SLOTHI x Solid Group: Audit Results
Auditing Process
Solid Group’s auditing process goes in-depth and covers a wide range of token code characteristics. The main things the audit checks for are vulnerabilities and imminent risks to the safety and security of the code, Solid Group does an extensive auditing process intending to help their customers increase their code quality while reducing the high level of risk presented by cryptographic tokens and blockchain technology.
Contract BSC
Highlights of the process
✅BEP-20’s Conformance
✅ No mint function
Privileged Functions
1️⃣ The contract contains the following privileged functions that are restricted by onlyOwner modifier:
excludeFromReward(address account)
includeInReward(address account)
excludeFromFee(address account)
includeInFee(address account)2️⃣ The owner can toggle the liquidity addition mechanism:
setSwapAndLiquifiedEnabled(bool _enabled)3️⃣ The LiquidityReciever (which is an address controlled by the owner of the contract) is the recipient of the newly created LP tokens (from the liquidity addition mechanism), these tokens are unlocked.
pancakeswapRouter.addLiquidityETH{value: bnbAmount}(
address(this),
tokenAmount,
0,
0,
LiquidityReciever,
block.timestamp
);Findings
Issue #1 |🔍 Location swapAndLiquify |Logical Issue | 🟠 Medium Severity | Status: Partially fixed
Description
The swapAndLiquify function converts half of the contract’s tokens to BNB. The other half of the tokens are used for liquidity addition. The price of the token drops after executing the first conversion, having said that the other half of tokens require less than the converted BNB to be paired with it when adding liquidity.
Recommendation:
Our recommendation is to use the leftover BNBs for buyback.
The team partially fix this issue by implementing withDrawLeftoverBNB function. This function let the the liquidity receiver to withdraw leftovers bnbs from the contract.
Issue #2 | 🔍 Location addLiquidity|Owner Capabilities| 🔴 High Severity | Status: Not Fixed ❌
Description:
The recipient of the newly created LP tokens is the LiquidityReciever. The newly created LP tokens are unlocked.
pancakeswapRouter.addLiquidityETH{value: bnbAmount}(
address(this),
tokenAmount,
0,
0,
LiquidityReciever,
block.timestamp
);If the contract accrues a significant amount of tokens a malicious user could execute many small sell txs and cause a large dump in price.
The consequence is a pretty significant price drop because of the large number of tokens that would enter the pool. The team should be aware of this issue. If the contract will be under attack the team could toggle off the liquidity addition feature.
Recommendation
Our recommendation is to change the recipient of the newly created LP tokens to the contract in order to ensure that the LP tokens are locked.
Issue #3 | 🔍 Location SLOTHI.sol|Gas Optimization | 🟢 Informational Severity | Status: Fixed ✅
Description
State variables that are never changed should be constant.
Recommendation
The state variable _decimals, _name, _symbol, _tTotal, and numTokensSellToAddToLiquidityare never changed consider changing their attribute to constant to save on gas.
Issue #4 | 🔍 Location SLOTHI.sol | Gas Optimization | 🟢Informational Severity | Status: Fixed ✅
Description
The public functions isExcludedFromReward , totalFees, deliver, reflectionFromToken, includeInFee, excludeFromFee, excludeFromReward, setSwapAndLiquifyEnabled, isExcludedFromFee should be declared as external.
Recommendation
These functions are only called outside the contract consider using external attribute instead of public.
Vulnerability Summary
Summary
The contract has one high severity issue,. The high severity issue is part of the contract design, and the risks involved should be fully communicated to the community. One medium severity issue which lets the owner of the contract to withdraw leftovers bnbs from the contract, those bnbs were supposed to be stuck in the contract. Our recommendation was to implemented a buyback function that would use the lost bnbs for buyback.
About SLOTHI
This is a fully community-driven Token. In this case, its not just about reading and guessing what the community needs are. We would like to involve the community in the decisions. That's why the road to the future is made step by step by the community and its decisions.
How? There will be voting for minor and major topics on a weekly rythme. Further there will be open doors to tell us everything about your wishes, opinion, possibilities, suggestions, or just feedback. We are very excited about how your decisions are gonna change the world!
About Solid Group
Solid Group is a blockchain consulting and auditing service provider, founded by 3 cybersecurity experts with a passion for thinking out of the box, learning, and sharing knowledge. Every project goes through a meticulous process and is viewed by at least two partners, thereby achieving a high level of credibility and professionalism. Our group is partnered with multiple organizations and launchpads that have a combined market cap of over 400 million USD.
📣 Telegram| 🗣Telegram discussion group |🐦 Twitter |🛡 Contact for audit | Solid Group Audit Checker bot
Disclaimer
SolidGroup reports are not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. These reports are not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team. Solid Group do not cover testing or auditing the integration with external contract or services (such as Unicrypt, Uniswap, PancakeSwap etc’…)
SolidGroup Audits do not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors. SolidGroup Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort. SolidGroup Reports represent an extensive auditing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. SolidGroup’s position is that each company and individual are responsible for their own due diligence and continuous security. SolidGroup in no way claims any guarantee of security or functionality of the technology we agree to analyze.
