Monster Battle
  • Overview
  • Legal Disclaimer
  • Audit Results
    • About the project
    • BEP-20 Compatibility
    • Owner Capabilities
    • Findings
  • Summary
Powered by GitBook
On this page
  • Issue 01
  • Issue 02
  • Issue 03
  • Issue 04
  • Issue 05
  • Issue 06
  • General Notes
  1. Audit Results

Findings

Issue 01

Type

Severity

Location

Status

Owner Capabilities

High

receive

✔️ Resolved

Description

The owner can blacklist any address. If the owner blacklists the pair address or the contract address the token will be untradeable.

Recommendation

Add a require statement that prevents the owner from blacklisting the pair address and the contract address.

Issue 02

Type

Severity

Location

Status

Volatile Code

Medium

_transfer

❌ Not Resolved

Description

swapTokensForBos is called on every transfer. This function sells tokens for BNB which can result in a price drop.

Recommendation

Consider adding a dynamic upper limit according to a percentage of the token pair balance, in order to control the price impact and prevent the token from being untradeable due to slippage higher than 49%.

General Notes

The team needs to acknowledge this issue and consider the value they put as the maximum limit.

Issue 03

Type

Severity

Location

Status

Volatile Code / Logical Issue

High

_transfer

✔️ Resolved

Description

swapTokensForBoss is called on every transfer. If the pool is not created, this function will fail causing _transfer to fail until liquidity is added.

In addition, swapTokensForBoss will not work on buy transactions which is part of PancakeSwap's protocol requirements.

Recommendation

Add an option to disable the swapTokensForBoss feature, and only call this function on sell transactions.

Issue 04

Type

Severity

Location

Status

Best Practice

Medium

receive

✔️ Resolved

Description

There is a receive function in the contract, which means any address can send BNB to the contract.

Recommendation

In order to prevent the contract from receiving BNB from investors, which will result in a loss of funds, our recommendation is to only accept BNB from “whitelisted” addresses (e.g. router address).

The receive function will revert if the address is not whitelisted.

Issue 05

Type

Severity

Location

Status

Best Practice / Volatile Code

High

_transfer

✔️ Resolved

Description

_transfer calls the external function swapTokensForEth . Since this function can be called during _transfer, it may cause _transfer to fail unnecessarily.

Recommendation

Use try-catch when calling external functions in critical path flows.

Our recommendation is to always make sure error cases are handled gracefully in critical functions such as _transfer.

Issue 06

Type

Severity

Location

Status

Owner Capabilities

High

setTransferFeeRate

Description

There is no upper limit to the setFees functions. If the owner sets them to 100% the token will be untradeable.

Description

Consider adding an upper limit to the set functions.

General Notes

The anti bot code can be removed as the team is going to use Solid Group bot protection.

PreviousOwner CapabilitiesNextSummary

Last updated 3 years ago