APEx Army x Solid Group: Audit Results

Auditing Process

Solid Group’s auditing process goes in-depth and covers a wide range of token code characteristics. The main things the audit checks for are vulnerabilities and imminent risks to the safety and security of the code, Solid Group does an extensive auditing process intending to help their customers increase their code quality while reducing the high level of risk presented by cryptographic tokens and blockchain technology.

Contract BSC

Contract

Highlights of the process

✅BEP-20’s Conformance

✅ No mint function

Privileged Functions

1️⃣ The contract contains the following privileged functions that are restricted by onlyOwner modifier:

excludeFromReward(address account)
includeInReward(address account)
excludeFromFee(address account)
includeInFee(address account)

2️⃣ The owner can toggle the liquidity addition mechanism:

setSwapAndLiquifiedEnabled(bool _enabled)

3️⃣ ⚠️🔴The owner of the contract can withdraw any BNB/tokens sent to the contract by calling:

safeTransfer(address token, address to, uint value) public onlyOwner
safeTransferETH(address to, uint value) public onlyOwner

4️⃣️⃣ The owner can set the following:

setTaxFeePercent(uint256 taxFee) external onlyOwner() 
setLiquidityFeePercent(uint256 liquidityFee) external onlyOwner()
setMaxTxPercent(uint256 maxTxPercent) external onlyOwner()
With the following constraints:
1% <= liquidityFee <= 10%
1% <= taxFee <= 10%
maxTxPercent!=0

5️⃣ The owner can control the number of tokens that can be sold/bought in a single transaction.

setMaxTxPercent

Findings

Issue #1 |🔍 Location swapAndLiquify |Logical Issue | 🟠 Medium Severity | Status: Not Fixed ❌

Description

The swapAndLiquify function converts half of the contract’s tokens to BNB. The other half of the tokens are used for liquidity addition. The price of the token drops after executing the first conversion, having said that the other half of tokens require less than the converted BNB to be paired with it when adding liquidity.

Recommendation:

Our recommendation is to use the leftover BNBs for buyback.

⚠️ The team fixed this issue by implementing a transfer function that sends the BNB that were stuck in the contract to an address the owner desires.

function safeTransferETH(address to, uint value) public onlyOwner

⚠️ Note that when swapAndLiquified() function takes place, the tokens that were accumulated as fees are sold to bnb. When this scenario occurs, it may cause a significant decrease in the token price.

Issue #2 | 🔍 Location addLiquidity|Owner Capabilities| 🔴 High Severity | Status: Fixed ✅

Description:

The recipient of the newly created LP tokens is the owner of the contract. The newly created LP tokens are unlocked.

pancakeswapRouter.addLiquidityETH{value: bnbAmount}(
address(this),
tokenAmount,
0,
0,
owner,
block.timestamp)

Recommendation

Our recommendation is to change the recipient of the newly created LP tokens to the contract in order to ensure that the LP tokens are locked. Over time the owner address will accumulate a significant portion of the LP tokens.

✅ The team fixed this issue by sending the received bnb to burnAddress

pancakeswapRouter.addLiquidityETH{value: bnbAmount}(
address(this),
tokenAmount,
0,
0,
burnAddress,
block.timestamp)

Issue #4 | 🔍 Location APEx | Gas Optimization | 🟢 Informational Severity | Status: Not Fixed ❌

Description

The public function lpBalance should be declared as external.

Recommendation

These functions are only called outside the contract consider using external attribute instead of public.

Vulnerability Summary

Summary

The contract has one low severity issue. The low severity issue is related to the fact that leftover bnb from liquidity addition can be withdrawn by the owner, instead of benefit the investors.

About APEx Army

APEx Army is a ape-centered community with the mission of helping endangered apes around the world. All APEx holders will be earning a 3% tax just for holding, while liquidity is raising (5% tax) and with a 2% of the tax destined for donation to

🌏 Website|📣 Telegram |🅜Medium

About Solid Group

Solid Group is a blockchain consulting and auditing service provider, founded by 3 cybersecurity experts with a passion for thinking out of the box, learning, and sharing knowledge. Every project goes through a meticulous process and is viewed by at least two partners, thereby achieving a high level of credibility and professionalism. Our group is partnered with multiple organizations and launchpads that have a combined market cap of over 400 million USD.

📣 Telegram| 🗣Telegram discussion group |🐦 Twitter |🛡 Contact for audit | Audit Checker Bot

Disclaimer

SolidGroup reports are not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. These reports are not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team. Solid Group do not cover testing or auditing the integration with external contract or services (such as Unicrypt, Uniswap, PancakeSwap etc’…)

SolidGroup Audits do not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors. SolidGroup Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort. SolidGroup Reports represent an extensive auditing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. SolidGroup’s position is that each company and individual are responsible for their own due diligence and continuous security. SolidGroup in no way claims any guarantee of security or functionality of the technology we agree to analyze.

--

--

--

We are a group 3 software developers with combined experience of over 15years in various fields such as Software design, Operating systems, and solidity.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Uses of blockchain beyond cryptocurrency

Olympus DAO Protocol Daily Active Users

Student-run blockchain conference kicks off at Law School campus

Deploy Ethereum Smart contract on ParaState Testnet

As digital currencies and blockchain become more widely accepted by institutions and the public in…

Terato Marketplace guideline for native user (Part 2)

Band Oracle Services Now Available On Celo

Creating DApp for TRON Platform

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Solidgroup

Solidgroup

We are a group 3 software developers with combined experience of over 15years in various fields such as Software design, Operating systems, and solidity.

More from Medium

Sukhavati Network Monthly Update — November

Polytrade’s Stable Coin Lending Pools: Why they are a gamechanger

Belt is now listed on KillSwitch

Stasis : the AuroraSwap StableSwap is out TODAY