Overview

BNB SUPERHEROES
Rank #N/A

Skynet Trust Score

89%
  • Project is Relatively Decentralized
  • Large Market Cap (top 25%)
  • Long-running Project
  • Trust Score is #1 amongst all projects
Security Score
89 / 100
Market & Community
78 / 100

BNB SUPERHEROES Info

Audits

Onboarded Date

13/Dec/2022

Contracts

0xdc2...79247

How do you feel about this project's security?
Documents
File Name Type Size Upload Date Action
Zip File 4.57 MB 12 Dec 2021
PDF File 8.89 MB 24 Nov 2021
MP4 File 14.62 MB 19 Nov 2021
XSL File 2.38 KB 14 Nov 2021
Floder File 87.24 MB 08 Nov 2021
PNG File 879 KB 02 Nov 2021
Activities
Oliver Phillips New

We talked about a project on linkedin.

Today
N
Nancy Martino In Progress

Create new project Buildng product

Yesterday
Natasha Carey Completed

Adding a new event with attachments

25 Nov
Bethany Johnson

added a new member to velzon dashboard

19 Nov
Your order is placed Out of Delivery

These customers can rest assured their order has been placed.

16 Nov
Lewis Pratt

They all have something to say beyond the words on the page. They can come across as casual or neutral, exotic or graphic.

22 Oct
Monthly sales report

2 days left notification to submit the monthly sales report. Reports Builder

15 Oct
New ticket received Completed

User Erica245 submitted a ticket.

26 Aug
Nancy Martino

Team Leader & HR

225

Projects

197

Tasks

HB
Henry Baird

Full Stack Developer

352

Projects

376

Tasks

Frank Hook

Project Manager

164

Projects

182

Tasks

Jennifer Carter

UI/UX Designer

225

Projects

197

Tasks

ME
Megan Elmore

Team Leader & Web Developer

201

Projects

263

Tasks

Alexis Clarke

Backend Developer

132

Projects

147

Tasks

NC
Nathan Cole

Front-End Developer

352

Projects

376

Tasks

Joseph Parker

Team Leader & HR

64

Projects

93

Tasks

Erica Kernan

Web Designer

345

Projects

298

Tasks

DP
Donald Palmer

Wed Developer

97

Projects

135

Tasks

Showing 1 to 10 of 12 entries

Code Audit History

1 Audit available
Last Audit was delivered on 13 December 2022

BNB SUPERHEROES -Audit

View Findings
5

All Findings

0

Acknowledge

0

Partially

5

Resolved

2
Critical privilege
1
Major privilege
1
Medium privilege
1
Minor privilege
0
Optimization none
0
Informational none
0
Discussion none

Method

Audited Files/SHA256

Contracts

0xdc2b85bbb6...79247

Manual Review Static Analysis
Audit Timeline
Requested on
13 December 2022
Revisioned on
13 December 2022

Formal Verification Result

9 / 38 Properties True
80%

Token Standard

ERC-20

Functions

6

Verified Contract

BNB SUPERHEROES (BnbSuperHeroes.sol) 1

BNB SUPERHEROES Smart Contract Code

                        
                        

/**

 *Submitted for verification at BscScan.com on 2022-01-15

*/


// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.9.0;


abstract contract Context {

    function _msgSender() internal view returns (address payable) {

        return payable(msg.sender);

    }


    function _msgData() internal view returns (bytes memory) {

        this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691

        return msg.data;

    }

}


interface IERC20 {

  /**

   * @dev Returns the amount of tokens in existence.

   */

  function totalSupply() external view returns (uint256);


  /**

   * @dev Returns the token decimals.

   */

  function decimals() external view returns (uint8);


  /**

   * @dev Returns the token symbol.

   */

  function symbol() external view returns (string memory);


  /**

  * @dev Returns the token name.

  */

  function name() external view returns (string memory);


  /**

   * @dev Returns the bep token owner.

   */

  function getOwner() external view returns (address);


  /**

   * @dev Returns the amount of tokens owned by `account`.

   */

  function balanceOf(address account) external view returns (uint256);


  /**

   * @dev Moves `amount` tokens from the caller's account to `recipient`.

   *

   * Returns a boolean value indicating whether the operation succeeded.

   *

   * Emits a {Transfer} event.

   */

  function transfer(address recipient, uint256 amount) external returns (bool);


  /**

   * @dev Returns the remaining number of tokens that `spender` will be

   * allowed to spend on behalf of `owner` through {transferFrom}. This is

   * zero by default.

   *

   * This value changes when {approve} or {transferFrom} are called.

   */

  function allowance(address _owner, address spender) external view returns (uint256);


  /**

   * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.

   *

   * Returns a boolean value indicating whether the operation succeeded.

   *

   * IMPORTANT: Beware that changing an allowance with this method brings the risk

   * that someone may use both the old and the new allowance by unfortunate

   * transaction ordering. One possible solution to mitigate this race

   * condition is to first reduce the spender's allowance to 0 and set the

   * desired value afterwards:

   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729

   *

   * Emits an {Approval} event.

   */

  function approve(address spender, uint256 amount) external returns (bool);


  /**

   * @dev Moves `amount` tokens from `sender` to `recipient` using the

   * allowance mechanism. `amount` is then deducted from the caller's

   * allowance.

   *

   * Returns a boolean value indicating whether the operation succeeded.

   *

   * Emits a {Transfer} event.

   */

  function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);


  /**

   * @dev Emitted when `value` tokens are moved from one account (`from`) to

   * another (`to`).

   *

   * Note that `value` may be zero.

   */

  event Transfer(address indexed from, address indexed to, uint256 value);


  /**

   * @dev Emitted when the allowance of a `spender` for an `owner` is set by

   * a call to {approve}. `value` is the new allowance.

   */

  event Approval(address indexed owner, address indexed spender, uint256 value);

}


interface IUniswapV2Factory {

    event PairCreated(address indexed token0, address indexed token1, address lpPair, uint);

    function getPair(address tokenA, address tokenB) external view returns (address lpPair);

    function createPair(address tokenA, address tokenB) external returns (address lpPair);

}


interface IUniswapV2Pair {

    function factory() external view returns (address);

    function token0() external view returns (address);

    function token1() external view returns (address);

    function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 blockTimestampLast);

    function price0CumulativeLast() external view returns (uint);

    function price1CumulativeLast() external view returns (uint);

    function kLast() external view returns (uint);

    function skim(address to) external;

    function sync() external;

}


interface IUniswapV2Router01 {

    function factory() external pure returns (address);

    function WETH() external pure returns (address);

    function addLiquidity(

        address tokenA,

        address tokenB,

        uint amountADesired,

        uint amountBDesired,

        uint amountAMin,

        uint amountBMin,

        address to,

        uint deadline

    ) external returns (uint amountA, uint amountB, uint liquidity);

    function addLiquidityETH(

        address token,

        uint amountTokenDesired,

        uint amountTokenMin,

        uint amountETHMin,

        address to,

        uint deadline

    ) external payable returns (uint amountToken, uint amountETH, uint liquidity);

    function swapExactETHForTokens(uint amountOutMin, address[] calldata path, address to, uint deadline)

    external

    payable

    returns (uint[] memory amounts);

    function swapTokensForExactETH(uint amountOut, uint amountInMax, address[] calldata path, address to, uint deadline)

    external

    returns (uint[] memory amounts);

    function swapExactTokensForETH(uint amountIn, uint amountOutMin, address[] calldata path, address to, uint deadline)

    external

    returns (uint[] memory amounts);

    function swapETHForExactTokens(uint amountOut, address[] calldata path, address to, uint deadline)

    external

    payable

    returns (uint[] memory amounts);


    function quote(uint amountA, uint reserveA, uint reserveB) external pure returns (uint amountB);

    function getAmountOut(uint amountIn, uint reserveIn, uint reserveOut) external pure returns (uint amountOut);

    function getAmountIn(uint amountOut, uint reserveIn, uint reserveOut) external pure returns (uint amountIn);

    function getAmountsOut(uint amountIn, address[] calldata path) external view returns (uint[] memory amounts);

    function getAmountsIn(uint amountOut, address[] calldata path) external view returns (uint[] memory amounts);

}


interface IUniswapV2Router02 is IUniswapV2Router01 {

    function swapExactTokensForTokensSupportingFeeOnTransferTokens(

        uint amountIn,

        uint amountOutMin,

        address[] calldata path,

        address to,

        uint deadline

    ) external;

    function swapExactETHForTokensSupportingFeeOnTransferTokens(

        uint amountOutMin,

        address[] calldata path,

        address to,

        uint deadline

    ) external payable;

    function swapExactTokensForETHSupportingFeeOnTransferTokens(

        uint amountIn,

        uint amountOutMin,

        address[] calldata path,

        address to,

        uint deadline

    ) external;

}


interface AntiSnipe {

    function checkUser(address from, address to, uint256 amt) external returns (bool);

    function setLaunch(address _initialLpPair, uint32 _liqAddBlock, uint64 _liqAddStamp, uint8 dec) external;

    function setLpPair(address pair, bool enabled) external;

    function setProtections(bool _as, bool _ag, bool _ab, bool _algo) external;

    function setGasPriceLimit(uint256 gas) external;

    function removeSniper(address account) external;

    function getSniperAmt() external view returns (uint256);

    function removeBlacklisted(address account) external;

    function isBlacklisted(address account) external view returns (bool);

}


contract BNBSuperHeroes is Context, IERC20 {

    // Ownership moved to in-contract for customizability.

    address private _owner;


    mapping (address => uint256) private _tOwned;

    mapping (address => bool) lpPairs;

    uint256 private timeSinceLastPair = 0;

    mapping (address => mapping (address => uint256)) private _allowances;


    mapping (address => bool) private _isExcludedFromFees;

    mapping (address => bool) private presaleAddresses;

    bool private allowedPresaleExclusion = true;

    mapping (address => bool) private _liquidityHolders;


    uint256 constant private startingSupply = 1_000_000_000;


    string constant private _name = "BNB SUPERHEROES";

    string constant private _symbol = "BSH";

    uint8 constant private _decimals = 18;


    uint256 constant private _tTotal = startingSupply * 10**_decimals;


    struct Fees {

        uint16 buyFee;

        uint16 sellFee;

        uint16 transferFee;

    }


    struct StaticValuesStruct {

        uint16 maxBuyTaxes;

        uint16 maxSellTaxes;

        uint16 maxTransferTaxes;

        uint16 masterTaxDivisor;

    }


    struct Ratios {

        uint16 liquidity;

        uint16 marketing;

        uint16 gameDev;

        uint16 buyback;

        uint16 total;

    }


    Fees public _taxRates = Fees({

        buyFee: 1200,

        sellFee: 1200,

        transferFee: 1200

        });


    Ratios public _ratios = Ratios({

        liquidity: 4,

        marketing: 3,

        gameDev: 4,

        buyback: 1,

        total: 12

        });


    StaticValuesStruct public staticVals = StaticValuesStruct({

        maxBuyTaxes: 2000,

        maxSellTaxes: 2000,

        maxTransferTaxes: 2000,

        masterTaxDivisor: 10000

        });


    IUniswapV2Router02 public dexRouter;

    address public lpPair;

    address constant public DEAD = 0x000000000000000000000000000000000000dEaD;


    struct TaxWallets {

        address payable marketing;

        address payable gameDev;

        address payable buyback;

        address liquidityReceiver;

    }


    TaxWallets public _taxWallets = TaxWallets({

        marketing: payable(0x277897fDAFA5FABFe9599b89b9F2B76aE6e43EAf),

        gameDev: payable(0x7C57765420540D0Ba92fEA77982F68f93FB4db55),

        buyback: payable(0x269ECF95fd06C59888282Acd2d634Fb3486782d7),

        liquidityReceiver: 0x941C59b7c947F354BCe2F335453517CDb51CCfE3

        });

    

    bool inSwap;

    bool public contractSwapEnabled = false;

    

    uint256 private swapThreshold = (_tTotal * 5) / 10000;

    uint256 private swapAmount = (_tTotal * 25) / 10000;


    bool public tradingEnabled = false;

    bool public _hasLiqBeenAdded = false;

    AntiSnipe antiSnipe;


    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    event ContractSwapEnabledUpdated(bool enabled);

    event AutoLiquify(uint256 amountCurrency, uint256 amountTokens);

    

    modifier lockTheSwap {

        inSwap = true;

        _;

        inSwap = false;

    }


    modifier onlyOwner() {

        require(_owner == _msgSender(), "Caller =/= owner.");

        _;

    }

    

    constructor () payable {

        _tOwned[_msgSender()] = _tTotal;


        // Set the owner.

        _owner = msg.sender;


        if (block.chainid == 56) {

            dexRouter = IUniswapV2Router02(0x10ED43C718714eb63d5aA57B78B54704E256024E);

        } else if (block.chainid == 97) {

            dexRouter = IUniswapV2Router02(0x9Ac64Cc6e4415144C455BD8E4837Fea55603e5c3);

        } else if (block.chainid == 1 || block.chainid == 4) {

            dexRouter = IUniswapV2Router02(0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D);

        } else {

            revert();

        }


        lpPair = IUniswapV2Factory(dexRouter.factory()).createPair(dexRouter.WETH(), address(this));

        lpPairs[lpPair] = true;


        _approve(msg.sender, address(dexRouter), type(uint256).max);

        _approve(address(this), address(dexRouter), type(uint256).max);


        _isExcludedFromFees[owner()] = true;

        _isExcludedFromFees[address(this)] = true;

        _isExcludedFromFees[DEAD] = true;

        _liquidityHolders[owner()] = true;


        emit Transfer(address(0), _msgSender(), _tTotal);

    }


    receive() external payable {}


//===============================================================================================================

//===============================================================================================================

//===============================================================================================================

    // Ownable removed as a lib and added here to allow for custom transfers and renouncements.

    // This allows for removal of ownership privileges from the owner once renounced or transferred.

    function owner() public view returns (address) {

        return _owner;

    }


    function transferOwner(address newOwner) external onlyOwner() {

        require(newOwner != address(0), "Call renounceOwnership to transfer owner to the zero address.");

        require(newOwner != DEAD, "Call renounceOwnership to transfer owner to the zero address.");

        setExcludedFromFees(_owner, false);

        setExcludedFromFees(newOwner, true);

        

        if(balanceOf(_owner) > 0) {

            _transfer(_owner, newOwner, balanceOf(_owner));

        }

        

        _owner = newOwner;

        emit OwnershipTransferred(_owner, newOwner);

        

    }


    function renounceOwnership() public virtual onlyOwner() {

        setExcludedFromFees(_owner, false);

        _owner = address(0);

        emit OwnershipTransferred(_owner, address(0));

    }

//===============================================================================================================

//===============================================================================================================

//===============================================================================================================


    function totalSupply() external pure override returns (uint256) { return _tTotal; }

    function decimals() external pure override returns (uint8) { return _decimals; }

    function symbol() external pure override returns (string memory) { return _symbol; }

    function name() external pure override returns (string memory) { return _name; }

    function getOwner() external view override returns (address) { return owner(); }

    function allowance(address holder, address spender) external view override returns (uint256) { return _allowances[holder][spender]; }


    function balanceOf(address account) public view override returns (uint256) {

        return _tOwned[account];

    }


    function transfer(address recipient, uint256 amount) public override returns (bool) {

        _transfer(_msgSender(), recipient, amount);

        return true;

    }


    function approve(address spender, uint256 amount) public override returns (bool) {

        _approve(_msgSender(), spender, amount);

        return true;

    }


    function _approve(address sender, address spender, uint256 amount) private {

        require(sender != address(0), "ERC20: Zero Address");

        require(spender != address(0), "ERC20: Zero Address");


        _allowances[sender][spender] = amount;

        emit Approval(sender, spender, amount);

    }


    function approveContractContingency() public onlyOwner returns (bool) {

        _approve(address(this), address(dexRouter), type(uint256).max);

        return true;

    }


    function transferFrom(address sender, address recipient, uint256 amount) external override returns (bool) {

        if (_allowances[sender][msg.sender] != type(uint256).max) {

            _allowances[sender][msg.sender] -= amount;

        }


        return _transfer(sender, recipient, amount);

    }


    function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {

        _approve(_msgSender(), spender, _allowances[_msgSender()][spender] + addedValue);

        return true;

    }


    function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {

        _approve(_msgSender(), spender, _allowances[_msgSender()][spender] - subtractedValue);

        return true;

    }


    function setNewRouter(address newRouter) public onlyOwner() {

        IUniswapV2Router02 _newRouter = IUniswapV2Router02(newRouter);

        address get_pair = IUniswapV2Factory(_newRouter.factory()).getPair(address(this), _newRouter.WETH());

        if (get_pair == address(0)) {

            lpPair = IUniswapV2Factory(_newRouter.factory()).createPair(address(this), _newRouter.WETH());

        }

        else {

            lpPair = get_pair;

        }

        dexRouter = _newRouter;

        _approve(address(this), address(dexRouter), type(uint256).max);

    }


    function setLpPair(address pair, bool enabled) external onlyOwner {

        if (enabled == false) {

            lpPairs[pair] = false;

            antiSnipe.setLpPair(pair, false);

        } else {

            if (timeSinceLastPair != 0) {

                require(block.timestamp - timeSinceLastPair > 3 days, "3 Day cooldown.!");

            }

            lpPairs[pair] = true;

            timeSinceLastPair = block.timestamp;

            antiSnipe.setLpPair(pair, true);

        }

    }


    function isExcludedFromFees(address account) public view returns(bool) {

        return _isExcludedFromFees[account];

    }


    function setExcludedFromFees(address account, bool enabled) public onlyOwner {

        _isExcludedFromFees[account] = enabled;

    }


    function setInitializer(address initializer) external onlyOwner {

        require(!_hasLiqBeenAdded, "Liquidity is already in.");

        require(initializer != address(this), "Can't be self.");

        antiSnipe = AntiSnipe(initializer);

    }


    function removeBlacklisted(address account) external onlyOwner {

        antiSnipe.removeBlacklisted(account);

    }


    function isBlacklisted(address account) public view returns (bool) {

        return antiSnipe.isBlacklisted(account);

    }


    function getSniperAmt() public view returns (uint256) {

        return antiSnipe.getSniperAmt();

    }


    function removeSniper(address account) external onlyOwner {

        antiSnipe.removeSniper(account);

    }


    function setProtectionSettings(bool _antiSnipe, bool _antiGas, bool _antiBlock, bool _algo) external onlyOwner {

        antiSnipe.setProtections(_antiSnipe, _antiGas, _antiBlock, _algo);

    }


    function setGasPriceLimit(uint256 gas) external onlyOwner {

        require(gas >= 75, "Too low.");

        antiSnipe.setGasPriceLimit(gas);

    }


    function setTaxes(uint16 buyFee, uint16 sellFee, uint16 transferFee) external onlyOwner {

        require(buyFee <= staticVals.maxBuyTaxes

                && sellFee <=staticVals. maxSellTaxes

                && transferFee <= staticVals.maxTransferTaxes,

                "Cannot exceed maximums.");

        _taxRates.buyFee = buyFee;

        _taxRates.sellFee = sellFee;

        _taxRates.transferFee = transferFee;

    }


    function setRatios(uint16 liquidity, uint16 marketing, uint16 gamedev, uint16 buyback) external onlyOwner {

        _ratios.liquidity = liquidity;

        _ratios.marketing = marketing;

        _ratios.gameDev = gamedev;

        _ratios.buyback = buyback;

        _ratios.total = liquidity + marketing + gamedev + buyback;

    }


    function setSwapSettings(uint256 thresholdPercent, uint256 thresholdDivisor, uint256 amountPercent, uint256 amountDivisor) external onlyOwner {

        swapThreshold = (_tTotal * thresholdPercent) / thresholdDivisor;

        swapAmount = (_tTotal * amountPercent) / amountDivisor;

    }


    function setWallets(address payable marketing, address payable gamedev, address payable buyback) external onlyOwner {

        _taxWallets.marketing = payable(marketing);

        _taxWallets.gameDev = payable(gamedev);

        _taxWallets.buyback = payable(buyback);

    }


    function setLiquidityReceiver(address account) external onlyOwner {

        require(_taxWallets.liquidityReceiver != address(0), "Cannot change back after setting to burn.");

        _taxWallets.liquidityReceiver = account;

    }


    function setContractSwapEnabled(bool _enabled) public onlyOwner {

        contractSwapEnabled = _enabled;

        emit ContractSwapEnabledUpdated(_enabled);

    }


    function excludePresaleAddresses(address router, address presale) external onlyOwner {

        require(allowedPresaleExclusion, "Function already used.");

        if (router == presale) {

            _liquidityHolders[presale] = true;

            presaleAddresses[presale] = true;

            setExcludedFromFees(presale, true);

        } else {

            _liquidityHolders[router] = true;

            _liquidityHolders[presale] = true;

            presaleAddresses[router] = true;

            presaleAddresses[presale] = true;

            setExcludedFromFees(router, true);

            setExcludedFromFees(presale, true);

        }

    }


    function _hasLimits(address from, address to) private view returns (bool) {

        return from != owner()

            && to != owner()

            && !_liquidityHolders[to]

            && !_liquidityHolders[from]

            && to != DEAD

            && to != address(0)

            && from != address(this);

    }


    function _transfer(address from, address to, uint256 amount) internal returns (bool) {

        require(from != address(0), "ERC20: transfer from the zero address");

        require(to != address(0), "ERC20: transfer to the zero address");

        require(amount > 0, "Transfer amount must be greater than zero");

        if(_hasLimits(from, to)) {

            if(!tradingEnabled) {

                revert("Trading not yet enabled!");

            }

        }


        bool takeFee = true;

        if(_isExcludedFromFees[from] || _isExcludedFromFees[to]){

            takeFee = false;

        }


        if (lpPairs[to]) {

            if (!inSwap

                && contractSwapEnabled

                && !presaleAddresses[to]

                && !presaleAddresses[from]

            ) {

                uint256 contractTokenBalance = balanceOf(address(this));

                if (contractTokenBalance >= swapThreshold) {

                    if(contractTokenBalance >= swapAmount) { contractTokenBalance = swapAmount; }

                    contractSwap(contractTokenBalance);

                }

            }      

        } 

        return _finalizeTransfer(from, to, amount, takeFee);

    }


    function contractSwap(uint256 contractTokenBalance) private lockTheSwap {

        Ratios memory ratios = _ratios;

        if (ratios.total == 0) {

            return;

        }


        if(_allowances[address(this)][address(dexRouter)] != type(uint256).max) {

            _allowances[address(this)][address(dexRouter)] = type(uint256).max;

        }


        uint256 toLiquify = ((contractTokenBalance * ratios.liquidity) / ratios.total) / 2;

        uint256 swapAmt = contractTokenBalance - toLiquify;

        

        address[] memory path = new address[](2);

        path[0] = address(this);

        path[1] = dexRouter.WETH();


        dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(

            swapAmt,

            0,

            path,

            address(this),

            block.timestamp

        );


        uint256 amtBalance = address(this).balance;

        uint256 liquidityBalance = (amtBalance * toLiquify) / swapAmt;


        if (toLiquify > 0) {

            dexRouter.addLiquidityETH{value: liquidityBalance}(

                address(this),

                toLiquify,

                0,

                0,

                _taxWallets.liquidityReceiver,

                block.timestamp

            );

            emit AutoLiquify(liquidityBalance, toLiquify);

        }


        amtBalance -= liquidityBalance;

        ratios.total -= ratios.liquidity;

        uint256 gameDevBalance = (amtBalance * ratios.gameDev) / ratios.total;

        uint256 buybackBalance = (amtBalance * ratios.buyback) / ratios.total;

        uint256 marketingBalance = amtBalance - (gameDevBalance + buybackBalance);

        if (gameDevBalance > 0) {

            _taxWallets.gameDev.transfer(gameDevBalance);

        }

        if (buybackBalance > 0) {

            _taxWallets.buyback.transfer(buybackBalance);

        }

        if (marketingBalance > 0) {

            _taxWallets.marketing.transfer(marketingBalance);

        }

    }


    function _checkLiquidityAdd(address from, address to) private {

        require(!_hasLiqBeenAdded, "Liquidity already added and marked.");

        if (!_hasLimits(from, to) && to == lpPair) {

            _liquidityHolders[from] = true;

            _hasLiqBeenAdded = true;

            if(address(antiSnipe) == address(0)){

                antiSnipe = AntiSnipe(address(this));

            }

            contractSwapEnabled = true;

            emit ContractSwapEnabledUpdated(true);

        }

    }


    function enableTrading() public onlyOwner {

        require(!tradingEnabled, "Trading already enabled!");

        require(_hasLiqBeenAdded, "Liquidity must be added.");

        if(address(antiSnipe) == address(0)){

            antiSnipe = AntiSnipe(address(this));

        }

        try antiSnipe.setLaunch(lpPair, uint32(block.number), uint64(block.timestamp), _decimals) {} catch {}

        tradingEnabled = true;

        allowedPresaleExclusion = false;

    }


    function sweepContingency() external onlyOwner {

        require(!_hasLiqBeenAdded, "Cannot call after liquidity.");

        payable(owner()).transfer(address(this).balance);

    }



    function _finalizeTransfer(address from, address to, uint256 amount, bool takeFee) private returns (bool) {

        if (!_hasLiqBeenAdded) {

            _checkLiquidityAdd(from, to);

            if (!_hasLiqBeenAdded && _hasLimits(from, to)) {

                revert("Only owner can transfer at this time.");

            }

        }


        if (_hasLimits(from, to)) {

            bool checked;

            try antiSnipe.checkUser(from, to, amount) returns (bool check) {

                checked = check;

            } catch {

                revert();

            }


            if(!checked) {

                revert();

            }

        }


        _tOwned[from] -= amount;

        uint256 amountReceived = (takeFee) ? takeTaxes(from, to, amount) : amount;

        _tOwned[to] += amountReceived;


        emit Transfer(from, to, amountReceived);

        return true;

    }


    function takeTaxes(address from, address to, uint256 amount) internal returns (uint256) {

        uint256 currentFee;

        if (from == lpPair) {

            currentFee = _taxRates.buyFee;

        } else if (to == lpPair) {

            currentFee = _taxRates.sellFee;

        } else {

            currentFee = _taxRates.transferFee;

        }


        uint256 feeAmount = amount * currentFee / staticVals.masterTaxDivisor;


        _tOwned[address(this)] += feeAmount;

        emit Transfer(from, address(this), feeAmount);


        return amount - feeAmount;

    }

}

Code Audit Findings

Audits Overview

Context
Project Name
BNB SUPERHEROES
Platform
Language
Codebase
Commit
About Xamer Audits
Delivery Date
Audit Methodology
Core Components
Vulnerability Summary
VULNERABILITY LEVEL PENDING DECLINED ACKNOWLEDGED PARTIALLY RESOLVED MITIGATED RESOLVED TOTAL
Critical 0 0 0 0 0 2 2
Major 0 0 0 0 0 1 1
Medium 0 0 0 0 0 1 1
Minor 0 0 0 0 0 1 1
Optimization 0 0 0 0 0 0 0
Informational 0 0 0 0 0 0 0
Discussion 0 0 0 0 0 0 0
Review Notes

Overview

The BNBSuperHeroes smart contract is designed for a token named "BNB SUPERHEROES" (BSH). It incorporates functionalities for ownership management, Uniswap integration, anti-sniping measures, and configurable tokenomics. The contract includes features like automatic liquidity provision, customizable fees, and protection against sniping and gas war attacks.

Notable components include interfaces for Uniswap interactions, an external contract (AntiSnipe) for anti-sniping measures, and parameters for the owner to configure various settings. The contract ensures flexibility and security while allowing the owner to control crucial aspects such as fees, ratios, and protection mechanisms. As with any smart contract, careful review and testing are essential before deployment to ensure its intended functionality and security.

Privileged Roles

In the provided contract, the concept of privileged roles is implemented through the onlyOwner modifier and certain functions that can only be called by the owner of the contract.

  • Owner: The owner is set during the contract initialization. The onlyOwner modifier restricts certain functions to be called only by the owner. Functions like transferOwner, renounceOwnership, enableTrading, and others can only be executed by the owner.

  • Initializer: The setInitializer function is restricted to be called only by the owner. It is used to set the antiSnipe variable, which seems to be an instance of the AntiSnipe contract.

  • Excluding Addresses: Functions like excludePresaleAddresses, setExcludedFromFees, and others are restricted to the owner. These functions are used to manage addresses that are excluded from fees, such as during presale.

  • Configuring Parameters: Functions that configure parameters like taxes, ratios, swap settings, gas limits, and others are restricted to the owner.

  • Wallet Addresses: Functions that set wallet addresses, like setWallets and setLiquidityReceiver, are restricted to the owner.

  • Sweep Contingency: The sweepContingency function, which transfers BNB from the contract to the owner, is restricted to the owner.

These privileged roles ensure that critical functions and configurations are accessible only to the owner, providing a level of control and security over the contract's behavior and settings.

Audits Scope

ID FILE SHA256 CHECKSUM
BNS BnbSuperHeroes.sol 1b1b07bf7ec72ba8350132b55e0663d8b2b52d631b4691fe794156c1c7a02da2

BNS-01 | Reentrancy Vulnerability

CATEGORY SEVERITY LOCATIONS STATUS
privilege Critical

   function contractSwap(uint256 contractTokenBalance) private lockTheSwap {
        Ratios memory ratios = _ratios;
         if (ratios.total == 0) { return; }
  if(_allowances[address(this)][address(dexRouter)] != type(uint256).max) {
   _allowances[address(this)][address(dexRouter)] = type(uint256).max; }
 uint256 toLiquify = ((contractTokenBalance * ratios.liquidity) / ratios.total) / 2;
          uint256 swapAmt = contractTokenBalance - toLiquify;
      address[] memory path = new address[](2);
      path[0] = address(this);
     path[1] = dexRouter.WETH();
 dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(
       swapAmt, 0, path, address(this), block.timestamp );
     uint256 amtBalance = address(this).balance;
 uint256 liquidityBalance = (amtBalance * toLiquify) / swapAmt;
 if (toLiquify > 0) { dexRouter.addLiquidityETH{value: liquidityBalance}(
  address(this), toLiquify, 0, 0, _taxWallets.liquidityReceiver,
      block.timestamp ); emit AutoLiquify(liquidityBalance, toLiquify); }
     amtBalance -= liquidityBalance;
      ratios.total -= ratios.liquidity;
    uint256 gameDevBalance = (amtBalance * ratios.gameDev) / ratios.total;
      uint256 buybackBalance = (amtBalance * ratios.buyback) / ratios.total;
    uint256 marketingBalance = amtBalance - (gameDevBalance + buybackBalance);
      if (gameDevBalance > 0) { _taxWallets.gameDev.transfer(gameDevBalance); }
     if (buybackBalance > 0) { _taxWallets.buyback.transfer(buybackBalance); }
    if (marketingBalance > 0) { _taxWallets.marketing.transfer(marketingBalance); }
      }

RESOLVED
Description

Location in code: Inside the contractSwap function
Line number:  1100-1202
Description:
The contract's contractSwap function may be susceptible to reentrancy attacks. Consider implementing reentrancy protection mechanisms using the ReentrancyGuard modifier.

BNS-02 | Gas Price Limit

CATEGORY SEVERITY LOCATIONS STATUS
privilege Major

 function setGasPriceLimit(uint256 gas) external onlyOwner {

        require(gas >= 75, "Too low.");

        antiSnipe.setGasPriceLimit(gas);

    }

RESOLVED
Description

Location in code: Inside the `function setGasPriceLimit(uint256 gas) external onlyOwner`
Line number: 910-916
Description:
The `setGasPriceLimit` function does not enforce a reasonable gas price limit. A high gas price limit could expose the contract to gas price manipulation attacks.

BNS-03 | Liquidity Initialization Check

CATEGORY SEVERITY LOCATIONS STATUS
privilege Minor   function _checkLiquidityAdd(address from, address to) private {

        require(!_hasLiqBeenAdded, "Liquidity already added and marked.");

        if (!_hasLimits(from, to) && to == lpPair) {

            _liquidityHolders[from] = true;

            _hasLiqBeenAdded = true;

            if(address(antiSnipe) == address(0)){

                antiSnipe = AntiSnipe(address(this));

            }

            contractSwapEnabled = true;

            emit ContractSwapEnabledUpdated(true);

        }

    }
RESOLVED
Description

Location in code: Inside the `function _checkLiquidityAdd(address from, address to) private`
Line number: 1205-1227
Description:
The `_checkLiquidityAdd` function could have additional checks to ensure that liquidity initialization is secure, especially during the transition phase.

BNS-04 | Reentrancy Vulnerability

CATEGORY SEVERITY LOCATIONS STATUS
privilege Critical

  function transferOwner(address newOwner) external onlyOwner() {
 require(newOwner != address(0), "Call renounceOwnership to transfer owner to the zero address.");
 require(newOwner != DEAD, "Call renounceOwnership to transfer owner to the zero address.");
        setExcludedFromFees(_owner, false);
      setExcludedFromFees(newOwner, true);
         if(balanceOf(_owner) > 0) {
   _transfer(_owner, newOwner, balanceOf(_owner));
             }
     _owner = newOwner;
    emit OwnershipTransferred(_owner, newOwner);
        }

RESOLVED
Description

Location in code: Inside the transferOwner function
Line number: 659-685
Description:
The transferOwner function lacks proper protection against reentrancy attacks. An attacker could potentially exploit this vulnerability to manipulate ownership transfer transactions, leading to unexpected behavior and unauthorized control over the contract.

BNS-05 | Lack of Input Validation

CATEGORY SEVERITY LOCATIONS STATUS
privilege Medium

function setNewRouter(address newRouter) public onlyOwner() {
    IUniswapV2Router02 _newRouter = IUniswapV2Router02(newRouter);
 address get_pair = IUniswapV2Factory(_newRouter.factory()).getPair(address(this), _newRouter.WETH());
   if (get_pair == address(0)) {
 lpPair = IUniswapV2Factory(_newRouter.factory()).createPair(address(this), _newRouter.WETH());
               }
            else {
    lpPair = get_pair;
           }
  dexRouter = _newRouter;
  _approve(address(this), address(dexRouter), type(uint256).max);
           }

RESOLVED
Description

Location in code: Inside the setNewRouter function
Line number: 798-820
Description:
The setNewRouter function does not validate the integrity of the provided router address, potentially allowing for misconfiguration and attacks. Input validation should be enforced to ensure the correct setup of the Uniswap router.