EventsN/APASS
Improper Authorization SchemeN/APASS
Integer Over/UnderflowN/APASS
Logical IssuesN/APASS
Oracle IssuesN/APASS
Outdated Compiler VersionN/APASS
Race ConditionsN/APASS
ReentrancyN/APASS
Signature IssuesN/APASS
Unbounded LoopsN/APASS
Unused CodeN/APASS
Overall Contract Safety PASS

Inheritance Chart

Smart Contract Audit - Inheritance

Function Graph

Smart Contract Audit - Graph

Functions Overview


 ($) = payable function
 # = non-constant function
 
 Int = Internal
 Ext = External
 Pub = Public

 +  ReentrancyGuard 
    - [Pub]  #

 + [Lib] TransferHelper 
    - [Int] safeApprove #
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeTransferETH #

 +  Ownable 
    - [Pub]  #
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _setOwner #

 + [Int] Token 
    - [Ext] decimals
    - [Ext] symbol
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] transferFrom #

 + [Int] OracleWrapper 
    - [Ext] latestAnswer

 + [Int] ISusumiCrowdSale 
    - [Ext] buySusuTokens #
    - [Ext] susuCalculation
    - [Ext] claimSusuTokens #
    - [Ext] claimAirdropBonus #
    - [Ext] claimReferralBonus #
    - [Ext] calculateDiscount

 +  SusumiPublicSale (Ownable, ReentrancyGuard, ISusumiCrowdSale)
    - [Ext]  ($)
    - [Pub]  #
    - [Pub] addUpdateDiscount #
       - modifiers: onlyOwner
    - [Ext] buySusuTokens #
       - modifiers: nonReentrant
    - [Pub] calculateDiscount
    - [Pub] susuCalculation
    - [Int] susuCalculationBasic
    - [Int] susuCalculationInternal
    - [Int] tokenValueInPhase
    - [Int] amountInCryptoLeft
    - [Int] calculateTokens
    - [Int] setPhaseInfo #
    - [Ext] claimSusuTokens #
    - [Ext] claimAirdropBonus #
    - [Ext] claimReferralBonus #
    - [Ext] sendLeftTokensToCrowdfunding #
       - modifiers: onlyOwner
    - [Int] cryptoValues
    - [Ext] showCurrentPhase
    - [Ext] updateReceiverAddress #
       - modifiers: onlyOwner
    - [Ext] updateBUSDAddress #
       - modifiers: onlyOwner
    - [Ext] updateBUSDOracleAddress #
       - modifiers: onlyOwner
    - [Ext] updateCrowdfundingAddress #
       - modifiers: onlyOwner

About SourceHat

SourceHat has quickly grown to have one of the most experienced and well-equipped smart contract auditing teams in the industry. Our team has conducted 1300+ solidity smart contract audits covering all major project types and protocols, securing a total of over $50 billion U.S. dollars in on-chain value across 1500 projects!.
Our firm is well-reputed in the community and is trusted as a top smart contract auditing company for the review of solidity code, no matter how complex. Our team of experienced solidity smart contract auditors performs audits for tokens, NFTs, crowdsales, marketplaces, gambling games, financial protocols, and more!

Contact us today to get a free quote for a smart contract audit of your project!

What is a SourceHat Audit?

Typically, a smart contract audit is a comprehensive review process designed to discover logical errors, security vulnerabilities, and optimization opportunities within code. A SourceHat Audit takes this a step further by verifying economic logic to ensure the stability of smart contracts and highlighting privileged functionality to create a report that is easy to understand for developers and community members alike.

How Do I Interpret the Findings?

Each of our Findings will be labeled with a Severity level. We always recommend the team resolve High, Medium, and Low severity findings prior to deploying the code to the mainnet. Here is a breakdown on what each Severity level means for the project:

  • High severity indicates that the issue puts a large number of users' funds at risk and has a high probability of exploitation, or the smart contract contains serious logical issues which can prevent the code from operating as intended.
  • Medium severity issues are those which place at least some users' funds at risk and has a medium to high probability of exploitation.
  • Low severity issues have a relatively minor risk association; these issues have a low probability of occurring or may have a minimal impact.
  • Informational issues pose no immediate risk, but inform the project team of opportunities for gas optimizations and following smart contract security best practices.