Ginga Finance
  • Overview
  • Legal Disclaimer
  • Audit Result
    • About the project
    • BEP-20 Compatibility
    • Owner Capabilities
    • Findings
  • Summary
Powered by GitBook
On this page
  • Issue 01
  • Issue 02
  • Issue 03
  • Issue 04
  • Issue 05
  • Issue 06
  • Issue 07
  • Issue 08
  • Issue 09
  • Issue 10
  • Issue 11
  • Issue 12
  • Issue 13
  • Issue 14
  • Issue 15
  1. Audit Result

Findings

Issue 01

Type

Severity

Location

Status

Best Practice

Informational

All

Acknowledged

Description

10 ** 18 is a standard unit in solidity, and has a special keyword "ether".

Recommendation

Consider using ether instead of 10**18 for readability.

Issue 02

Type

Severity

Location

Status

Best Practice

Medium

receive

✔️Resolved

Description

There is a receive function in the contract, which means any address can send BNB to the contract. The problem is that there is no way to recover BNB that were mistakenly sent to the contract.

Recommendation

In order to prevent the contract from receiving BNB from investors, which will result in a loss of funds, our recommendation is to only accept ETH from “whitelisted” addresses (e.g. the router address). The receive function will revert if the address is not whitelisted.

Issue 03

Type

Severity

Location

Status

Best Practice

Informational

Multiple locations

Acknowledged

Description

The set functions don't emit events.

Recommendation

Consider adding events when changing critical variables or the state of the contract.

Issue 04

Type

Severity

Location

Status

Owner Capabilities

Informational

blacklistAddress

✔️Resolved

Description

The owner of the contract can blacklist any address, at any time.

Recommendation

Our recommendation is to limit the timeframe when the owner can append an address to the blacklist.

Issue 05

Type

Severity

Location

Status

Gas Optimization

Informational

isExcludedFromFees

Acknowledged

Description

isExcludedFromFees could have been declared as external to save on gas fees.

Issue 06

Type

Severity

Location

Volatile Code

High

_transfer

✔️Resolved

Description

_transfer may call internally to swapExactTokensForETHSupportingFeeOnTransferTokens and addLiquidityETH , which may cause _transfer to fail unnecessarily.

Recommendation

_transfer should always work, and shouldn't fail if swapExactTokensForETHSupportingFeeOnTransferTokens or addLiquidityETH fails to ensure token will always be tradable.

Issue 07

Type

Severity

Location

Status

Gas Optimization

Informational

_transfer

Acknowledged

Description

The code doesn’t differentiate between sell transaction and addLiquidity transaction (because the user sends tokens to the pair) and buy transaction and removeLiquidity transaction (because the user receives tokens from the pair). Therefore, the custom tax will be applied to liquidity removal as well as liquidity addition.

Issue 08

Type

Severity

Location

Status

Gas Optimization

Informational

_approve

Acknowledged

Approve is being called every transaction on the same tokens and for the same spender (the router).

Recommendation

In order to reduce gas costs, approve could be called once (with max int), and then check if it is needed again using allowance.

Issue 09

Type

Severity

Location

Status

Logical Issue

Informational

swapAndSendDividends

Acknowledged

Description

If the dividends token has fees on transfer, the code may not work as intended since the dividends contract will receive fewer tokens than expected and the rewards won't be calculated correctly.

Recommendation

Consider adding general support for dividends tokens with fees on transfer.

Since busd address can't be changed, the issue is marked as informational.

Issue 10

Type

Severity

Location

Status

Logical Issue

Medium

swapAndSendDividends

✔️Resolved

Description

_transfer may call swapAndSendDividends internally. This function can be called during _transfer and potentially failing when totalSupply of DividendPayingToken is 0.

Recommendation

Consider using try-catch when calling distributeTokenDividends

Issue 11

Type

Severity

Location

Status

Logical Issue

Low

swapAndSendDividends

Acknowledged

Description

swapAndSendDividends will fail if totalSupply of DividendPayingToken is 0.

Recommendation

Consider handling a scenario in which totalSupply is 0, and dividends are transferred to the contract.

Issue 12

Type

Severity

Location

Status

Owner Capabilities

High

blacklistAddress

✔️Resolved

Description

The owner can blacklist any address. If the owner blacklists the pair address or the contract address the token will be untradeable.

Recommendation

Add a require statement that prohibits the owner from blacklisting the pair address and the contract address.

Issue 13

Type

Severity

Location

Status

Owner Capabilities

High

updateUniswapV2Router

✔️Resolved

Description The owner can set PancakeSwap's router address, which gives him full control over all token swaps.

Recommendation

Consider implementing a timelock mechanism to allow users to review the changes, or remove this feature altogether as backward-incompatible router updates are a very rare event.

Issue 14

Type

Severity

Location

Status

Owner Capabilities

High

setBUSDRewardsFee

✔️Resolved

Description

The owner of the contract can set the busd rewards fee, marketing fee, and liquidity fee by calling set setBUSDRewardsFee or setLiquiditFee or setMarketingFee to any value they desire. If the owner sets the fee to 100% the token will be untradeable.

Recommendation

Consider adding an upper limit for the set functions.

Issue 15

Type

Severity

Location

Status

Gas Optimization

Informational

setBUSDRewardsFee

Acknowledged

Description

The contract may call swapExactTokensForETHSupportingFeeOnTransferTokens 3 times, each call consumes a large amount of gas.

Recommendation

Consider calling this function only once.

PreviousOwner CapabilitiesNextSummary

Last updated 3 years ago