Open in app

Sign in

Write

Sign in

VANCII Audit Report

Solidgroup
3 min readMar 25, 2021

Overview

Contract Address: 0x8F9b482b74Afc0B7E8AEfc704f1f04DF208EE332

Network: BSC (Binance Smart Chain)

Website: https://vanci.finance/

Telegram Group: https://t.me/vancifinance

Files Involved

Files Involved

Total number of Issues

Contract Summary

Variables

  • swapAndLiquifyEnabled — is set to True, This means that the function swapAndLiquify (L949) is enabled, and can be called. The owner can disable this feature by setting swapAndLiquifyEnable to False by calling setSwapAndLiquifyEnabled (L1180)
  • _taxFee is set to 1%. This variable can be set by the owner when calling setTaxFeePercent (Line №1178). Warning: The owner can set the taxFeePercent to any number he would like.
  • _liquidityFee variable is set to 5%, and can be modified by owner by calling the function setLiquidityFeePercent (L1169) and has a maximum limit of 10%.
  • rewardsWallet variable is set to 0x0CF04Bd32796CE01A1FB9B5026BD78001De25561 (which is an address and not a contract). This where the accumulated BNB is stored.

Functions

  • swapAndLiquify (L936)
  • This function is called once the amount of fees collected by the contract from selling/buying transactions exceeds a certain value.
  • This function sells 50% of the tokens accumulated by the contract from fees.1/3 of the BNB, and 50% of the tokens accumulated in the contract goes for liquidity addition.
  • 1/3 of the BNB goes to dev’s wallet (the owner address 0x9c661fd7cdE5D3080a1DE6D01a660c74Ed05cB89)
  • 1/3 of the BNB goes to reward wallet (0x0CF04Bd32796CE01A1FB9B5026BD78001De25561)

The contract is based on the famous RFI project with some known liquidity addition mechanisms. The contract seems to do what it is supposed to, but the main issue is that the rewards are manually transferred to an owner-controlled address instead of directly to the distribution contract.

UML

Findings

✅ BEP-20's Conformance

  • All the functions are present
  • All the events are present
  • Functions return the correct type
  • Functions that must be view are view
  • Events’ parameters are correctly indexed
  • The functions emit the events
  • Derived contracts do not break the conformance

Issues

Issue #1:

Issue #1

Description:

State variables that can’t be changed, should be declared constant to save gas.

Recommendation:
 Consider using “constant” attribute for these variables.
Variables: VANCII._decimals, VANCII._name, VANCII._symbol, VANCII._tTotal, VANCII.minTokensBeforeSwap.

Issue #2:

issue #2

Description:

public functions that are never called by the contract should be declared external to save gas.

Recommendation:
 Consider using “external” attribute for these functions:

VANCII.isExcludedFromReward, VANCII.totalFees, VANCII.deliver, VANCII.reflectionFromToken, VANCII.excludeFromReward, VANCII.changeLimit, VANCII.isExcludedFromFee, VANCII.excludeFromFee, VANCII.includeInFee, VANCII.setSwapAndLiquifyEnabled

Issue #3:

Issue #3

Description:
The rewards’ wallet is an address and it looks like funds are manually transferred from this address (0x8F9b482b74Afc0B7E8AEfc704f1f04DF208EE332) to the distribution contract (0x65f9b33059c089bc3674d7b7a046f1a1cfc1bb12).

Recommendation:
 Consider transferring the funds straight to the distribution contract.

Summary

Summary

Contact For audits on telegram: t.me/solid_1

Twitter: https://twitter.com/solid_group_1

Crypto
Binance Smart Chain
Audit

--

--

Solidgroup
Solidgroup

Written by Solidgroup

823 Followers
3 Following

We are a group 3 software developers with combined experience of over 15years in various fields such as Software design, Operating systems, and solidity.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams