Burning Moon Audit
Search…
Findings
Issue 01
Type
Severity
Location
Status
Gas Optimization
Informational
fallbackFixed
Description
The fallback function seems to be redundant.
Issue 02
Type
Severity
Location
Status
Best Practice
Low
addLiquidtyFixed
Description
addLiquidity calls the external function addLiquidityETH . Since this function can be called during _transfer, it may cause _transfer to fail unnecessarily. Recommendation
Use try-catch when calling external functions in critical path flows. Our recommendation is to Always make sure error cases are handled gracefully in critical functions such as
_transferIssue 03
Type
Severity
Location
Status
Gas Optimization
Informational
swapAndLiquifyAcknowledge
Description
Your current code doesn’t differentiate between sell transaction and addLiquidity transaction (because the user sends tokens to the pair) and buy transaction and removeLiquidity transaction (because the user receives tokens from the pair). Therefore, balanceLimit and custom tax will be applied to liquidity removal and liquidity addition as well.
Issue 04
Type
Severity
Location
Status
Gas Optimization
Informational
swapAndLiquifyFixed
The owner of the contract can set the lock time between two consecutive sells. Since the contract is constantly selling tokens for BNB as part of the staking rewards and AMM mechanism, If the token contract won’t be excluded from this limitation the contract could only sell once every 2 hours. If swapAndLiquify will take place on every sell transaction the sell transactions will constantly fail.
Recommendation
Our recommendation is to use try, catch when calling external functions and to make sure the contract can’t be excluded for sell cooldown limitations.
​
Issue 05
Type
Severity
Location
Status
Best Practice
Informational
TeamSetPromotionToken​
Fixed
Description
This function changes the state of the contact by setting critical operational variables.
Recommendation
Our recommendation is to emit event when changing critical variables or when the state of the contract changed.
Issue 06
Type
Severity
Location
Status
Logical Issue
Informational
promotionStartTimestamp​
Fixed
Description
The variable
promotionStartTimestamp is not used in the contract. When the team sets the promotion token by calling TeamSetPromotionToken it takes place immediately, instead of being delyaed by promotionStartTimestampRecommendation
Our recommendation is to delete this variable, or to implement the delay logic in the code.
Issue 07
Type
Severity
Location
Status
Logical Issue
Informational
_buyLotteryTickets​
Fixed
Description
According to the comments,
lotteryTicketPriceis supposed to be 100 tokens, however, it is set to 1000 tokens.1
uint256 public lotteryTicketPrice=1000*(10**_decimals); //StartPrize Lottery 100 token
Copied!
Issue 08
Type
Severity
Location
Status
Volatile Code
Medium
_buyLotteryTickets​
Fixed
Description
Each user can buy any number of lottery tickets. This function iterates over the number of tickets the user purchased. Iterating over an unbounded array can hit the block gas limit.
Recommendation
Our recommendation is to limit the number of tickets a user can purchase.
Issue 09
Type
Severity
Location
Status
Gas Optimization
Informational
_approveFixed
approve is being called every transaction on the same tokens and for the same spender (the router).
Recommendation
In order to reduce gas costs,
approve could be called once (with max int), and then check if it is needed again using allowance.Issue 10
Type
Severity
Location
Status
Volatile Code
Low
_swapContractTokenAcknowledge
Description
The team set the number of tokens to be swapped to 5% of the pair's token balance. 5% of the pair balance will result in more than 5% price impact on the token's price.
Recommendation
Consider lowering the number of tokens to be swapped or to set
sellLimit in order to prevent a major price impact. Issue 11
Type
Severity
Location
Status
Owner Capabilities
Medium
TeamRemoveRemainingBNBAcknowledge
Description
Every 7 days the team has the ability to withdraw all the bnbs from the contract. The contract holds the BNBs that were allocated for marketing and the BNBs that were allocated for staking rewards.
The team can withdraw the BNBs that were allocated for staking rewards.
Recommendation
Consider using a timelock contract in order to delay the execution of a function like that, or only enable to withdraw tokens who were allocated for marketing.
​
​
Last modified 10mo ago