ChubbyShiba X Shield Network X Solid Group: Audit Results

6 min readMay 20, 2021

Auditing Process

Solid Group & Shield Network’s auditing process goes in-depth and covers a wide range of token code characteristics. The main things the audit checks for are vulnerabilities and imminent risks to the safety and security of the code. Solid Group does an extensive auditing process intending to help their customers increase their code quality while reducing the high level of risk presented by cryptographic tokens and blockchain technology.

Contract

https://bscscan.com/address/0xc7a249D3021b1d62669b2B5cE65D8410b9A44A43

Ownership was transferred to a contract with diminished owner capabilities.

Highlights of the process

✅BEP-20’s Conformance

✅ No external mint function

✅ No volatile code

Owner Capabilities:

1️⃣ The owner is the recipient of the newly created LP tokens. These new LP tokens are unlocked and held by the owner.

2️⃣ The owner can set:

3️⃣ The owner can exclude/include an address from receiving rewards and fees.

Audit Findings

Issue 1| Owner Capabilities, Logical Issue|🟡 Low Severity | ✅ Fixed

Description:

The contract is using a modified version of OpenZeppelin’s Ownable contract, which has a significant flaw. As we mentioned, these modifications have a significant flaw — a malicious owner can get his owner capabilities even after calling renounceOwnership!

Here’s a list of the required steps:

1️⃣ The owner of the contract can call lock() to lock the contract (the lock function saves the previous owner into a variable)

2️⃣ After the locking period has passed the owner of the contract can call unlock() and regain the ownership.

3️⃣ The owner of the contract can then call the renounceOwnership function. Now, the contract allegedly has no owner (users can verify it by looking for the renounceOwnership transaction and making sure that the owner is set to the zero address).

4️⃣ The owner of the contract can call the unlock function again, and get the ownership back.

Issue 2| Gas Optimization | 🟢 Informational Severity | Not Fixed ❌

Description:

The variables _decimals, _name, _symbol, _tTotal, numTokensSellToAddToLiquidity could be declared as constant since their state is never changed.

Issue 3| Owner Capabilities| 🔴 High Severity| ✅ Fixed

Description

The owner of the contract can make the token untradable by calling setMaxTxPercent(0).

The require statement which applies to every address except the owner will always be False

require(amount <= 0, "Transfer amount exceeds the maxTxAmount)

Issue 4| Gas Optimization | 🟢 Informational Severity | Not Fixed ❌

Description

The public functions isExcludedFromReward, totalFees, deliver, reflectionFromToken, includeInFee, excludeFromFee, excludeFromReward, setSwapAndLiquifyEnabled, isExcludedFromFee should be declared as external.

✅ Our Recommendation

Given the fact that the contract is already deployed and cannot be updated, Our recommendation is to call renounce ownership or to transfer the ownership to a contract that would have diminished owner capabilities, For example, a contract that can only include/exclude an address from fees.

The team implemented our recommendation and transferred the ownership to a contract with diminished owner capabilities.

Summary

ChubbyShiba team transferred ownership to a contract that has diminished owner capabilities, as advised. The issues that were found are informational, i.e do not affect the code itself.

About ChubbyShiba

ChubbyShiba is the lovedawg of a group of devs who met over telegram and shared a passion for dogs, animal welfare, and money. You could even say we’re classy mother puppers. We’re here to bring you a fun community and a lot of fluffin’ money. ChubbyShiba has transparent and familiar tokenomics. For each transaction, 5% goes to liquidity and 5% is reflected to all holders. Percentage of proceeds will go toward Animal Shelters that help pups in need.

🌏 Website |🗣Telegram |🐦 Twitter

About Solid Group & Shield Network Partnership

Solid Group & Shield Network will work together to advance the mission of both of our projects, which is to create an environment in DeFi that is safe and welcoming for investors new & old. Solid Group the first and primary auditing consulting firm that will be helping to handle smart contract audits while we continue to build our Pre-Audit Launchpad and beyond.

About Solid Group

Solid Group is a blockchain consulting and auditing service provider, founded by 3 cybersecurity experts with a passion for thinking out of the box, learning, and sharing knowledge.
Every project goes through a meticulous process and is viewed by at least two partners, thereby achieving a high level of credibility and professionalism.
Our group is partnered with multiple organizations and launchpads that have a combined market cap of over 300 million USD.

📣 Telegram| 🗣Telegram discussion group |🐦 Twitter |🛡 Contact for audit

About Shield Network 🛡

The Shield Network is a dedicated team consisting of 8 developers from Norway, Netherlands, Serbia, and the United States with several others serving in a moderating capacity. Their vision is to make the cryptocurrency market a safer place for all investors.
With the mainstream adoption of cryptocurrency, the market has been flooded with new investors who often invest with limited or non-existent knowledge of the proliferation of scam, “rug-pull”, or “pump-and-dump” projects. The number of these exploitative projects has grown exponentially and will continue to do so as the market expands. Failure to vet such projects would lead to a detrimental risk to new investors that would damage the perception of the cryptocurrency market.
Shield Network foresees scam projects as a problem that will never go away, but one that can be mitigated. That is why Shield Network will be creating the first pre-launch token auditing platform that will give investors the ability to invest their money in new projects with confidence and assurance.

🌍 Website| 🗣Telegram discussion group |🐦 Twitter

Disclaimer

SolidGroup x Shield reports are not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. These reports are not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team. Solid group do not cover testing or auditing the integration with external contract or services (such as Unicrypt, Uniswap, PancakeSwap etc’…) SolidGroup x Shield Audits do not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide an indication of the technologies proprietors. SolidGroup x Shield Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort. SolidGroup x Shield Reports represent an extensive auditing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. SolidGroup’s x Shield position is that each company and individual are responsible for their own due diligence and continuous security. SolidGroup x Shield in no way claims any guarantee of security or functionality of the technology we agree to analyze.