magicbox.game - Smart Contract Audit Report
Summary
magicbox.game is a new token on the Binance Smart Chain with liquidity adds and a buyback system for burning supply that pays users dividends in BUSD.
Notes on the Contract:Audit Findings Summary
- The total supply of the token is set to 1 quadrillion [1,000,000,000,000,000] $MBT.
- No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address if desired.
- At the time of writing this report, 51.34% of the total supply has been sent to the 0x..dead address.
- 6.96% of the total supply is in Pancakeswap liquidity.
- Of that liquidity, 88.44% of the LP tokens are stored in a token locking contract behind a proxy. This contract also holds 5% of the total supply.
- 11.44% of the LP tokens belong to a wallet controlled by the team. We advise the team lock these LP tokens.
- The next 5 holders own a cumulative 6.88% of the total supply.
- There is a tax fee charged on each transaction that gets stored in the contract balance; fees can be increased during a sell to PancakeSwap up to a value proportional to the time left in the buyback multiplier period (if any).
- Once a threshold value of tokens in the contract balance is met, a portion of the contract balance is swapped for BNB and distributed as dividends, and another portion is sent to the marketing wallet which is controlled by the project team.
- Another portion is allocated to funding PancakeSwap liquidity, unless the liquidity cap set by the team has already been met.
- Liquidity-adds are funded by selling half of the tokens allocated to funding liquidity, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
- The newly created LP tokens are sent to a wallet controlled by the team. The team is responsible for locking these newly acquired LP tokens.
- If the auto buyback functionality is enabled, and the amount of BNB in the contract reaches the autobuyback threshold value determined by the owner, the BNB will be swapped for $MBT tokens and sent to the burn address.
- Any user that holds any amount of $MBT tokens are eligible to claim dividends once the amount of dividends they are due reaches a minimum threshold value determined by team.
- Once dividends are distributed, they will need to be claimed; claiming happens automatically on each transfer.
- Dividend rewards can also be claimed manually by kicking off the claim cycle, which will process all eligible token holders.
- Alternatively, a user can manually claim dividends as an individual.
- There is a wait-time between claiming dividend rewards.
- Claimed dividends are sent to the user's wallet address.
Ownership Controls:- The owner can assign multiple addresses to an 'authorized' role. The assigned addresses have access to specific functions in the contract.
- Any authorized address can set the total fees charged on transactions to any value up to 25% at any time.
- Any authorized address can set the percentage of the fees allocated to any fund (liquidity, marketing, buyback, dividends) at any time.
- Any authorized address can exclude any address from dividends at any time.
- Any authorized address can update the minimum threshold value of rewards needed that determines when a user can claim their dividends.
- Any authorized address can set a maximum transaction limit which is enforced during sell transactions to PancakeSwap. Any authorized address can also exclude accounts from this maximum transaction limit.
- Any authorized address can automatically trigger a buyback at any time.
- Any authorized address can set or disable the buyback fee multiplier at any time.
- Any authorized address can disable the autobuyback system and set any the threshold BNB value to trigger a buyback.
- Any authorized address can disable the automatic liquidity adds at any time and set any threshold value related to it.
- Any authorized address can update the Dividend Distributor and PancakeSwap Router contract addresses at any time.
- Any authorized address can update the maximum amount of gas used for processing to a value up to 750,000 at any time.
- Any authorized address can update the amount of time a user must wait between claiming dividends to any value at any time.
- Any authorized address can enable/disable automatic liquidity adds at any time.
- No security threats from outside attackers were identified.
- Please ensure trust in the team prior to investing as they have substantial control in the ecosystem.
- Please be aware of the amount of liquidity available in proportion to the largest wallets
- Date: November 18th, 2021
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
magicbox.game Contract
($) = payable function
# = non-constant function
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ [Int] IBEP20
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ Ownable
- [Pub] #
- [Pub] authorize #
- modifiers: onlyOwner
- [Pub] unauthorize #
- modifiers: onlyOwner
- [Pub] isOwner
- [Pub] isAuthorized
- [Pub] transferOwnership #
- modifiers: onlyOwner
+ [Int] ISwapFactory
- [Ext] createPair #
+ [Int] ISwapRouter
- [Ext] factory
- [Ext] WETH
- [Ext] addLiquidity #
- [Ext] addLiquidityETH ($)
- [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
- [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
- [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
+ [Int] IRewardDistributor
- [Ext] setDistributionCriteria #
- [Ext] setStock #
- [Ext] deposit ($)
- [Ext] process #
+ RewardDistributor (IRewardDistributor)
- [Pub] #
- [Ext] setDistributionCriteria #
- modifiers: onlyToken
- [Ext] setStock #
- modifiers: onlyToken
- [Ext] deposit ($)
- modifiers: onlyToken
- [Ext] process #
- modifiers: onlyToken
- [Int] shouldDistribute
- [Int] distributeRewards #
- [Ext] claimReward #
- [Pub] getUnpaidEarnings
- [Int] getCumulativeRewards
- [Int] addStockholder #
- [Int] removeStockholder #
+ MagicBox (IBEP20, Ownable)
- [Pub] #
- modifiers: Ownable
- [Ext] ($)
- [Ext] totalSupply
- [Ext] decimals
- [Ext] symbol
- [Ext] name
- [Ext] getOwner
- [Pub] balanceOf
- [Ext] allowance
- [Pub] approve #
- [Ext] approveMax #
- [Ext] transfer #
- [Ext] transferFrom #
- [Int] _transferFrom #
- [Int] _transferStandard #
- [Int] checkTxLimit
- [Int] shouldTakeFee
- [Pub] getTotalFee
- [Pub] getMultipliedFee
- [Int] takeFee #
- [Int] checkSwapBack
- [Int] swapBack #
- modifiers: lockTheSwap
- [Int] checkAutoBuyback
- [Ext] triggerZeusBuyback #
- modifiers: authorized
- [Ext] clearBuybackMultiplier #
- modifiers: authorized
- [Int] triggerAutoBuyback #
- [Int] buyTokens #
- modifiers: lockTheSwap
- [Ext] setAutoBuybackSettings #
- modifiers: authorized
- [Ext] setBuybackMultiplierSettings #
- modifiers: authorized
- [Int] launched
- [Pub] launch #
- modifiers: authorized
- [Ext] setTxLimit #
- modifiers: authorized
- [Ext] setIsExcludedStock #
- modifiers: authorized
- [Ext] setIsExcludedFee #
- modifiers: authorized
- [Ext] setIsExcludedTxLimit #
- modifiers: authorized
- [Ext] setFees #
- modifiers: authorized
- [Ext] setFeeReceivers #
- modifiers: authorized
- [Ext] setSwapBackSettings #
- modifiers: authorized
- [Ext] setTargetLiquidity #
- modifiers: authorized
- [Ext] setDistributionCriteria #
- modifiers: authorized
- [Ext] setDistributorSettings #
- modifiers: authorized
- [Ext] setReserved #
- modifiers: authorized
- [Pub] getCirculatingSupply
- [Pub] getLiquidityBacking
- [Pub] isOverLiquified