LunaPad Token - Smart Contract Audit Report
Summary
LunaPad is a new project that will be built with the intention of launching new projects in TerraLuna ecosystem and Binance Smart Chain. The contract allows the team to create airdrops and specific sales of the $LunaPad token.
For this audit we reviewed the project's Token contract deployed at 0xD1FdF57241df3C36dad469060caC9f1ea2eE7585 on the Binance Smart Chain mainnet.
Notes on the Token Contract:Notes on the Airdrop and Sale:
- The initial total supply of the token is 100 million [100,000,000] $LunaPad.
- No mint or burn functions are present beyond deployment; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
- At the time of writing this report, 64.57% of the total supply is in possession of the Owner.
- 35.00% of the total supply is currently held in a Team.Finance Vesting Contract.
- Within the vesting contract, 25% of the total supply is locked until January 1st, 2023, and will vest to the owner. The other 10% is on a separate vesting schedule that will be fully vested to the owner on January 27th, 2032.
- As the token was recently launched, there is not a liquidity pool allocation for us to analyze.
Audit Findings Summary
- The LunaPad contract allows any address to participate in and claim airdrops for a period of time and for an amount of $LunaPad that is specified by the owner.
- There is no limit set to the number of times that an individual address can claim an airdrop. If the airdrop token amount is ever set to a price where it is higher than the gas costs of the transaction, it is likely that this will be exploited and this will most likely have an adverse effect on the price of the token.
- The owner can also create "token sales" for a period of time where there is a specified 'chunk' of tokens that can be purchased at a price that is determined by the owner. The owner has the ability to set a limit to the number of tokens that can be sold as a result of this process. The proceeds of the sale (in BNB) are stored in the contract which can then be claimed by the owner.
- Some functions could have been declared external instead of public to save some gas, but as this is already deployed this is merely informational.
- The token contract complies with the BEP20 standard.
- The contract utilizes SafeMath to prevent overflow/underflow issues.
- No external security issues were identified.
- Please ensure trust in the team as the owner has significant control in the ecosystem.
- Date: October 26th, 2021.
External Threat Results
Vulnerability Category | Notes | Result |
---|---|---|
Arbitrary Storage Write | N/A | PASS |
Arbitrary Jump | N/A | PASS |
Delegate Call to Untrusted Contract | N/A | PASS |
Dependence on Predictable Variables | N/A | PASS |
Deprecated Opcodes | N/A | PASS |
Ether/Token Thief | N/A | PASS |
Exceptions | N/A | PASS |
External Calls | N/A | PASS |
Flash Loans | N/A | PASS |
Integer Over/Underflow | N/A | PASS |
Multiple Sends | N/A | PASS |
Oracles | N/A | PASS |
Suicide | N/A | PASS |
State Change External Calls | N/A | PASS |
Unchecked Retval | N/A | PASS |
User Supplied Assertion | N/A | PASS |
Critical Solidity Compiler | N/A | PASS |
Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
+ BEP20Interface
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] allowance
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
+ ApproveAndCallFallBack
- [Pub] receiveApproval #
+ Owned
- [Pub] #
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Pub] acceptOwnership #
+ TokenBEP20 (BEP20Interface, Owned)
- [Pub] #
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] allowance
- [Pub] approveAndCall #
- [Ext] ($)
+ LunaPad (TokenBEP20)
- [Pub] getAirdrop #
- [Pub] tokenSale ($)
- [Pub] viewAirdrop
- [Pub] viewSale
- [Pub] startAirdrop #
- modifiers: onlyOwner
- [Pub] startSale #
- modifiers: onlyOwner
- [Pub] clearETH #
- modifiers: onlyOwner
- [Ext] ($)