Findings
Issue 01
Type
Severity
Location
Status
Best Practice
Informational
All
Acknowledged
Description
10 ** 18 is a standard unit in solidity, and has a special keyword "ether".
Recommendation
Consider using ether instead of 10**18 for readability.
Issue 02
Type
Severity
Location
Status
Best Practice
Medium
receive
✔️Resolved
Description
There is a receive function in the contract, which means any address can send BNB to the contract. The problem is that there is no way to recover BNB that were mistakenly sent to the contract.
Recommendation
In order to prevent the contract from receiving BNB from investors, which will result in a loss of funds, our recommendation is to only accept ETH from “whitelisted” addresses (e.g. the router address). The receive function will revert if the address is not whitelisted.
Issue 03
Type
Severity
Location
Status
Best Practice
Informational
Multiple locations
Acknowledged
Description
The set functions don't emit events.
Recommendation
Consider adding events when changing critical variables or the state of the contract.
Issue 04
Type
Severity
Location
Status
Owner Capabilities
Informational
blacklistAddress
✔️Resolved
Description
The owner of the contract can blacklist any address, at any time.
Recommendation
Our recommendation is to limit the timeframe when the owner can append an address to the blacklist.
Issue 05
Type
Severity
Location
Status
Gas Optimization
Informational
isExcludedFromFees
Acknowledged
Description
isExcludedFromFees could have been declared as external to save on gas fees.
Issue 06
Type
Severity
Location
Volatile Code
High
_transfer
✔️Resolved
Description
_transfer may call internally to swapExactTokensForETHSupportingFeeOnTransferTokens and addLiquidityETH , which may cause _transfer to fail unnecessarily.
Recommendation
_transfer should always work, and shouldn't fail if swapExactTokensForETHSupportingFeeOnTransferTokens or addLiquidityETH fails to ensure token will always be tradable.
Issue 07
Type
Severity
Location
Status
Gas Optimization
Informational
_transfer
Acknowledged
Description
The code doesn’t differentiate between sell transaction and addLiquidity transaction (because the user sends tokens to the pair) and buy transaction and removeLiquidity transaction (because the user receives tokens from the pair). Therefore, the custom tax will be applied to liquidity removal as well as liquidity addition.
Issue 08
Type
Severity
Location
Status
Gas Optimization
Informational
_approve
Acknowledged
Approve is being called every transaction on the same tokens and for the same spender (the router).
Recommendation
In order to reduce gas costs, approve could be called once (with max int), and then check if it is needed again using allowance.
Issue 09
Type
Severity
Location
Status
Logical Issue
Informational
swapAndSendDividends
Acknowledged
Description
If the dividends token has fees on transfer, the code may not work as intended since the dividends contract will receive fewer tokens than expected and the rewards won't be calculated correctly.
Recommendation
Consider adding general support for dividends tokens with fees on transfer.
Since busd address can't be changed, the issue is marked as informational.
Issue 10
Type
Severity
Location
Status
Logical Issue
Medium
swapAndSendDividends
✔️Resolved
Description
_transfer may call swapAndSendDividends internally. This function can be called during _transfer and potentially failing when totalSupply of DividendPayingToken is 0.
Recommendation
Consider using try-catch when calling distributeTokenDividends
Issue 11
Type
Severity
Location
Status
Logical Issue
Low
swapAndSendDividends
Acknowledged
Description
swapAndSendDividends will fail if totalSupply of DividendPayingToken is 0.
Recommendation
Consider handling a scenario in which totalSupply is 0, and dividends are transferred to the contract.
Issue 12
Type
Severity
Location
Status
Owner Capabilities
High
blacklistAddress
✔️Resolved
Description
The owner can blacklist any address. If the owner blacklists the pair address or the contract address the token will be untradeable.
Recommendation
Add a require statement that prohibits the owner from blacklisting the pair address and the contract address.
Issue 13
Type
Severity
Location
Status
Owner Capabilities
High
updateUniswapV2Router
✔️Resolved
Description The owner can set PancakeSwap's router address, which gives him full control over all token swaps.
Recommendation
Consider implementing a timelock mechanism to allow users to review the changes, or remove this feature altogether as backward-incompatible router updates are a very rare event.
Issue 14
Type
Severity
Location
Status
Owner Capabilities
High
setBUSDRewardsFee
✔️Resolved
Description
The owner of the contract can set the busd rewards fee, marketing fee, and liquidity fee by calling set setBUSDRewardsFee or setLiquiditFee or setMarketingFee to any value they desire. If the owner sets the fee to 100% the token will be untradeable.
Recommendation
Consider adding an upper limit for the set functions.
Issue 15
Type
Severity
Location
Status
Gas Optimization
Informational
setBUSDRewardsFee
Acknowledged
Description
The contract may call swapExactTokensForETHSupportingFeeOnTransferTokens 3 times, each call consumes a large amount of gas.
Recommendation
Consider calling this function only once.
Last updated