APEx Army x Solid Group: Audit Results
Auditing Process
Solid Group’s auditing process goes in-depth and covers a wide range of token code characteristics. The main things the audit checks for are vulnerabilities and imminent risks to the safety and security of the code, Solid Group does an extensive auditing process intending to help their customers increase their code quality while reducing the high level of risk presented by cryptographic tokens and blockchain technology.
Contract BSC
Highlights of the process
✅BEP-20’s Conformance
✅ No mint function
Privileged Functions
1️⃣ The contract contains the following privileged functions that are restricted by onlyOwner modifier:
excludeFromReward(address account)
includeInReward(address account)
excludeFromFee(address account)
includeInFee(address account)2️⃣ The owner can toggle the liquidity addition mechanism:
setSwapAndLiquifiedEnabled(bool _enabled)3️⃣ ⚠️🔴The owner of the contract can withdraw any BNB/tokens sent to the contract by calling:
safeTransfer(address token, address to, uint value) public onlyOwner
safeTransferETH(address to, uint value) public onlyOwner4️⃣️⃣ The owner can set the following:
setTaxFeePercent(uint256 taxFee) external onlyOwner()
setLiquidityFeePercent(uint256 liquidityFee) external onlyOwner()
setMaxTxPercent(uint256 maxTxPercent) external onlyOwner()
With the following constraints:1% <= liquidityFee <= 10%
1% <= taxFee <= 10%
maxTxPercent!=0
5️⃣ The owner can control the number of tokens that can be sold/bought in a single transaction.
setMaxTxPercentFindings
Issue #1 |🔍 Location swapAndLiquify |Logical Issue | 🟠 Medium Severity | Status: Not Fixed ❌
Description
The swapAndLiquify function converts half of the contract’s tokens to BNB. The other half of the tokens are used for liquidity addition. The price of the token drops after executing the first conversion, having said that the other half of tokens require less than the converted BNB to be paired with it when adding liquidity.
Recommendation:
Our recommendation is to use the leftover BNBs for buyback.
⚠️ The team fixed this issue by implementing a transfer function that sends the BNB that were stuck in the contract to an address the owner desires.
function safeTransferETH(address to, uint value) public onlyOwner⚠️ Note that when swapAndLiquified() function takes place, the tokens that were accumulated as fees are sold to bnb. When this scenario occurs, it may cause a significant decrease in the token price.
Issue #2 | 🔍 Location addLiquidity|Owner Capabilities| 🔴 High Severity | Status: Fixed ✅
Description:
The recipient of the newly created LP tokens is the owner of the contract. The newly created LP tokens are unlocked.
pancakeswapRouter.addLiquidityETH{value: bnbAmount}(
address(this),
tokenAmount,
0,
0,
owner,
block.timestamp)Recommendation
Our recommendation is to change the recipient of the newly created LP tokens to the contract in order to ensure that the LP tokens are locked. Over time the owner address will accumulate a significant portion of the LP tokens.
✅ The team fixed this issue by sending the received bnb to burnAddress
pancakeswapRouter.addLiquidityETH{value: bnbAmount}(
address(this),
tokenAmount,
0,
0,
burnAddress,
block.timestamp)Issue #4 | 🔍 Location APEx | Gas Optimization | 🟢 Informational Severity | Status: Not Fixed ❌
Description
The public function lpBalance should be declared as external.
Recommendation
These functions are only called outside the contract consider using external attribute instead of public.
Vulnerability Summary
Summary
The contract has one low severity issue. The low severity issue is related to the fact that leftover bnb from liquidity addition can be withdrawn by the owner, instead of benefit the investors.
About APEx Army
APEx Army is a ape-centered community with the mission of helping endangered apes around the world. All APEx holders will be earning a 3% tax just for holding, while liquidity is raising (5% tax) and with a 2% of the tax destined for donation to
About Solid Group
Solid Group is a blockchain consulting and auditing service provider, founded by 3 cybersecurity experts with a passion for thinking out of the box, learning, and sharing knowledge. Every project goes through a meticulous process and is viewed by at least two partners, thereby achieving a high level of credibility and professionalism. Our group is partnered with multiple organizations and launchpads that have a combined market cap of over 400 million USD.
📣 Telegram| 🗣Telegram discussion group |🐦 Twitter |🛡 Contact for audit | Audit Checker Bot
Disclaimer
SolidGroup reports are not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. These reports are not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team. Solid Group do not cover testing or auditing the integration with external contract or services (such as Unicrypt, Uniswap, PancakeSwap etc’…)
SolidGroup Audits do not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors. SolidGroup Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort. SolidGroup Reports represent an extensive auditing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. SolidGroup’s position is that each company and individual are responsible for their own due diligence and continuous security. SolidGroup in no way claims any guarantee of security or functionality of the technology we agree to analyze.
