Axelar $AXL Audit Report

AXELAR Audit Report

AuditHaze

AUDITED
Name

Axelar

Audit Date
August 25, 2024
Contract Type
ERC-20
Blockchain
Ethereum
%

Audit Score

MEDIUM SECURITY
Project Name: Axelar
Project Symbol: AXL
License: MIT
Audit Performed By: AuditHaze

Always perform your own due diligence before interacting with any smart contract.

Owner can mint?

No mint function

This refers to the ability of the contract owner to produce additional tokens within the contract's framework.

Owner can blacklist?

No blacklist found

This indicates whether the owner has the authority to block certain addresses from interacting with the contract's ecosystem.

Can be a honeypot?

No honeypot option

This describes a situation where the contract might prevent token holders from selling their assets, potentially trapping their funds.

Owner can set fees?

No high sell fees

This refers to the owner's ability to adjust the maximum sell fee applied to transactions within the contract.

Trading enabled?

Trading enabled

This indicates whether trading is already enabled or if the owner must perform an action to allow trading to begin.

Detailed Analysis

Tokenomics

Token Supply

1,000,000,000

Fixed supply, no minting

Transaction Fee

3%

Buy Fee

2%

Sell Fee

1%


Max Wallet

No Limit

No maximum restriction

Max Transaction

No Limit

No maximum restriction

Liquidity Lock

0 Day

RISKY (DYOR)

Team Vesting

Linear

Read whitepaper

Total Holders

13714

Updated live from contract

Token Distribution

Presale: 25%
Liquidity: 40%
Marketing: 10%
Team: 10%
DAO: 15%

Contract Functions

Standard ERC-20 Functions

transfer(address to, uint256 amount)
Transfers tokens to a specified address.
Safe
approve(address spender, uint256 amount)
Approves another address to spend tokens on your behalf.
Safe
transferFrom(address from, address to, uint256 amount)
Transfers tokens from one address to another using allowance.
Safe
allowance(address owner, address spender)
Returns the amount that a spender is still allowed to spend.
Safe
balanceOf(address account)
Returns the token balance of an account.
Safe
totalSupply()
Returns the total token supply.
Safe

Custom Contract Functions

setFeePercent(uint256 percent)
Sets the transaction fee percentage. Can be abused if unrestricted.
Safe
blacklistAddress(address user)
Prevents a user from interacting with the contract. Centralization risk.
Safe
mint(address to, uint256 amount)
Mints new tokens. Needs strict control or ownership renouncement.
Safe
renounceOwnership()
Removes owner privileges, increasing decentralization.
Safe

Security Checks

Vulnerability Status Details
Re-entrancy RISKY No external calls before state changes
Integer Overflow/Underflow RISKY Uses SafeMath or Solidity ≥0.8
Ownership Renouncement WARNING Owner has not renounced control
Blacklist Capability RISKY No blacklist
Arbitrary Minting RISKY No mint
Trading Lock RISKY No trading lock function
Max Transaction Limit RISKY No limit
Upgradable Contract RISKY No proxy contract
Honeypot Behavior RISKY No logic found to block selling
Access Control RISKY OnlyOwner pattern properly implemented
External Call Risks RISKY External contract calls are protected by checks

Centralization Risks

Overall Centralization Risk:
LOW

Owner Address Privileges

Owner has access to critical functions such as minting and fee setting.

SAFE

Upgradable Proxy

Contract logic can be changed through a proxy pattern controlled by the team.

SAFE

Minting Function

Owner or privileged role can mint additional tokens post-deployment.

SAFE

Trading Enable/Disable

Owner has control over enabling or pausing trading.

SAFE

Fee Configuration Rights

Fee rates can be adjusted by a privileged address.

SAFE

Blacklist Mechanism

Owner can blacklist user wallets arbitrarily.

SAFE

Ownership Renounced

Ownership has been renounced, reducing central control.

WARNING

Whitelist Address Control

Certain addresses have privileges others do not.

SAFE

Restricted Functions

Only specific roles can call important contract functions.

SAFE

Emergency Withdraw

Owner can withdraw contract funds instantly.

SAFE

Contract Overview Checklist

The code was tested with compatible compilers and simulated manually reviewed for all commonly known and specific vulnerabilities.

Vulnerability Checklist

Vulnerability Description Status
Visibility of functions and variables Passed
Compiler error Passed
ROI Investment Plan Passed
Transfer Block Passed
Floating pragma Passed
Timestamp dependence Passed
Deprecated solidity functions Passed
Gas limit and loops Passed
Front running Passed
User balance manipulation Passed
Dos with revert Passed
Dos with block gas limit Passed
Reentrancy security Passed
Malicious libraries Passed
Integer overflow/underflow Passed
Using inline assembly Passed
Missing event emission Passed
Missing zero address validation Passed
Use of tx.origin Passed
Oracle security Passed
Outdated compiler version Passed
Block values as a proxy for time Passed
Presence of unused code Passed
Data consistency Passed
Money giving bug Passed
Unnecessary use of SafeMath Passed
Self-destruct interaction Passed
Signature unique id Passed
Weak sources of randomness Passed
Optimize code and efficient gas fee Passed

Owner Privileges

The list of functions in the contract that only the owner can call:

  • activateProject()
  • setMaxSearchAddress()

SWC Checklist

ID Severity Name File Location
SWC-100 WARNING Function Default Visibility L: 0 C: 0
SWC-101 WARNING Integer Overflow and Underflow L: 0 C: 0
SWC-102 WARNING Outdated Compiler Version L: 0 C: 0
SWC-103 WARNING A floating pragma is set L: 0 C: 0
SWC-104 WARNING Unchecked Call Return Value L: 0 C: 0
SWC-105 WARNING Unprotected Ether Withdrawal L: 0 C: 0
SWC-106 WARNING Unprotected SELFDESTRUCT Instruction L: 0 C: 0
SWC-107 WARNING Read of persistent state following external call L: 0 C: 0
SWC-108 WARNING State variable visibility is not set L: 0 C: 0
SWC-109 WARNING Uninitialized Storage Pointer L: 0 C: 0
SWC-110 WARNING Assert Violation L: 0 C: 0
SWC-111 WARNING Use of Deprecated Solidity Functions L: 0 C: 0
SWC-112 WARNING Delegate Call to Untrusted Callee L: 0 C: 0
SWC-113 WARNING Multiple calls are executed in the same transaction L: 0 C: 0
SWC-114 WARNING Transaction Order Dependence L: 0 C: 0
SWC-115 WARNING Authorization through tx.origin L: 0 C: 0
SWC-116 WARNING A control flow decision is made based on The block.timestamp environment variable L: 0 C: 0
SWC-117 WARNING Signature Malleability L: 0 C: 0
SWC-118 WARNING Incorrect Constructor Name L: 0 C: 0
SWC-119 WARNING Shadowing State Variables L: 0 C: 0
SWC-120 WARNING Potential use of block.number as source of randomness L: 0 C: 0
SWC-121 WARNING Missing Protection against Signature Replay Attacks L: 0 C: 0
SWC-122 WARNING Lack of Proper Signature Verification L: 0 C: 0
SWC-123 WARNING Requirement Violation L: 0 C: 0
SWC-124 WARNING Write to Arbitrary Storage Location L: 0 C: 0
SWC-125 WARNING Incorrect Inheritance Order L: 0 C: 0
SWC-126 WARNING Insufficient Gas Griefing L: 0 C: 0
SWC-127 WARNING Arbitrary Jump with Function Type Variable L: 0 C: 0
SWC-128 WARNING DoS With Block Gas Limit L: 0 C: 0
SWC-129 WARNING Typographical Error L: 0 C: 0
SWC-130 WARNING Right-To-Left-Override control character (U+202E) L: 0 C: 0
SWC-131 WARNING Presence of unused variables L: 0 C: 0
SWC-132 WARNING Unexpected Ether balance L: 0 C: 0
SWC-133 WARNING Hash Collisions with Multiple Variable Length Arguments L: 0 C: 0
SWC-134 WARNING Message call with hardcoded gas amount L: 0 C: 0
SWC-135 WARNING Code With No Effects (Irrelevant/Dead Code) L: 0 C: 0
SWC-136 WARNING Unencrypted Private Data On-Chain L: 0 C: 0

$AXELAR-01

ecklist
ID Severity Name Result Status
$AXELAR-01 Minor Potential Sandwich Attacks WARNING Not-Found
$PORCEM-02 Minor Function Visibility Optimization WARNING Not-Found
$PORCEM-03 Minor Lack of Input Validation WARNING Not-Found
$PORCEM-04 Major Centralized Risk In addLiquidity WARNING Not-Found
$PORCEM-05 Minor Missing Event Emission WARNING Not-Found
$PORCEM-06 Minor Conformance with Solidity Naming Conventions WARNING Not-Found
$PORCEM-07 Minor State Variables could be Declared Constant WARNING Not-Found
$PORCEM-08 Minor Dead Code Elimination WARNING Not-Found
$PORCEM-09 Major Third Party Dependencies WARNING Not-Found
$PORCEM-10 Major Initial Token Distribution WARNING Not-Found
$PORCEM-11 Major Complexity on the tax calculations WARNING Not-Found
$AXELAR-12 Major Centralization Risks In The X Role WARNING Not-Found
$PORCEM-13 Informational Extra Gas Cost For User WARNING Not-Found
$PORCEM-14 Medium Unnecessary Use Of SafeMath WARNING Not-Found
$PORCEM-15 Medium Symbol Length Limitation due to Solidity Naming Standards WARNING Not-Found
$PORCEM-16 Medium Invalid collection of Taxes during Transfer WARNING Not-Found
$PORCEM-17 Informational Conformance to numeric notation best practice WARNING Not-Found
$PORCEM-18 Informational Enable Trade and Exclude Exist to create a whitelist WARNING Not-Found

This report has been prepared for PORCEM Token. AuditHaze provides both client-centered and user-centered examination of the smart contracts and their current status when applicable. This report represents the security assessment made to find issues and vulnerabilities on the source code along with the current liquidity and token holder statistics of the protocol.

A comprehensive examination has been performed, utilizing Cross Referencing, Static Analysis, In-House Security Tools, and line-by-line Manual Review.

The auditing process pays special attention to the following considerations:

  • Testing the smart contracts against both common and uncommon attack vectors.
  • Inspecting liquidity and holders statistics to inform the current status to both users and client when applicable.
  • Assessing the codebase to ensure compliance with current best practices and industry standards.
  • Verifying contract functions that allow trusted and/or untrusted actors to mint, lock, pause, and transfer assets.
  • Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders.
  • Thorough line-by-line manual review of the entire codebase by industry experts.

AXELAR Audit Report

1

Initial Contract Submission

Contract submitted for security audit

2

Automated Analysis

Static analysis and automated vulnerability scanning completed

3

Manual Code Review

Line-by-line code review by security experts

4

Final Report

Audit completed and final report published

Disclaimer

This audit report is based on the scope of materials provided by the client and our assessment of potential vulnerabilities. While we make every effort to identify security issues, this audit does not guarantee the absence of all potential vulnerabilities. Users should conduct their own due diligence before interacting with any smart contract.

This audit is solely focused on the smart contract code at the specified address!

www.audithaze.com is an independent third-party audit company working on audits based on customer requests. As a professional auditing firm, we check for any security vulnerabilities, backdoors, and/or fraudulent scenarios in the contract.

Please note the following:

  • We are not financial advisors and do not partner with contract owners.
  • Operations and website management are entirely the client's responsibility.
  • We have no influence over customer transactions, website changes, disabling withdrawal functions, etc. Such actions can always be carried out through the contract itself.
  • Any concerns related to the project should be directed to the project owners, not through www.audithaze.com.
  • Investors are not compelled, forced, or influenced to invest in projects audited by www.audithaze.com.
  • We are not responsible for your funds and do not provide any profit guarantees.
  • We strongly recommend investors conduct their own research and gain cryptocurrency experience before investing.

To report any fraud, malpractice, or irregularities, please send a message via Telegram.

© AuditHaze Labs. All rights reserved.