TradeEngine - Smart Contract Audit Report

Audit Summary

TradeEngine Audit Report TradeEngine ($TEN) is a new ERC-20 token that features automatic liquidity adds and pays holders dividends in MATIC.

For this audit, we reviewed the TradeEngine and TENDividendTracker contracts using code provided to us by the project team.

Audit Findings

Please ensure trust in the team prior to investing as they have some control in the ecosystem.
Date: February 22nd, 2022.

Contracts Overview

  • The total supply of the token is set to 100 billion $TEN [100,000,000,000].
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
  • The $TEN token represents votes intended to be used in a DAO where one token represents one vote.
  • Users may delegate their votes to another address allowing them to vote on behalf of the user.
  • Once votes are delegated, the user must explicitly delegate back to themselves to regain their votes.
  • There was no token allocation for our team to analyze as the contract has yet to be deployed to the mainnet.

  • There is a MATIC Rewards fee, Liquidity fee, Marketing fee, and Buyback fee on all transfers via Quickswap where neither the sender nor the recipient is excluded from fees. A separate fee structure can be set by the team to apply different fee percentages depending on whether the user is buying or selling during the transfer.
  • The fees charged during transfers are stored in the contract address. The tokens are swapped for MATIC for the purpose of funding Quickswap liquidity when the following conditions are met:
    • The threshold number of tokens in the contract address (determined by the owner) has been reached.
    • The contract is not currently performing an automatic liquidity add.
    • The transfer is not a buying transaction via Quickswap.
  • Liquidity-adds are automatically performed by selling the tokens collected as fees, pairing the received MATIC with the token, and adding it as liquidity to the pair.
  • The LP tokens received through this process are sent to the 0x..dead address.
  • The tokens collected from the Marketing Fee are swapped for MATIC and sent to the team's Marketing wallet.
  • The tokens collected from the MATIC Rewards Fee are swapped for MATIC and sent to the TENDividendTracker contract where they are distributed as rewards.
  • The tokens collected from the Buyback Fee are swapped back to $TEN from MATIC and are sent to the 0x..dead address.
  • The contract appropriately transfers votes on all token transfers.
  • The contract features an antisniper mechanism that is triggered when a user attempts to buy or sell tokens within 60 seconds of liquidity being added. The account initiating the transfer will be taxed at a ~90% rate.
  • The contract enforces a maximum wallet amount of 1 billion tokens. This does not apply to addresses that are excluded from this restriction.
  • The contract enforces a maximum sell amount of 500 million tokens when selling tokens via Quickswap for all accounts that are not excluded from fees.
  • The contract utilizes the SafeMath library to protect against overflows/underflows along with following the ERC-20 standard.

  • Any user that holds any amount of $TEN tokens is eligible to claim dividends.
  • Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
  • Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
  • Alternatively, a user can manually claim dividends as an individual.
  • There is a wait-time (determined by the owner) between claiming dividend rewards.
  • Claimed dividends are sent to the user's wallet address.
Ownership Controls:
  • The ower can set total fees charged on transfers up to 20% for both the buy and sell fee structures.
  • The owner can set the percentage of the fees allocated to any fund (Liquidity, Marketing, Buyback, Dividends) at any time.
  • The owner can exclude any address from transfer fees and dividends at any time.
  • The owner can update the threshold value needed to trigger automatic liquidity adds to any value at any time.
  • The owner can update the maximum amount of gas used for processing to any value between 200,000 and 500,000 at any time.
  • The owner can update the Dividend Distributor and Quickswap Router contract addresses at any time.
  • The owner can update the Automated Market Maker Pair address at any time.
  • The owner can update the amount of time a user must wait between claiming dividends to any value between 1 and 24 hours (in seconds).

External Threat Results

Vulnerability Category Notes Result
Arbitrary Storage Write N/A PASS
Arbitrary Jump N/A PASS
Centralization of Control The owner can set total fee percentages up to 20% for both buys and sells. PASS
Delegate Call to Untrusted Contract N/A PASS
Dependence on Predictable Variables N/A PASS
Deprecated Opcodes N/A PASS
Ether Thief N/A PASS
Exceptions N/A PASS
External Calls N/A PASS
Flash Loans N/A PASS
Integer Over/Underflow N/A PASS
Logical Issues N/A PASS
Multiple Sends N/A PASS
Oracles N/A PASS
Suicide N/A PASS
State Change External Calls N/A PASS
Unchecked Retval N/A PASS
User Supplied Assertion N/A PASS
Critical Solidity Compiler N/A PASS
Overall Contract Safety   PASS

Function Graph

BEP20 Token Graph

Inheritance Chart

Multi-file Token

Functions Overview

												
($) = payable function
 # = non-constant function

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20Metadata (IERC20)
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals

 +  Ownable (Context)
    - [Pub]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 +  ERC20 (Context, IERC20, IERC20Metadata)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _approve #
    - [Int] _spendAllowance #
    - [Int] _beforeTokenTransfer #
    - [Int] _afterTokenTransfer #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] SafeMathUint 
    - [Int] toInt256Safe

 + [Lib] SafeMathInt 
    - [Int] mul
    - [Int] div
    - [Int] sub
    - [Int] add
    - [Int] abs
    - [Int] toUint256Safe

 + [Lib] IterableMapping 
    - [Pub] get
    - [Pub] getIndexOfKey
    - [Pub] getKeyAtIndex
    - [Pub] size
    - [Pub] set #
    - [Pub] remove #

 +  TENDelegates 
    - [Ext] delegates
    - [Ext] delegate #
    - [Ext] getCurrentVotes
    - [Ext] getPriorVotes
    - [Int] _delegate #
    - [Int] _moveDelegates #
    - [Int] _writeCheckpoint #
    - [Int] safe32

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] DividendPayingTokenOptionalInterface 
    - [Ext] withdrawableDividendOf
    - [Ext] withdrawnDividendOf
    - [Ext] accumulativeDividendOf

 + [Int] DividendPayingTokenInterface 
    - [Ext] dividendOf
    - [Ext] distributeDividends ($)
    - [Ext] withdrawDividend #

 + [Int] IUniswapV2Factory 
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IUniswapV2Pair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 +  DividendPayingToken (ERC20, DividendPayingTokenInterface, DividendPayingTokenOptionalInterface)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Pub] distributeDividends ($)
    - [Pub] withdrawDividend #
    - [Int] _withdrawDividendOfUser #
    - [Pub] dividendOf
    - [Pub] withdrawableDividendOf
    - [Pub] withdrawnDividendOf
    - [Pub] accumulativeDividendOf
    - [Int] _transfer #
    - [Int] _mint #
    - [Int] _burn #
    - [Int] _setBalance #

 +  TENDividendTracker (DividendPayingToken, Ownable)
    - [Pub]  #
       - modifiers: DividendPayingToken
    - [Int] _transfer #
    - [Pub] withdrawDividend #
    - [Ext] excludeFromDividends #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfTokenHolders
    - [Pub] getAccount
    - [Pub] getAccountAtIndex
    - [Prv] canAutoClaim
    - [Ext] setBalance #
       - modifiers: onlyOwner
    - [Pub] process #
    - [Pub] processAccount #
       - modifiers: onlyOwner

 +  TradeEngine (ERC20, TENDelegates, Ownable)
    - [Pub]  #
       - modifiers: ERC20
    - [Ext]  ($)
    - [Int] _transfer #
    - [Prv] swapETHForTokens #
    - [Prv] swapAndLiquify #
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Prv] swapAndSendDividends #
    - [Int] _delegate #
    - [Pub] updateSwapAtAmount #
       - modifiers: onlyOwner
    - [Pub] updateBuyFees #
       - modifiers: onlyOwner
    - [Pub] updateSellFees #
       - modifiers: onlyOwner
    - [Pub] updateDividendTracker #
       - modifiers: onlyOwner
    - [Pub] updateUniswapV2Router #
       - modifiers: onlyOwner
    - [Pub] excludeFromFees #
       - modifiers: onlyOwner
    - [Pub] excludeMultipleAccountsFromFees #
       - modifiers: onlyOwner
    - [Pub] setAutomatedMarketMakerPair #
       - modifiers: onlyOwner
    - [Prv] _setAutomatedMarketMakerPair #
    - [Pub] updateGasForProcessing #
       - modifiers: onlyOwner
    - [Ext] updateClaimWait #
       - modifiers: onlyOwner
    - [Ext] getClaimWait
    - [Ext] getTotalDividendsDistributed
    - [Pub] isExcludedFromFees
    - [Pub] withdrawableDividendOf
    - [Pub] dividendTokenBalanceOf
    - [Ext] getAccountDividendsInfo
    - [Ext] getAccountDividendsInfoAtIndex
    - [Ext] processDividendTracker #
    - [Ext] claim #
    - [Ext] getLastProcessedIndex
    - [Ext] getNumberOfDividendTokenHolders