PHOENIX

Phoenix true burn is a fast-burning hyper-deflationary token that gains value with every buy and sell. The burn in the Phoenix contract is a true burn function that removes tokens from the total supply with every buy and sell transaction. Phoenix’s number one goal is to become the fastest burning token on the BSC network alongside this the team plans to release a staking platform to allow Phoenix holders to earn passive income.
 

Resolved Issues

Low 0 / 5

Executive Summary

Audit Information:

Request Date

Wednesday, September 7, 2022

Audit Date

Thursday, September 8, 2022

Audit Version History:

Version

Date

Description

1.0

Thursday, September 8, 2022

Preliminary Report

1.1

Thursday, September 8, 2022

Full Audit Report

Initial Audit Scope: Contract: 0x5c27918DBDF929Cd8DC5b755FF74eA48aAD2F9A4

Smart Contract

0x5c27918DBDF929Cd8DC5b755FF74eA48aAD2F9A4

Contract Name

PHOENIX

Compiler Version

v0.8.4+commit.c7e474f2

For this security assessment, Securi received a request from PHEONIX on
Wednesday, September 7, 2022.  

 

·

Critical

·

High

·

Medium

·

Low

·

Very Low

·

Informational

No

No

No

5

No

No

The Securi team has conducted a comprehensive security assessment of the vulnerabilities. This assessment is tested with an expert assessment. Using the following test requirements

  • Smart Contract Testing with Expert Analysis By testing the most common and uncommon vulnerabilities.
  • Automated program testing It includes a sample vulnerability test and a sample of the potential vulnerabilities being used for the most frequent attacks.
  • Visibility, Mutability, Modifier function testing, such as whether a function can be seen in general, or whether a function can be changed and if so, who can change it.
  • Function association test It will be displayed through the association graph.
  • This safety assessment is cross-checked prior to the delivery of the assessment results.

Vulnerability Findings

ID

Title

Severity

Status

SEC-01

Unchecked tokens transfer

Low

Acknowledge

SEC-02

Unused return values

Low

Acknowledge

SEC-03

Missing Zero Address Validation

Low

Acknowledge

SEC-04

Dangerous usage of `block.timestamp’

Low

Acknowledge

SEC-05

Missing Events Arithmetic

Low

Acknowledge

Vulnerability Findings

SEC-01 Unchecked tokens transfer

Type

Severity

Location

Status

Unchecked tokens transfer
(unchecked-transfer)

Low

Line: 661-666

Acknowledge

Recommendation:

Use `SafeERC20`, or ensure that the transfer/transferFrom return value is checked.

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unchecked-transfer

Alleviation:

Phoenix Team has acknowledge this issues.

Finding:

            ❌ PHOENIX.ReleaseLP() (PHOENIX.sol:661-666) ignores return value by liquidityToken.transfer(msg.sender,amount) (PHOENIX.sol#665)
        
END SEC

SEC-02 Unused return values

Type

Severity

Location

Status

Unused return values
(unused-return)

Low

Line: Check on findings

Acknowledge

Recommendation:

Ensure that all the return values of the function calls are used.

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return

Alleviation:

Phoenix Team has acknowledge this issues.

Fidning:

            ❌ PHOENIX.ExcludeAccountFromFees(address) (PHOENIX.sol:1068-1071) ignores return value by _excluded.add(account) (PHOENIX.sol#1069)

❌ PHOENIX.ExcludeFromStaking(address) (PHOENIX.sol:1015-1026) ignores return value by _excludedFromStaking.add(addr) (PHOENIX.sol#1024)

❌ PHOENIX.IncludeAccountToFees(address) (PHOENIX.sol:1074-1077) ignores return value by _excluded.remove(account) (PHOENIX.sol#1075)

❌ PHOENIX.IncludeMeToStaking() (PHOENIX.sol:1029-1035) ignores return value by _excludedFromStaking.remove(msg.sender) (PHOENIX.sol#1032)

❌ PHOENIX.IncludeToStaking(address) (PHOENIX.sol:1037-1044) ignores return value by _excludedFromStaking.remove(addr) (PHOENIX.sol#1040)

❌ PHOENIX.RemoveLP() (PHOENIX.sol:669-685) ignores return value by _pancakeRouter.removeLiquidityETHSupportingFeeOnTransferTokens(address(this),amount,0,0,address(this),block.timestamp) (PHOENIX.sol#675-682)

❌ PHOENIX.RemoveLP() (PHOENIX.sol:669-685) ignores return value by liquidityToken.approve(address(_pancakeRouter),amount) (PHOENIX.sol#674)

❌ PHOENIX.SetDevWallet(address) (PHOENIX.sol:1058-1064) ignores return value by _excluded.add(Developer) (PHOENIX.sol#1062)

❌ PHOENIX.SetMarketingWallet(address) (PHOENIX.sol:1048-1054) ignores return value by _excluded.add(MarketingWallet) (PHOENIX.sol#1052)

❌ PHOENIX._addLiquidity(uint256,uint256) (PHOENIX.sol:858-869) ignores return value by _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (PHOENIX.sol#860-868)
        
END SEC

SEC-03 Missing Zero Address Validation

Type

Severity

Location

Status

Missing Zero Address Validation
(missing-zero-check)

Low

Line: Check on findings

Acknowledge

Recommendation:

Check that the address is not zero.

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-zero-address-validation

Alleviation:

Phoenix Team has acknowledge this issues.

Finding:

            ❌ PHOENIX.ChangeMiscReward(address).newReward (PHOENIX.sol:638) lacks a zero-check on :

MiscReward = newReward (PHOENIX.sol#639)

❌ PHOENIX.SetDevWallet(address).addr (PHOENIX.sol:1058) lacks a zero-check on :

Developer = addr (PHOENIX.sol#1061)

❌ PHOENIX.SetMarketingWallet(address).addr (PHOENIX.sol:1048) lacks a zero-check on :

MarketingWallet = addr (PHOENIX.sol#1051)
        
END SEC

SEC-04 Dangerous usage of `block.timestamp’

Type

Severity

Location

Status

Dangerous usage of `block.timestamp’
(timestamp)

Low

Line: Check on findings

Acknowledge

Recommendation:

Avoid relying on `block.timestamp`.

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp

Alleviation:

Phoenix Team has acknowledge this issues.

Finding:

            ❌ PHOENIX.RecoverBNB() (PHOENIX.sol:688-693) uses timestamp for comparisons

require(bool,string)(block.timestamp >= _liquidityUnlockTime,Not yet unlocked) (PHOENIX.sol#689)

❌ PHOENIX.ReleaseLP() (PHOENIX.sol:661-666) uses timestamp for comparisons

require(bool,string)(block.timestamp >= _liquidityUnlockTime,Not yet unlocked) (PHOENIX.sol#662)

❌ PHOENIX.RemoveLP() (PHOENIX.sol:669-685) uses timestamp for comparisons

require(bool,string)(block.timestamp >= _liquidityUnlockTime,Not yet unlocked) (PHOENIX.sol#670)

❌ PHOENIX._lockLiquidityTokens(uint256) (PHOENIX.sol:654-658) uses timestamp for comparisons

require(bool)(newUnlockTime > _liquidityUnlockTime) (PHOENIX.sol#656)

❌ PHOENIX.getLiquidityUnlockInSeconds() (PHOENIX.sol:1157-1162) uses timestamp for comparisons

block.timestamp < _liquidityUnlockTime (PHOENIX.sol#1158)
        
END SEC

SEC-05 Missing Events Arithmetic

Type

Severity

Location

Status

Missing Events Arithmetic (events-maths)

Low

Line: Check on findings

Acknowledge

Recommendation:

Emit an event for critical parameter changes.

Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#missing-events-arithmetic

Alleviation:

Phoenix Team has acknowledge this issues.

Finding:

            ❌ PHOENIX.WithdrawDev(uint256) (PHOENIX.sol:989-994) should emit an event for:

DevBalance -= amount (PHOENIX.sol#991)

❌ PHOENIX.WithdrawMarketing(uint256) (PHOENIX.sol:1005-1010) should emit an event for:

MarketingBalance -= amount (PHOENIX.sol#1007)
        
END SEC