Ajira Pay Finance

AJP
BNB Chain
A DECENTRALIZED WEB3 PROTOCOL FOR SECURE & SEAMLESS CRYPTO PAYMENTS FOR BUSINESSES
Report Badge
Project Annoucement
Project: Ajira Pay Finance
Audit
1
KYC
1
Onboard [M/D/Y]
02/26/2023
Contract
AjiraPayFinanceToken

Risk & SWC CheckerAutomated pre-check inspector

Checker Information

Token Name
Ajira Pay Finance
Token Symbol
AJP
Checker Date
02/26/2023
Contract Address
0xC55b...f0d181
Contract Creator
0x9828...8e13da
DEX
PancakeV2
Contract Functional
Honeypot Risk
SWC Checker

Smart Contract AuditSecurity Assessment powered by SECURI LAB

Audit Report
1 Avaliable
Chain
BNB Chain
Compiler Version
v0.8.4+commit.c7e474f2
Date
02/26/2023
0
All Findings
0
Unresolved
0
Resolved
0
Critical
0
High
0
Medium
0
Low
0
Very Low
0
Infromational

Powered by SECURI LAB

7.5
CVSS Score
7.5 From 10 Points
Function relation graph
Capabilities
ūüß™ Experimental Features

-

ūüíį Can Receive Funds

yes

ūüĖ• Uses Assembly

-

ūüí£ Destroyable Contracts

-

ūüď§ Transfers ETH

yes

‚ö° Low-Level Calls

-

ūüĎ• DelegateCall

-

ūüßģ Uses Hash Functions

yes

ūüĒĖ ECRecover

-

ūüĆÄ New/Create/Create2

-

‚ôĽÔłŹ TryCatch

-

ő£ Unchecked

yes

View Findings

Smart Contract Audit Findings

Vulnerability Severity Summary

Vulnerability Severity Level Total
Critical 0
High 1
Medium 1
Low 0
Very Low 0
Informational (Non severity level)                                        4

 

 

 

Vulnerability Findings

ID Title Severity Status
SEC-01 Owner can change user balance by using burn function High Acknowledge
SEC-02 Imprecise arithmetic operations order (divide-before-multiply) Medium Acknowledge
SEC-03 Unused state variables (unused-state) Informational Acknowledge
SEC-04 Comparison to boolean constant (boolean-equal) Informational Acknowledge
SEC-05 If different pragma directives are used (pragma) Informational Acknowledge
SEC-06 Conformity to Solidity naming conventions (naming-convention) Informational Acknowledge

 

 

 

 

SEC-01:  Owner can change user balance by using burn function

Type Severity Location Status
Owner can change user balance by using burn function High Check on finding Acknowledge

 

Finding:

‚ĚĆ (AjiraPayFinanceToken.sol#373-382)

 

Exploit Scenario:

The contract owner has the authority to modify the balance of tokens at other addresses, which may result in a loss of assets.

 

Alleviation:

Ajira Pay team has Acknowledge this issue.

 

 

SEC-02:  Imprecise arithmetic operations order (divide-before-multiply)

Type Severity Location Status
Imprecise arithmetic operations order (divide-before-multiply) Medium Check on finding Acknowledge

 

Finding:

‚ĚĆ AjiraPayFinanceToken._swapAndLiquify(uint256) (AjiraPayFinanceToken.sol:432-459) performs a multiplication on the result of a division:

  • buyBackTreasuryAmount = leftOverBnb / totalTreasury * buyBackTreasuryPercent (AjiraPayFinanceToken.sol#447)

‚ĚĆ AjiraPayFinanceToken._swapAndLiquify(uint256) (AjiraPayFinanceToken.sol:432-459) performs a multiplication on the result of a division:

  • liquidityTreasuryAmount = leftOverBnb / totalTreasury * liquidityTreasuryPercent (AjiraPayFinanceToken.sol#448)

 

Recommendation:

Consider ordering multiplication before division.

 

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#divide-before-multiply

 

 

 

Exploit Scenario:

Solidity’s integer division truncates. Thus, performing division before multiplication can lead to precision loss.

 

contract A {

function f(uint n) public {

coins = (oldSupply / n) * interest;

}

}

 

If n is greater than oldSupply, coins will be zero. For example, with oldSupply = 5; n = 10, interest = 2, coins will be zero.
If (oldSupply * interest / n) was used, coins would have been 1.
In general, it’s usually a good idea to re-arrange arithmetic to perform multiplication before division, unless the limit of a smaller type makes this dangerous.

 

Alleviation:

Ajira Pay team has Acknowledge this issue.

 

 

SEC-03:  Unused state variables (unused-state)

Type Severity Location Status
Unused state variables (unused-state) Informational Check on finding Acknowledge

 

Finding:

‚ĚĆ AjiraPayFinanceToken._allowances (AjiraPayFinanceToken.sol:219) is never used in AjiraPayFinanceToken (AjiraPayFinanceToken.sol#199-538)

‚ĚĆ AjiraPayFinanceToken.devTreasuryPercent (AjiraPayFinanceToken.sol:229) is never used in AjiraPayFinanceToken (AjiraPayFinanceToken.sol#199-538)

 

Recommendation:

Remove unused state variables.

 

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variable

 

 

Exploit Scenario:

 

Alleviation:

Ajira Pay team has Acknowledge this issue.

 

 

SEC-04:  Comparison to boolean constant (boolean-equal)

Type Severity Location Status
Comparison to boolean constant (boolean-equal) Informational Check on finding Acknowledge

 

Finding:

‚ĚĆ AjiraPayFinanceToken._transfer(address,address,uint256) (AjiraPayFinanceToken.sol:387-419) compares to a boolean constant:

  • _isExcludedFromFee[_sender] == true (AjiraPayFinanceToken.sol#415)

‚ĚĆ AjiraPayFinanceToken._transfer(address,address,uint256) (AjiraPayFinanceToken.sol:387-419) compares to a boolean constant:

  • isInTaxHoliday == true (AjiraPayFinanceToken.sol#416)

 

Recommendation:

Remove the equality to the boolean constant.

 

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#boolean-equality

 

 

 

Exploit Scenario:

Detects the comparison to boolean constants.

 

contract A {

function f(bool x) public {

// …

if (x == true) { // bad!

// …

}

// …
}

}

 

 

Boolean constants can be used directly and do not need to be compare to true or false.

 

Alleviation:

Ajira Pay team has Acknowledge this issue.

 

 

 

SEC-05:  If different pragma directives are used (pragma)

Type Severity Location Status
If different pragma directives are used (pragma) Informational Check on finding Acknowledge

 

Finding:

‚ĚĆ Different versions of Solidity are used:

  • Version used: [‘=0.8.4’, ‘^0.8.0’, ‘^0.8.1’]
  • =0.8.4 (AjiraPayFinanceToken.sol:2)
  • ^0.8.0 (@openzeppelin/contracts/access/AccessControl.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/access/IAccessControl.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/access/Ownable.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/security/ReentrancyGuard.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/token/ERC20/ERC20.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/draft-IERC20Permit.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/utils/Context.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/utils/Strings.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/utils/introspection/ERC165.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/utils/introspection/IERC165.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/utils/math/Math.sol#4)
  • ^0.8.0 (@openzeppelin/contracts/utils/math/SignedMath.sol#4)
  • ^0.8.0 (erc-payable-token/contracts/token/ERC1363/ERC1363.sol#3)
  • ^0.8.0 (erc-payable-token/contracts/token/ERC1363/IERC1363.sol#3)
  • ^0.8.0 (erc-payable-token/contracts/token/ERC1363/IERC1363Receiver.sol#3)
  • ^0.8.0 (erc-payable-token/contracts/token/ERC1363/IERC1363Spender.sol#3)
  • ^0.8.1 (@openzeppelin/contracts/utils/Address.sol#4)

 

Recommendation:

Use one Solidity version.

 

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used

 

Exploit Scenario:

 

Alleviation:

Ajira Pay team has Acknowledge this issue.

 

 

SEC-06:  Conformity to Solidity naming conventions (naming-convention)

Type Severity Location Status
Conformity to Solidity naming conventions (naming-convention) Informational Check on finding Acknowledge

 

Finding:

‚ĚĆ Parameter AjiraPayFinanceToken.burn(address,uint256)._account (AjiraPayFinanceToken.sol:373) is not in mixedCase

Finding:

‚ĚĆ Parameter AjiraPayFinanceToken.burn(address,uint256)._amount (AjiraPayFinanceToken.sol:373) is not in mixedCase

‚ĚĆ Parameter AjiraPayFinanceToken.setBuyBackEnabled(bool)._enabled (AjiraPayFinanceToken.sol:364) is not in mixedCase

‚ĚĆ Variable AjiraPayFinanceToken.DEAD (AjiraPayFinanceToken.sol:209) is not in mixedCase

‚ĚĆ Variable AjiraPayFinanceToken._isExcludedFromFee (AjiraPayFinanceToken.sol:217) is not in mixedCase

 

Recommendation:

Follow the Solidity [naming convention](https://solidity.readthedocs.io/en/v0.4.25/style-guide.html#naming-conventions).

 

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions

 

 

Exploit Scenario:

Solidity defines a naming convention that should be followed.

Rule exceptions

  • Allow constant variable name/symbol/decimals to be lowercase (ERC20).
  • Allow¬†_¬†at the beginning of the¬†mixed_case¬†match for private variables and unused parameters.

Follow the Solidity naming convention.

 

Alleviation:

Ajira Pay team has Acknowledge this issue.

Audit TImeline

KYC/KYBIdentification business or person

KYC Report
1
Scanning Date
02/26/2023
Network SIP/PEP/RCA
Acuris Risk Intelligence Network
Identities Document
National ID Card (JAMHURI YA KENYA)
Relationship with project
Owner / Core DEV
Number of people perform KYC
1
0
Crime Findings
0
Law Enforcement Database
0
Financial Crime
0
Cybercrime Or Scam
SECURI LAB Comments

SECURI LAB has successfully performed an individual verification. and that person has passed the verification successfully Also, an investigation with the Acuris Risk Intelligence network database revealed that no criminal activity was found.

SECURI LAB IS NOT FINANCIAL ADVICE PLEASE DO YOUR OWN RESEARCH DYOR!

Powered by SECURI LAB SIPNet+ 

View KYC checker

KYC/KYB Detail & Crime Checker via SECURI SIPNet+

KYC Report Information

About Report Ajira Pay Finance KYC Report
Version v1.0
Client Ajira Pay Finance
Project Name Ajira Pay Finance
Website https://ajirapay.finance/
Platform BNB Chain (Previously Binance Smart Chain)
Contract Address 0xC55b03dC07EC7Bb8B891100E927E982540f0d181
Identities Document National ID Card (JAMHURI YA KENYA)
Organization issues documents REPUBLIC OF KENYA
Relationship with the project Owner / Core DEV
Number of people who perform KYC 1
The number of Sanction databases that have performed the KYC. 96 of Sanction Database & Regulator Law Enforcement Database
Matching Sanction/Law Enforcement or Regulatory Enforcement database 0 [Not found]
Financial Crime and Fraud 0 [Not found]
Cybercrime Or Scam 0 [Not found]
Scanning Date 26 Feb 2023 03:47 PM (UTC+07:00)
SCANING ID: S1204215

 

 

 

*Identities Document

Passport:          A passport is a travel document issued by a country’s government to its citizens that verifies the identity and nationality of the holder for the purpose of international travel..

National ID:      used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other governmentally-related functions.

Driver License:¬† A legal authorization, or the official document confirming such an authorization, for a specific individual to operate one or more types of motorized vehicles‚ÄĒsuch as¬†motorcycles,¬†cars,¬†trucks, or¬†buses‚ÄĒon a public road. Such licenses are often plastic and the¬†size of a credit card.

Residence Permit:          A document or card required in some regions, allowing a foreign national to reside in a country for a fixed or indefinite length of time. These may be permits for temporary residency, or permanent residency. The exact rules vary between regions. In some cases (e.g. the UK[4]) a temporary residence permit is required to extend a stay past some threshold, and can be an intermediate step to applying for permanent residency.

 

*Relationship with the project

Owner:             Project owner including founder and co-founder This also includes shareholders.

C-Level:            Project management with authority on the agenda of the meeting, such as CEO, COO, CMO, CFO..

Developer:       Eligible project developers can make changes to the Smart Contract for that project.

Note: Marketing Developer, Front-end Developer are not authorized in this section.

DAO:                Decentralized Autonomous Organizations There must be a minimum of 75% or three-fourths of the total voting rights for each proposal. KYC procedures must be performed.

Team:               Person assigned or working within that project

 

Disclaimer

Regarding KYC reports, we are not responsible for any information received. or errors arising from the inspection including not being responsible for any law

For identity verification, SECURI will perform a personal check. by attaching to the received documents Verification will not request authenticity to the department of the document issuer, but SECURI will verify identity from photos and videos. And once the analysis is complete, SECURI will perform an audit by searching the list in the Sanction Database & Regulator/Law Enforcement Database to verify that: The person undergoing KYC is not a wanted person such as Notics from Interpol , EUROPOL , FBI Wanted and the person is not involved in any crime or fraud or any crime related to finance. This review will not release any personal information to the public. unless the person is found to be a wanted person or committed a crime related to finances

 

KYC Report is Not Financial/Investment Advice Any loss arising from any investment in any project is the responsibility of the investor.       

 

SECURI disclaims any liability incurred. Whether it’s Rugpull, Abandonment, Soft Rugpull , Exploit

 

SECURI has the right to be able to publish the details of personal data that perform KYC operations, which can be made public or distributed to department under Law Enforcement. You can contact SECURI to request information at [email protected] using title: [Law Enforcement] [Your Department] [Project Name].

 

SECURI is not liable for any applicable law for any privacy policy for KYC services such as GDPR , PDPA.
IF YOU GOT ANY SCAM / RUGPULL Please contact your local legal authority such as local police department

 

 

Executive Summary

For this KYC Report, SECURI LAB received a request from Ajira Pay on Saturday, February 25, 2023.

SECURI will perform a Personal Authentication (KYC) check with the following checks:

  1. identity verification with document check
  2. Identity verification by comparing the photos and videos obtained.
  3. Examining the relationship and relevance to the project
  4. Most wanted database check of databases such as FBI, Interpol, EUROPOL.
  5. Sanction List database check for crime data such as Cybercrime, Scam, Financial Crime, Fraud.

 

KYC Result
SECURI operates KYC. We would like to inform you of the results as follows:

Document & Identity Verification Check Most Wanted

EX. FBI, Interpol, EUROPOL

SIP/REP/PEP Sanction DB Journal/Source and Online Media Scan
Passed

 

Not found Not found Not found Not found

*SIP is Special Interest Persons | REP is Regulatory Enforcement Persons | PEP is Politically Exposed Persons

 

 

 

 

KYC/KYB TImeline