VANCAT - Smart Contract Audit Report
Summary
VANCAT is a platform where fees charged from transactions are shared among token holders. Fee sharing is instant, increasing the balance of all token holders with each transaction.
Notes on the contract:
- VANCAT is a fork of Reflect Finance (RFI). The key notable differences are the transfer tax which is 10x that of RFI, the increased total supply, and the reduction of decimals to 0.
- The total supply of the token is 1 quadrillion.
- No mint or burn functions exist, though the circulating supply can be decreased by sending tokens to 0x...dead.
- 49% of the total supply has been send to the 0xdead address.
- The team has locked ~10% of the supply on our recommendation, but this lock lasts 3 months and vests over time; giving the team as much as liquidity .
- 1.1% of the supply is in the Uniswap liquidity pool. 23% of liquidity is held unlocked by the team; 67% is locked in an unverified contract for an unknown amount of time.
- 5 wallets hold significantly more than the amount of tokens in the liquidity pool. These wallets are not controlled by the team, but each pose a major risk to liquidity if they were to sell.
- 100% of the fee charged on token transfers is redistributed to existing token holders instantly and automatically at the time of each transaction.
- The owner can exclude any address from the fee mechanism.
- The 10x-ing of the standard fee performs a multiplication on the result of a division. While this can lead to slighlty less accurate results, the large supply of the token makes this impact negligible at most.
- Some gas optimizations can be achieved through declaring functions external instead of public and some variables constant. As this contract is already deployed, this is merely informational.
- Utilization of SafeMath to prevent overflows.
Audit Findings Summary
- No external security issues were identified.
- The team's locked ~10% of the supply, but it will vest to them over 100 days; providing them as much as the LP pool has every ~11 days.
- Multiple wallets can drain the liquidity pool by ~50% each at any time.
- Date: April 11th, 2021
- Update Date: April 12th, 2021 - Locking of tokens by the team.
Audit Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
Function Graph
Inheritence Chart
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ [Lib] Address
- [Int] isContract
- [Int] sendValue #
- [Int] functionCall #
- [Int] functionCall #
- [Int] functionCallWithValue #
- [Int] functionCallWithValue #
- [Prv] _functionCallWithValue #
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ VANCAT (Context, IERC20, Ownable)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Pub] isExcluded
- [Pub] totalFees
- [Pub] reflect #
- [Pub] reflectionFromToken
- [Pub] tokenFromReflection
- [Ext] excludeAccount #
- modifiers: onlyOwner
- [Ext] includeAccount #
- modifiers: onlyOwner
- [Prv] _approve #
- [Prv] _transfer #
- [Prv] _transferStandard #
- [Prv] _transferToExcluded #
- [Prv] _transferFromExcluded #
- [Prv] _transferBothExcluded #
- [Prv] _reflectFee #
- [Prv] _getValues
- [Prv] _getTValues
- [Prv] _getRValues
- [Prv] _getRate
- [Prv] _getCurrentSupply