Findings
Issue 01
Type | Severity | Location | Status |
Owner Capabilities | High |
| ✔️ Resolved |
Description
The owner can blacklist any address. If the owner blacklists the pair address or the contract address the token will be untradeable.
Recommendation
Add a require statement that prevents the owner from blacklisting the pair address and the contract address.
Issue 02
Type | Severity | Location | Status |
Volatile Code | Medium |
| ❌ Not Resolved |
Description
swapTokensForBos is called on every transfer. This function sells tokens for BNB which can result in a price drop.
Recommendation
Consider adding a dynamic upper limit according to a percentage of the token pair balance, in order to control the price impact and prevent the token from being untradeable due to slippage higher than 49%.
General Notes
The team needs to acknowledge this issue and consider the value they put as the maximum limit.
Issue 03
Type | Severity | Location | Status |
Volatile Code / Logical Issue | High |
| ✔️ Resolved |
Description
swapTokensForBoss is called on every transfer. If the pool is not created, this function will fail causing _transfer to fail until liquidity is added.
In addition, swapTokensForBoss will not work on buy transactions which is part of PancakeSwap's protocol requirements.
Recommendation
Add an option to disable the swapTokensForBoss feature, and only call this function on sell transactions.
Issue 04
Type | Severity | Location | Status |
Best Practice | Medium |
| ✔️ Resolved |
Description
There is a receive function in the contract, which means any address can send BNB to the contract.
Recommendation
In order to prevent the contract from receiving BNB from investors, which will result in a loss of funds, our recommendation is to only accept BNB from “whitelisted” addresses (e.g. router address).
The receive function will revert if the address is not whitelisted.
Issue 05
Type | Severity | Location | Status |
Best Practice / Volatile Code | High |
| ✔️ Resolved |
Description
_transfer calls the external function swapTokensForEth . Since this function can be called during _transfer, it may cause _transfer to fail unnecessarily.
Recommendation
Use try-catch when calling external functions in critical path flows.
Our recommendation is to always make sure error cases are handled gracefully in critical functions such as _transfer.
Issue 06
Type | Severity | Location | Status |
Owner Capabilities | High |
|
Description
There is no upper limit to the setFees functions. If the owner sets them to 100% the token will be untradeable.
Description
Consider adding an upper limit to the set functions.
General Notes
The anti bot code can be removed as the team is going to use Solid Group bot protection.
Last updated