Professional Documents
Culture Documents
Disclaimer 2
Document 3
Introduction 4
Project Scope 5
Executive Summary 6
Code Quality 7
Documentation 8
Use of Dependencies 9
AS-IS Overview 10
Conclusion 36
Our Methodology 39
Disclaimers 41
info@rdauditors.com Page No : 1
Disclaimer
This document may contain confidential information about its systems and
intellectual property of the customer as well as information about potential
vulnerabilities and methods of their exploitation.
info@rdauditors.com Page No : 2
Document
File CloudTX.sol
SHA256 8ea84dc41ffa308da5a8fd8a74783e804d3097e4e3a6304f56d2d31751
hash bc7b1a
Date 26/09/2022
info@rdauditors.com Page No : 3
Introduction
RD Auditors (Consultant) were contracted by CloudTX (Customer) to conduct
a Smart Contracts Code Review and Security Analysis. This report represents
the findings of the security assessment of the customer’s smart contracts and
its code review conducted between 24 - 26th September 2022.
info@rdauditors.com Page No : 4
Project Scope
The scope of the project is a smart contract. We have scanned this smart
contract for commonly known and more specific vulnerabilities, below are
those considered (the full list includes but is not limited to):
• Reentrancy
• Timestamp Dependence
• Transaction-Ordering Dependence
• Malicious libraries
info@rdauditors.com Page No : 5
Executive Summary
According to the assessment, the customer’s solidity smart contract is
Well-secured.
Automated checks are with smartDec, Mythril, Slither and remix IDE. All
issues were performed by our team, which included the analysis of code
functionality, the manual audit found during automated analysis were
manually reviewed and applicable vulnerabilities are presented in the audit
overview section. The general overview is presented in the AS-IS section and
all issues found are located in the audit overview section.
Important: Must read section ‘Note For Contract Users’ before using this contract.
Critical 0
High 0
Medium 0
Low 0
Very Low 1
info@rdauditors.com Page No : 6
Code Quality
The libraries within this smart contract are part of a logical algorithm. A library
is a different type of smart contract that contains reusable code. Once
deployed on the blockchain (only once), it is assigned to a specific address
and its properties/methods can be reused many times by other contracts.
CloudTX has not provided scenario and unit test scripts, which would help to
determine the integrity of the code in an automated way.
info@rdauditors.com Page No : 7
Documentation
We were given the CloudX code as a link:
https://bscscan.com/address/0xfFAD7f9F704a5FDC6265e24b436b4b35ed52DEF2#code
The hash of that file is mentioned in the table. As mentioned above, It's well
commented smart contract code, so anyone can quickly understand the
programming flow as well as complex code logic.
info@rdauditors.com Page No : 8
Use of Dependencies
As per our observation, the libraries are used in this smart contract
infrastructure. Those were based on well known industry standard open
source projects and even core code blocks that are written well and
systematically.
info@rdauditors.com Page No : 9
AS-IS Overview
File And Function Level Report
Interface: IERC20
Observation: Passed
Test Report: Passed
Library: SafeMath
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 10
5 sub internal Passed All Passed No Issue Passed
Abstract: Context
Observation: Passed
Test Report: Passed
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 11
9 functionDeleg internal Passed All Passed No Issue Passed
ateCall
10 _verifyCallResu internal Passed All Passed No Issue Passed
lt
Abstract: Ownable
Inherit: Context
Observation: Passed
Test Report: Passed
Interface: IUniswapV2Factory
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 12
Sl Function Type Observation Test Report Conclusion Score
.
1 feeTo external Passed All Passed No Issue Passed
Interface: IUniSwapV2Pair
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 13
10 DOMAIN_SEP external Passed All Passed No Issue Passed
ARATOR
11 PERMIT_TYPE external Passed All Passed No Issue Passed
HASH
12 nonces external Passed All Passed No Issue Passed
Interface: IUniswapV2Router01
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 14
Sl. Function Type Observat Test Report Conclusion Score
ion
1 factory external Passed All Passed No Issue Passed
info@rdauditors.com Page No : 15
Interface: IUniswapV2Router02
Inherit: IUniswapV2Router01
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 16
Contract: CloudTX
Inherit: Context, IERC20, Ownable
Observation: Passed
Test Report: Passed
info@rdauditors.com Page No : 17
17 set_Number_OfTr onlyOw Passed All Passed No Issue Passed
ansactions_Befor ner
e_Liquify_Trigger
18 blacklist_Add_Wa onlyOw Passed All Passed No Issue Passed
llets ner
19 blacklist_Remove onlyOw Passed All Passed No Issue Passed
_wallets ner
20 blacklist_switch onlyOw Passed All Passed No Issue Passed
ner
21 Set_Transfers_wit onlyOw Passed All Passed No Issue Passed
hout_Fees ner
22 Set_Max_Transact onlyOw Passed All Passed No Issue Passed
iont_Percent ner
23 Set_Max_Wallet_ onlyOw Passed All Passed No Issue Passed
Percent ner
24 removeAllFee write Passed All Passed No Issue Passed
info@rdauditors.com Page No : 18
37 _getValues read Passed All Passed No Issue Passed
info@rdauditors.com Page No : 19
Code Flow Diagram
File: CloudTX
info@rdauditors.com Page No : 20
Code Flow Diagram - Slither Results Log
File: CloudTX
info@rdauditors.com Page No : 21
info@rdauditors.com Page No : 22
info@rdauditors.com Page No : 23
info@rdauditors.com Page No : 24
info@rdauditors.com Page No : 25
Solidity Static Analysis
File: CloudTX
info@rdauditors.com Page No : 26
info@rdauditors.com Page No : 27
info@rdauditors.com Page No : 28
info@rdauditors.com Page No : 29
info@rdauditors.com Page No : 30
info@rdauditors.com Page No : 31
Severity Definitions
High High level vulnerabilities are difficult to exploit; however, they also
have a significant impact on smart contract execution, e.g. public
access to crucial functions.
Low Low level vulnerabilities are most related to outdated, unused etc.
These code snippets cannot have a significant impact on execution.
info@rdauditors.com Page No : 32
Audit Findings
Critical:
High:
Medium:
Low
Very Low:
info@rdauditors.com Page No : 33
● Set_Max_Wallet_Percent
● Process_Tokens_Now
● remove_Random_Tokens
● Set_New_Router_and_Make_Pair
● Set_New_Router_Address
● Set_New_Pair_Address
info@rdauditors.com Page No : 34
Discussion
SafeMath versions greater than 0.8.0 are not required. It generates extra bytes
codes (double processing) which is not necessary and it also consumes some
extra gas due to double checking of the same thing.
Suggestion: Remove the safeMath library and use normal math operators, it
info@rdauditors.com Page No : 35
Conclusion
We were given a contract file and have used all possible tests based on the
given object. The contract is written systematically, it is ready to go for
production.
We have used all the latest static tools and manual observations to cover
maximum possible test cases to scan everything.
info@rdauditors.com Page No : 36
Note For Contract Users
There are several owner only functions. Those can be called by the owner's
wallet only. So, if the owner's wallet is compromised, then it carries the risk of
the contract becoming vulnerable.
excludeFromFee: The owner can set wallet address so that it does not have to
pay transaction fees.
IncludeInFee: The owner can set a wallet address so that it has to pay
transaction fees.
_Set_Fees: The owner can set buy and sell fees.
Wallet_Update_Dev: The owner can update the main wallet.
Set_Swap_And_Liquify_Enabled: The owner can set swap and Liquify enabled.
Set_Number_of_Transactions_Before_Liquify_Trigger:
blacklist_Switch: The owner can turn on or off blacklisted wallets restriction.
Set_Transfer_Without_Fees: The owner can set transfer with or without fees.
Set_Max_transaction_Percent: The owner can set max transaction percent.
Set_Max_Wallet_Percent: The owner can set max wallet percent.
remove_Random_Tokens: The owner can remove random tokens from the
contract and send them to a wallet.
Set_New_Router_Address: The owner can set a new router address.
Set_New_Pair_Address: The owner can set new pair addresses.
info@rdauditors.com Page No : 37
The owner has full control over the smart contract. Thus, technical auditing
does not guarantee the project's ethical side.
Please do your due diligence before investing. Our audit report is never an
investment advice.
info@rdauditors.com Page No : 38
Our Methodology
We like to work with a transparent process and make our reviews a
collaborative effort. The goals of our security audits are to improve the quality
of systems we review and aim for sufficient remediation to help protect users.
The following is the methodology we use in our security audit process.
In manually reviewing all of the code, we look for any potential issues with
code logic, error handling, protocol and header parsing, cryptographic errors,
and random number generators. We also watch for areas where more
defensive programming could reduce the risk of future mistakes and speed
up future audits. Although our primary focus is on the in-scope code, we
examine dependency code and behavior when it is relevant to a particular
line of investigation.
Vulnerability Analysis
info@rdauditors.com Page No : 39
Documenting Results
Suggested Solutions
We search for immediate mitigations that live deployments can take, and
finally we suggest the requirements for remediation engineering for future
releases. The mitigation and remediation recommendations should be
scrutinised by the developers and deployment engineers, and successful
mitigation and remediation is an ongoing collaborative process after we
deliver our report, and before the details are made public.
info@rdauditors.com Page No : 40
Disclaimers
RD Auditors Disclaimer
The smart contracts given for audit have been analysed in accordance with
the best industry practices at the date of this report, in relation to:
cybersecurity vulnerabilities and issues in smart contract source code, the
details of which are disclosed in this report, (Source Code); the Source Code
compilation, deployment and functionality (performing the intended
functions).
Because the total number of test cases are unlimited, the audit makes no
statements or warranties on the security of the code. It also cannot be
considered as a sufficient assessment regarding the utility and safety of the
code, bugfree status or any other statements of the contract. While we have
done our best in conducting the analysis and producing this report, it is
important to note that you should not rely on this report only - we
recommend proceeding with several independent audits and a public bug
bounty program to ensure security of smart contracts.
Technical Disclaimer
Smart contracts are deployed and executed on the blockchain. The platform,
its programming language, and other software related to the smart contract
can have their own vulnerabilities that can lead to hacks. Thus, the audit can’t
guarantee explicit security of the audited smart contracts.
info@rdauditors.com Page No : 41