Investir
Investir

AUDITORIA VERIFICADA E TESTADA VIA API BSCSCAN AUDIT VERIFIED AND TESTED VIA BSCSCAN API Conducted by: VKINHA IA
Date: April 28, 2025

Project Overview

The IMOSuccess (IMS) smart contract is an ERC-20 token deployed on the Binance Smart Chain (BSC) with the following details:

Token Name: IMOSuccess
Symbol: IMS
Decimals: 18
Total Supply: 10,000,000 IMS
Verified on BscScan: December 23, 2024 • Compiler Version: Solidity ˆ0.8.18

License: MIT

The contract implements a fee mechanism for buying and selling, integrates with PancakeSwap for liquidity provision and token swapping, and includes an auto-liquidity feature that converts collected fees into BNB and sends them to an internal operation address. The audit focuses on the contract’s security, functionality, and potential vulnerabilities, including reentrancy, honeypot risks, and hidden malicious code.

Contract Code

Below is the complete source code of the IMOSuccess (IMS) smart contract as submitted for verification on BscScan:

/** https://t.me/imosuccessglobal SPDX-License-Identifier: MIT */

pragma solidity ˆ0.8.18;

library SafeMath { function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {

unchecked { uint256 c = a + b; if (c < a) return (false, 0); return (true, c);

1

} }

function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) { unchecked {

if (b > a) return (false, 0);

return (true, a - b); }

}

function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) { unchecked {

if (a == 0) return (true, 0); uint256 c = a * b; if (c / a != b) return (false, 0); return (true, c);

} }

function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) { unchecked {

if (b == 0) return (false, 0);

return (true, a / b); }

}

function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) { unchecked {

if (b == 0) return (false, 0);

return (true, a % b); }

}

function add(uint256 a, uint256 b) internal pure returns (uint256) { return a + b;

}

function sub(uint256 a, uint256 b) internal pure returns (uint256) { return a - b;

}

function mul(uint256 a, uint256 b) internal pure returns (uint256) { return a * b;

} function div(uint256 a, uint256 b) internal pure returns (uint256) {

2

} }

return a / b; }

function mod(uint256 a, uint256 b) internal pure returns (uint256) { return a % b;

}

function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (ui unchecked {

require(b <= a, errorMessage);

return a - b; }

}

function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (ui unchecked {

require(b > 0, errorMessage);

return a / b; }

}

function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (ui unchecked {

require(b > 0, errorMessage);

return a % b; }

library Address { function isContract(address account) internal view returns (bool) {

return account.code.length > 0; }

function sendValue(address payable recipient, uint256 amount) internal { require(address(this).balance >= amount, "Address: insufficient balance"); (bool success, ) = recipient.call{value: amount}(""); require(success, "Address: unable to send value, recipient may have reverted");

}

function functionCall(address target, bytes memory data) internal returns (bytes memory) return functionCallWithValue(target, data, 0, "Address: low-level call failed");

}

function functionCall(address target, bytes memory data, string memory errorMessage) int return functionCallWithValue(target, data, 0, errorMessage);

3

}

function functionCallWithValue(address target, bytes memory data, uint256 value) interna return functionCallWithValue(target, data, value, "Address: low-level call with valu

}

function functionCallWithValue(address target, bytes memory data, uint256 value, string require(address(this).balance >= value, "Address: insufficient balance for call"); (bool success, bytes memory returndata) = target.call{value: value}(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage);

}

function functionStaticCall(address target, bytes memory data) internal view returns (by return functionStaticCall(target, data, "Address: low-level static call failed");

}

function functionStaticCall(address target, bytes memory data, string memory errorMessag (bool success, bytes memory returndata) = target.staticcall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage);

}

function functionDelegateCall(address target, bytes memory data) internal returns (bytes return functionDelegateCall(target, data, "Address: low-level delegate call failed")

}

function functionDelegateCall(address target, bytes memory data, string memory errorMess (bool success, bytes memory returndata) = target.delegatecall(data); return verifyCallResultFromTarget(target, success, returndata, errorMessage);

}

function verifyCallResultFromTarget(address target, bool success, bytes memory returndat if (success) {

if (returndata.length == 0) { require(isContract(target), "Address: call to non-contract");

}

return returndata; } else {

_revert(returndata, errorMessage); }

}

function verifyCallResult(bool success, bytes memory returndata, string memory errorMess if (success) {

return returndata; } else {

_revert(returndata, errorMessage);

4

} }

} }

function _revert(bytes memory returndata, string memory errorMessage) private pure { if (returndata.length > 0) {

assembly { let returndata_size := mload(returndata) revert(add(32, returndata), returndata_size)

}
} else {

revert(errorMessage); }

interface IERC20 { event Transfer(address indexed from, address indexed to, uint256 value); event Approval(address indexed owner, address indexed spender, uint256 value); function totalSupply() external view returns (uint256); function balanceOf(address account) external view returns (uint256); function transfer(address to, uint256 amount) external returns (bool); function allowance(address owner, address spender) external view returns (uint256); function approve(address spender, uint256 amount) external returns (bool); function transferFrom(address from, address to, uint256 amount) external returns (bool);

}

interface IERC20Metadata is IERC20 { function name() external view returns (string memory); function symbol() external view returns (string memory); function decimals() external view returns (uint8);

}

abstract contract Context { function _msgSender() internal view virtual returns (address) {

return msg.sender; }

function _msgData() internal view virtual returns (bytes calldata) { return msg.data;

} }

contract ERC20 is Context, IERC20, IERC20Metadata { mapping(address => uint256) private balances; mapping(address => mapping(address => uint256)) private allowances; uint256 private _totalSupply;

5

string private name; string private symbol;

constructor(string memory name_, string memory symbol_) { name = name;

symbol = symbol; }

function name() public view virtual override returns (string memory) { return _name;

}

function symbol() public view virtual override returns (string memory) { return _symbol;

}

function decimals() public view virtual override returns (uint8) { return 18;

}

function totalSupply() public view virtual override returns (uint256) { return _totalSupply;

}

function balanceOf(address account) public view virtual override returns (uint256) { return _balances[account];

}

function transfer(address to, uint256 amount) public virtual override returns (bool) { address owner = msgSender(); transfer(owner, to, amount); return true;

}

function allowance(address owner, address spender) public view virtual override returns return _allowances[owner][spender];

}

function approve(address spender, uint256 amount) public virtual override returns (bool) address owner = msgSender(); approve(owner, spender, amount); return true;

}

function transferFrom(address from, address to, uint256 amount) public virtual override address spender = _msgSender();

6

spendAllowance(from, spender, amount); transfer(from, to, amount); return true;

}

function increaseAllowance(address spender, uint256 addedValue) public virtual returns ( address owner = msgSender(); approve(owner, spender, allowance(owner, spender) + addedValue); return true;

}

function decreaseAllowance(address spender, uint256 subtractedValue) public virtual retu address owner = _msgSender(); uint256 currentAllowance = allowance(owner, spender); require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero" unchecked {

_approve(owner, spender, currentAllowance - subtractedValue); }

return true; }

function transfer(address from, address to, uint256 amount) internal virtual { require(from != address(0), "ERC20: transfer from the zero address"); require(to != address(0), "ERC20: transfer to the zero address"); beforeTokenTransfer(from, to, amount);

uint256 fromBalance = _balances[from]; require(fromBalance >= amount, "ERC20: transfer amount exceeds balance"); unchecked {

_balances[from] = fromBalance - amount;

_balances[to] += amount; }

emit Transfer(from, to, amount);

_afterTokenTransfer(from, to, amount); }

function mint(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: mint to the zero address"); beforeTokenTransfer(address(0), account, amount); _totalSupply += amount;

unchecked { _balances[account] += amount;

} emit Transfer(address(0), account, amount); _afterTokenTransfer(address(0), account, amount);

}

7

function burn(address account, uint256 amount) internal virtual { require(account != address(0), "ERC20: burn from the zero address"); beforeTokenTransfer(account, address(0), amount); uint256 accountBalance = _balances[account];

require(accountBalance >= amount, "ERC20: burn amount exceeds balance"); unchecked {

_balances[account] = accountBalance - amount;

_totalSupply -= amount; }

emit Transfer(account, address(0), amount);

_afterTokenTransfer(account, address(0), amount); }

function approve(address owner, address spender, uint256 amount) internal virtual { require(owner != address(0), "ERC20: approve from the zero address"); require(spender != address(0), "ERC20: approve to the zero address"); allowances[owner][spender] = amount;

emit Approval(owner, spender, amount); }

function _spendAllowance(address owner, address spender, uint256 amount) internal virtua uint256 currentAllowance = allowance(owner, spender); if (currentAllowance != type(uint256).max) {

} }

require(currentAllowance >= amount, "ERC20: insufficient allowance"); unchecked {

_approve(owner, spender, currentAllowance - amount); }

function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual

function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual }

library TransferHelper { function safeTransferFrom(address token, address from, address to, uint256 value) intern

(bool success, bytes memory data) = token.call(abi.encodeWithSelector(IERC20.transfe

require(success && (data.length == 0 || abi.decode(data, (bool))), "STF"); }

function safeTransfer(address token, address to, uint256 value) internal { (bool success, bytes memory data) = token.call(abi.encodeWithSelector(IERC20.transfe require(success && (data.length == 0 || abi.decode(data, (bool))), "ST");

} function safeApprove(address token, address to, uint256 value) internal {

8

(bool success, bytes memory data) = token.call(abi.encodeWithSelector(IERC20.approve

require(success && (data.length == 0 || abi.decode(data, (bool))), "SA"); }

function safeTransferETH(address to, uint256 value) internal { (bool success, ) = to.call{value: value}(new bytes(0)); require(success, "STE");

} }

interface IPancakeFactory { event PairCreated(address indexed token0, address indexed token1, address pair, uint256) function feeTo() external view returns (address); function feeToSetter() external view returns (address); function getPair(address tokenA, address tokenB) external view returns (address pair); function allPairs(uint256) external view returns (address pair); function allPairsLength() external view returns (uint256); function createPair(address tokenA, address tokenB) external returns (address pair); function setFeeTo(address) external; function setFeeToSetter(address) external;

}

interface IPancakeRouter01 { function factory() external pure returns (address); function WETH() external pure returns (address); function addLiquidity(address tokenA, address tokenB, uint256 amountADesired, uint256 am function addLiquidityETH(address token, uint256 amountTokenDesired, uint256 amountTokenM function removeLiquidity(address tokenA, address tokenB, uint256 liquidity, uint256 amou function removeLiquidityETH(address token, uint256 liquidity, uint256 amountTokenMin, ui function removeLiquidityWithPermit(address tokenA, address tokenB, uint256 liquidity, ui function removeLiquidityETHWithPermit(address token, uint256 liquidity, uint256 amountTo function swapExactTokensForTokens(uint256 amountIn, uint256 amountOutMin, address[] call function swapTokensForExactTokens(uint256 amountOut, uint256 amountInMax, address[] call function swapExactETHForTokens(uint256 amountOutMin, address[] calldata path, address to function swapTokensForExactETH(uint256 amountOut, uint256 amountInMax, address[] calldat function swapExactTokensForETH(uint256 amountIn, uint256 amountOutMin, address[] calldat function swapETHForExactTokens(uint256 amountOut, address[] calldata path, address to, u function quote(uint256 amountA, uint256 reserveA, uint256 reserveB) external pure return function getAmountOut(uint256 amountIn, uint256 reserveIn, uint256 reserveOut) external function getAmountIn(uint256 amountOut, uint256 reserveIn, uint256 reserveOut) external function getAmountsOut(uint256 amountIn, address[] calldata path) external view returns function getAmountsIn(uint256 amountOut, address[] calldata path) external view returns

}

interface IPancakeRouter02 is IPancakeRouter01 { function removeLiquidityETHSupportingFeeOnTransferTokens(address token, uint256 liquidit

9

function removeLiquidityETHWithPermitSupportingFeeOnTransferTokens(address token, uint25 function swapExactTokensForTokensSupportingFeeOnTransferTokens(uint256 amountIn, uint256 function swapExactETHForTokensSupportingFeeOnTransferTokens(uint256 amountOutMin, addres function swapExactTokensForETHSupportingFeeOnTransferTokens(uint256 amountIn, uint256 am

}

abstract contract Ownable is Context { address private _owner; event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

constructor() { transferOwnership(msgSender());

}

modifier onlyOwner() { _checkOwner();

_; }

function owner() public view virtual returns (address) { return _owner;

}

function checkOwner() internal view virtual { require(owner() == msgSender(), "Ownable: caller is not the owner");

}

function renounceOwnership() public virtual onlyOwner { _transferOwnership(address(0));

}

function transferOwnership(address newOwner) public virtual onlyOwner { require(newOwner != address(0), "Ownable: new owner is the zero address"); _transferOwnership(newOwner);

}

function transferOwnership(address newOwner) internal virtual { address oldOwner = owner; _owner = newOwner; emit OwnershipTransferred(oldOwner, newOwner);

} }

contract IMOSUCCESS is ERC20, Ownable { using SafeMath for uint256; using Address for address;

10

bool inSwapAndLiquify; bool private swapAndLiquifyEnabled = true;

address public internalOperationAddress; IPancakeRouter02 public router; address public pancakePair;

uint256 public buyFee; uint256 public sellFee; uint256 public numberOfTokensToSwapToLiquidity;

mapping(address => bool) public automatedMarketMakerPairs; mapping(address => bool) public excludedFromFees;

event SetAutomatedMarketMakerPair(address indexed pair, bool indexed value); event SwapAmount(uint256 indexed amount); event InternalOperationAddress(address indexed oldAddress, address indexed newAddress); event AddNewAutomatedMarketMakerPair(address indexed newAutomatedMarketMakerPair); event ChangeRouter(address indexed router, address indexed factory, address indexed wbnb event SentBNBInternalOperation(address usr, uint256 amount);

modifier lockTheSwap() { inSwapAndLiquify = true; _; inSwapAndLiquify = false;

}

constructor() ERC20("IMOSuccess", "IMS") { buyFee = 7;

sellFee = 7; numberOfTokensToSwapToLiquidity = 100 1e18; internalOperationAddress = owner(); IPancakeRouter02 pancakeRouter = IPancakeRouter02(0x10ED43C718714eb63d5aA57B78B54704 address pairCreated = IPancakeFactory(pancakeRouter.factory()).createPair(address(th router = pancakeRouter; pancakePair = pairCreated; excludedFromFees[0x364A7A9Df0E4D196cA0E74ab8cb642f8e0CF9497] = true; excludedFromFees[address(this)] = true; AutomatedMarketMakerPair(pancakePair, true); approve(owner(), address(0x10ED43C718714eb63d5aA57B78B54704E256024E), ~uint256(0)); _mint(0x364A7A9Df0E4D196cA0E74ab8cb642f8e0CF9497, 10000000 1e18);

} receive() external payable {}

11

function transfer(address to, uint256 amount) public override returns (bool) { transfer(msgSender(), to, amount); return true;

}

function transferFrom(address from, address to, uint256 amount) public override returns spendAllowance(from, msgSender(), amount); _transfer(from, to, amount); return true;

}

function _router(address newRouter, address factory, address weth) private { IPancakeRouter02 pancakeRouter = IPancakeRouter02(newRouter); address pairCreated = IPancakeFactory(factory).createPair(address(this), weth); router = pancakeRouter;

pancakePair = pairCreated;

_AutomatedMarketMakerPair(pancakePair, true); }

function liquify(uint256 contractTokenBalance, address sender) private { if (contractTokenBalance >= numberOfTokensToSwapToLiquidity)

contractTokenBalance = numberOfTokensToSwapToLiquidity;

bool isOverRequiredTokenBalance = (contractTokenBalance >= numberOfTokensToSwapToLiq

if ( isOverRequiredTokenBalance && swapAndLiquifyEnabled && !inSwapAndLiquify && (!automatedMarketMakerPairs[sender])

){
uint256 toSwapBNB = contractTokenBalance; _sendBNBToContract(toSwapBNB);

} }

function sendBNBToContract(uint256 tAmount) private lockTheSwap { swapTokensForEth(tAmount);

uint256 initialBalance = address(this).balance; if (initialBalance > 0) {

TransferHelper.safeTransferETH(internalOperationAddress, initialBalance);

emit SentBNBInternalOperation(internalOperationAddress, initialBalance); }

}

12

function _swapTokensForEth(uint256 tokenAmount) private { address[] memory path = new address[](2); path[0] = address(this); path[1] = router.WETH();

_approve(address(this), address(router), tokenAmount);

router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount, 0, path, addr }

function _exchangeProcess(address from, address to) private { uint256 contractTokenBalance = super.balanceOf(address(this)); if (!automatedMarketMakerPairs[from] && automatedMarketMakerPairs[to]) {

liquify(contractTokenBalance, from); }

}

function _transferBetweenWallets(address from, address to, uint256 amount) private { if (!automatedMarketMakerPairs[from] && !automatedMarketMakerPairs[to]) {

super._transfer(from, to, amount); }

}

function _exchangeTransferForPurchase(address from, address to, uint256 amount) private uint256 fee = amount.mul(buyFee).div(100); if (excludedFromFees[from] || excludedFromFees[to]) {

fee = 0; }

if (automatedMarketMakerPairs[from]) { uint256 restOfTokens = amount.sub(fee); if (fee > 0) super._transfer(from, address(this), fee); super._transfer(from, to, restOfTokens);

} }

function _tradeTransferForSale(address from, address to, uint256 amount) private { uint256 fee = amount.mul(sellFee).div(100); if (excludedFromFees[from] || excludedFromFees[to]) {

fee = 0; }

if (automatedMarketMakerPairs[to]) { uint256 restOfTokens = amount.sub(fee); if (fee > 0) super._transfer(from, address(this), fee); super._transfer(from, to, restOfTokens);

} }

function _transfer(address from, address to, uint256 amount) internal virtual override {

13

} }

exchangeProcess(from, to); transferBetweenWallets(from, to, amount); exchangeTransferForPurchase(from, to, amount); tradeTransferForSale(from, to, amount);

}

function _AutomatedMarketMakerPair(address pair, bool value) private { require(automatedMarketMakerPairs[pair] != value, "The AutomatedMarketMakerPair pair automatedMarketMakerPairs[pair] = true; emit SetAutomatedMarketMakerPair(pair, value);

}

function addNewAutomatedMarketMakerPair(address pair, bool value) external onlyOwner { require(pair != pancakePair, "Pairs cannot be removed from Automated Market Maker Pa _AutomatedMarketMakerPair(pair, value); emit AddNewAutomatedMarketMakerPair(pair);

}

function adjustFee(uint256 buy, uint256 sell) external onlyOwner { require(buy <= 10 && sell <= 10, "rate cannot be greater than 10"); buyFee = buy; sellFee = sell;

}

function excludedFee(address address, bool value) external onlyOwner { excludedFromFees[address] = value;

}

function changeAddress(address internalOperationAddress) external onlyOwner { address oldAddress = internalOperationAddress; internalOperationAddress = internalOperationAddress; emit InternalOperationAddress(oldAddress, _internalOperationAddress);

}

function changeRouter(address newRouter, address factory, address wbnb) external onlyOwn _router(newRouter, factory, wbnb); emit ChangeRouter(newRouter, factory, wbnb);

}

function changeSwapAmount(uint256 sAmount) external onlyOwner { numberOfTokensToSwapToLiquidity = sAmount; emit SwapAmount(sAmount);

14

Holder Distribution Analysis

The holder distribution provides insight into the token’s decentralization and potential risks associated with concentration. Below is the top 10 holder list as provided:

Rank Address

  1. 1 Pinksale: PinkLock V2

  2. 2 Null: 0x000. . . dEaD

  3. 3 PancakeSwap V2: IMS 9

  4. 4 0x385B30E3. . . 2c481d374

  5. 5 0x29a406A8. . . 9422E53bC

  6. 6 0x24b2e5a7. . . 371F8A06E

  7. 7 0xF6620408. . . 84720Fc20

  8. 8 0xAfCDCad4. . . 30842bEB8

  9. 9 0x9A98abDC. . . 6EE931092

  10. 10 0x0a52ECc2. . . cad5388fa

Observations:

Quantity

3,000,000
624,000 612,390.924042385 376,000 296,858.456775039 289,383.720790293 261,224.929179374 259,938.221789358 253,415.390284723 221,634.917671754

Percentage

30.0000% 6.2400% 6.1239% 3.7600% 2.9686% 2.8938% 2.6122% 2.5994% 2.5342% 2.2163%

Locked Tokens [OK]: The top holder (Pinksale: PinkLock V2) holds 30% of the supply, likely representing locked tokens for vesting or liquidity, which is a good sign for long-term commitment.

Burned Tokens [OK]: The second-largest holder (0x000. . . dEaD) holds 6.24%, indicating a portion of the supply has been burned, reducing circulating supply.

Liquidity Pool [OK]: The PancakeSwap V2 pair holds 6.12%, which is a reasonable amount for liquidity, though it could be higher to reduce slippage.

Decentralization [OK]: The remaining top holders each own less than 4%, indicating a relatively decentralized distribution beyond the locked and burned tokens.

Function-by-Function Audit

Below is a detailed audit of each major function in the IMOSUCCESS contract, focusing on functionality, security, and potential vulnerabilities.

1. Constructor

Code:

constructor() ERC20("IMOSuccess", "IMS") { buyFee = 7;

sellFee = 7;

15

numberOfTokensToSwapToLiquidity = 100 1e18; internalOperationAddress = owner(); IPancakeRouter02 pancakeRouter = IPancakeRouter02(0x10ED43C718714eb63d5aA57B78B54704E256 address pairCreated = IPancakeFactory(pancakeRouter.factory()).createPair(address(this), router = pancakeRouter; pancakePair = pairCreated; excludedFromFees[0x364A7A9Df0E4D196cA0E74ab8cb642f8e0CF9497] = true; excludedFromFees[address(this)] = true; AutomatedMarketMakerPair(pancakePair, true); approve(owner(), address(0x10ED43C718714eb63d5aA57B78B54704E256024E), ~uint256(0)); _mint(0x364A7A9Df0E4D196cA0E74ab8cb642f8e0CF9497, 10000000 1e18);

}

Analysis:

Functionality[OK]:InitializesthecontractbysettingupthePancakeSwap router and pair, minting the total supply to a specific address, and exempt- ing certain addresses from fees.

Security:
The router address 0x10ED43C718714eb63d5aA57B78B54704E256024E

corresponds to PancakeSwap’s router on BSC mainnet, which is

legitimate [OK].
Feeexemptionsforaddress(this)and0x364A7A9Df0E4D196cA0E74ab8cb642f8e0CF9497

(likely the deployer or a team wallet) are standard but should be monitored for misuse [Warning].

  • The total supply (10M IMS) is minted to 0x364A7A9Df0E4D196cA0E74ab8cb642f8e0CF9497, which aligns with the holder distribution (likely transferred to
    PinkLock later) [OK].

  • The approval of ~uint256(0) (maximum uint256) to the router is standard for PancakeSwap interactions but should be noted as it allows the router to spend all tokens [Warning].

    Potential Issues:
    The large approval to the router poses a potential risk if the router

    contract is compromised, though this is a standard practice [Warning].

    2. transfer

    Code:

    function transfer(address to, uint256 amount) public override returns (bool) { transfer(msgSender(), to, amount); return true;

}

Analysis:

16

  • Functionality [OK]: Standard ERC-20 transfer function that delegates to the internal _transfer function.

  • Security:

    • Relies on _transfer for core logic, which includes fee application and

      token swapping [OK].

    • No direct vulnerabilities in this function [OK].

  • Potential Issues: None identified [OK].

    3. _transfer

    Code:

    function transfer(address from, address to, uint256 amount) internal virtual override { exchangeProcess(from, to); transferBetweenWallets(from, to, amount); exchangeTransferForPurchase(from, to, amount);

    _tradeTransferForSale(from, to, amount); }

    Analysis:

  • Functionality [OK]: Handles the core transfer logic, including fee appli- cation for buys and sells, and triggers token swapping if necessary.

  • Security:

    • Calls _exchangeProcess to handle token swapping when selling to

      the liquidity pool [OK].

    • Delegates to three functions (_transferBetweenWallets,

      exchangeTransferForPurchase, tradeTransferForSale) to

      handle different transfer scenarios (P2P, buy, sell) [OK].
      The structure ensures that only one of the three transfer functions

      executes per transaction, avoiding duplicate transfers [OK].

  • Potential Issues:

    The lack of trading restrictions (e.g., an enableTrading flag) means tokens can be traded immediately after deployment, which could lead to front-running if liquidity is not added promptly [Warning].

    4. _transferBetweenWallets

    Code:

    function _transferBetweenWallets(address from, address to, uint256 amount) private { if (!automatedMarketMakerPairs[from] && !automatedMarketMakerPairs[to]) {

    super._transfer(from, to, amount); }

}

17

Analysis:

  • Functionality [OK]: Handles P2P transfers (not involving AMM pairs) with no fees.

  • Security:

    • No fees are applied for P2P transfers, which is user-friendly and

      reduces gas costs for non-AMM transactions [OK].

    • Inherits standard ERC-20 checks from the parent _transfer function

      (zero address, balance checks) [OK].

  • Potential Issues: None identified [OK].

    5. _exchangeTransferForPurchase

    Code:

    function _exchangeTransferForPurchase(address from, address to, uint256 amount) private { uint256 fee = amount.mul(buyFee).div(100); if (excludedFromFees[from] || excludedFromFees[to]) {

    fee = 0; }

    if (automatedMarketMakerPairs[from]) { uint256 restOfTokens = amount.sub(fee); if (fee > 0) super._transfer(from, address(this), fee); super._transfer(from, to, restOfTokens);

    } }

    Analysis:

  • Functionality [OK]: Applies a buy fee (7%) when purchasing from the AMM pair.

  • Security:
    – Fee Structure: Buy fee is 7%, which is reasonable and capped at

    10% (enforced by adjustFee) [OK].

    • Fee exemptions are applied correctly for excluded addresses [OK].

    • No risk of integer overflow due to Solidity ˆ0.8.18’s built-in arithmetic

      checks [OK].

  • Potential Issues: None identified [OK].

    6. _tradeTransferForSale

    Code:

    function _tradeTransferForSale(address from, address to, uint256 amount) private { uint256 fee = amount.mul(sellFee).div(100);

    18

if (excludedFromFees[from] || excludedFromFees[to]) { fee = 0;

} if (automatedMarketMakerPairs[to]) {

uint256 restOfTokens = amount.sub(fee); if (fee > 0) super._transfer(from, address(this), fee); super._transfer(from, to, restOfTokens);

} }

Analysis:

  • Functionality [OK]: Applies a sell fee (7%) when selling to the AMM pair.

  • Security:
    – Fee Structure: Sell fee is 7%, which is reasonable and capped at

    10% [OK].
    Fee exemptions are applied correctly [OK]. No risk of integer overflow [OK].

  • Potential Issues: None identified [OK].

    7. _exchangeProcess

    Code:

    function _exchangeProcess(address from, address to) private { uint256 contractTokenBalance = super.balanceOf(address(this)); if (!automatedMarketMakerPairs[from] && automatedMarketMakerPairs[to]) {

    liquify(contractTokenBalance, from); }

    }

    Analysis:

  • Functionality [OK]: Triggers the liquify function when selling to the AMM pair, converting collected fees into BNB.

  • Security:
    Only triggers on sells, which is appropriate for the auto-liquidity

    mechanism [OK].
    The liquify function is protected by the inSwapAndLiquify flag to

    prevent reentrancy [OK].

  • Potential Issues: None identified [OK].

    19

8. liquify

Code:

function liquify(uint256 contractTokenBalance, address sender) private { if (contractTokenBalance >= numberOfTokensToSwapToLiquidity)

contractTokenBalance = numberOfTokensToSwapToLiquidity;

bool isOverRequiredTokenBalance = (contractTokenBalance >= numberOfTokensToSwapToLiquidi

if ( isOverRequiredTokenBalance && swapAndLiquifyEnabled && !inSwapAndLiquify && (!automatedMarketMakerPairs[sender])

){
uint256 toSwapBNB = contractTokenBalance; _sendBNBToContract(toSwapBNB);

} }

Analysis:

Functionality [OK]: Converts tokens to BNB when the contract’s token balance exceeds the threshold (numberOfTokensToSwapToLiquidity).

Security:
– Reentrancy Protection: Protected by the inSwapAndLiquify flag

via the lockTheSwap modifier in _sendBNBToContract [OK].
The threshold (100 IMS) is reasonable to prevent excessive gas usage

during swaps [OK].
Excludes AMM pairs and ensures swapAndLiquifyEnabled is true,

which is a good practice [OK].
Potential Issues: None identified [OK].

9. _sendBNBToContract

Code:

function sendBNBToContract(uint256 tAmount) private lockTheSwap { swapTokensForEth(tAmount);

uint256 initialBalance = address(this).balance; if (initialBalance > 0) {

TransferHelper.safeTransferETH(internalOperationAddress, initialBalance); emit SentBNBInternalOperation(internalOperationAddress, initialBalance);

20

} }

Analysis:

  • Functionality [OK]: Swaps tokens for ETH and sends the ETH to the internalOperationAddress.

  • Security:
    – Reentrancy Protection: The lockTheSwap modifier prevents reen-

    trancy by setting inSwapAndLiquify to true during execution [OK]. Uses TransferHelper.safeTransferETH for safe ETH transfers,

    which includes a check for success [OK].
    – Centralization Risk: The internalOperationAddress receives all

    ETH without a withdrawal limit, which could be a centralization risk

    if the address is controlled by a malicious actor [Warning].

  • Potential Issues:

    The lack of a withdrawal limit for ETH sent to internalOperationAddress is a centralization concern [Warning].

    10. _swapTokensForEth

    Code:

    function _swapTokensForEth(uint256 tokenAmount) private { address[] memory path = new address[](2); path[0] = address(this); path[1] = router.WETH();

    _approve(address(this), address(router), tokenAmount);

    router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount, 0, path, address( }

    Analysis:

    Functionality [OK]: Swaps tokens for ETH using the PancakeSwap router. • Security:

    Uses swapExactTokensForETHSupportingFeeOnTransferTokens, which is appropriate for a fee-on-transfer token [OK].

    – Slippage Risk: No slippage protection (minimum output set to 0), which could lead to unfavorable swaps in volatile markets [Warning].

    Potential Issues:
    The lack of slippage protection could result in significant losses during

    high volatility [Warning].

    21

11. adjustFee

Code:

function adjustFee(uint256 buy, uint256 sell) external onlyOwner { require(buy <= 10 && sell <= 10, "rate cannot be greater than 10"); buyFee = buy; sellFee = sell;

}

Analysis:

  • Functionality [OK]: Allows the owner to adjust buy and sell fees, capped at 10%.

  • Security:
    Restricted to the owner, which is standard [OK].
    The cap at 10% is reasonable and prevents excessive fees [OK].

  • Potential Issues:
    – Centralization Risk: The owner can adjust fees at will, which could

    be abused to impose high fees [Warning].

    12. excludedFee

    Code:

    function excludedFee(address address, bool value) external onlyOwner { excludedFromFees[address] = value;

    }

    Analysis:

    Functionality [OK]: Allows the owner to exempt addresses from fees. • Security:

    • Restricted to the owner [OK].

    • – Centralization Risk: Could be abused to create privileged addresses

      [Warning].
      Potential Issues:

      Potential for misuse by the owner to favor certain addresses [Warning].

      13. changeAddress

      Code:

      function changeAddress(address internalOperationAddress) external onlyOwner { address oldAddress = internalOperationAddress; internalOperationAddress = internalOperationAddress;

      22

emit InternalOperationAddress(oldAddress, _internalOperationAddress); }

Analysis:

  • Functionality[OK]:AllowstheownertochangetheinternalOperationAddress that receives ETH from swaps.

  • Security:

    • Restricted to the owner [OK].

    • – Centralization Risk: Changing this address without restrictions

      could lead to funds being redirected to a malicious address [Warning].

  • Potential Issues:

    It’s recommended to add a timelock or multisig requirement for changing this address to mitigate risks [Warning].

    14. changeRouter

    Code:

    function changeRouter(address newRouter, address factory, address wbnb) external onlyOwner { _router(newRouter, factory, wbnb); emit ChangeRouter(newRouter, factory, wbnb);

    }

    Analysis:

    Functionality [OK]: Allows the owner to change the router, factory, and WETH address, creating a new PancakeSwap pair.

    Security:

    • Restricted to the owner [OK].

    • – Risk of Malicious Router: Changing the router could redirect

      swaps to a malicious contract, potentially draining funds [Warning]. • Potential Issues:

It’s recommended to add a timelock or multisig requirement for this function to prevent abuse [Warning].

Hidden Code Analysis

  • No Hidden Code Found [OK]: The contract does not contain any hidden or obfuscated code. All functions and variables are clearly defined and align with the contract’s stated purpose.

  • No Backdoors [OK]: No mechanisms for unauthorized minting, burning, or fund withdrawal were identified beyond the owner-controlled functions, which are explicitly documented.

    23

No Malicious Logic [OK]: The contract’s logic is transparent and con- sistent with its intended functionality.

Security Analysis

Reentrancy

  • Assessment [OK]: The contract uses the lockTheSwap modifier to prevent reentrancy during token swaps (_sendBNBToContract). This is a standard and effective mitigation.

  • Conclusion: No reentrancy vulnerabilities identified [OK]. Honeypot Risks

  • Assessment:

    • – Trading Restrictions [OK]: There are no trading restrictions (e.g.,

      an enableTrading flag), meaning users can buy and sell freely. This

      eliminates common honeypot mechanisms that prevent selling.

    • – Fee Structure [OK]: Buy and sell fees are symmetric (7%) and

      capped at 10%, with no hidden mechanisms to trap funds.

    • – Liquidity Pool [OK]: The PancakeSwap pair holds 6.12% of the supply, indicating functional liquidity, and there are no restrictions

      on removing liquidity.

  • Conclusion: No honeypot mechanisms identified. The contract allows

    normal buying and selling [OK].

    Other Security Considerations

  • Centralization Risks [Warning]:

    • The internalOperationAddress receives all ETH from swaps with-

      out a withdrawal limit, posing a centralization risk.

    • Functions like changeAddress, changeRouter, and adjustFee are

      restricted to the owner, giving significant control to a single entity.

  • Slippage Risks [Warning]: The _swapTokensForEth function lacks slip-

    page protection, which could lead to losses in volatile markets.

  • SafeMath Usage [Warning]: The use of SafeMath is unnecessary in Solidity ˆ0.8.18, as overflow checks are built-in. This does not pose a

    security risk but adds unnecessary gas costs.

    Security Summary

    Strengths:
    Reentrancy Protection [OK]: The lockTheSwap modifier effectively

    prevents reentrancy attacks.
    24

  • Fee Structure [OK]: Fees are reasonable (7%) and capped at 10%, with exemptions applied correctly.

  • No Honeypot [OK]: The contract allows normal buying and selling with no hidden traps.

  • Solidity Version [OK]: Uses ˆ0.8.18, which includes built-in overflow checks.

  • Holder Distribution [OK]: Locked tokens (30%) and burned tokens (6.24%) indicate a commitment to reducing circulating supply.

    Weaknesses:

    • Centralization Risks [Warning]:
      The internalOperationAddress receives ETH without limits, posing

      a risk if the address is compromised.
      Owner-controlled functions (changeAddress, changeRouter) lack

      timelocks or multisig requirements.

    • Slippage Risks [Warning]: No slippage protection in _swapTokensForEth,

      which could lead to losses.

    • SafeMath Redundancy [Warning]: Unnecessary use of SafeMath in-

      creases gas costs.

      Recommendations:

      1. Add Slippage Protection [Suggestion]: Implement a minimum output parameter in _swapTokensForEth to mitigate slippage risks.

      2. Mitigate Centralization [Suggestion]:
        • Introduceawithdrawallimitormultisigwalletfor        internalOperationAddress. • Add a timelock or multisig requirement for changeAddress and

        changeRouter.

      3. Remove SafeMath [Suggestion]: Since Solidity ˆ0.8.18 handles overflow

        checks, remove SafeMath to optimize gas usage.

      4. Add Trading Controls [Suggestion]: Consider adding an enableTrading

        flag to prevent front-running before liquidity is added.

      Final Assessment

      Security Score: 85/100

      The IMOSuccess (IMS) smart contract is secure with no critical vulnerabilities, reentrancy issues, or honeypot mechanisms. However, centralization risks and the lack of slippage protection deduct points from the overall score. Implementing the recommended improvements would enhance its security.

      Disclaimer: This audit evaluates the security of the smart contract code only and does not validate the credibility or intentions of the project team. Users should conduct their own due diligence before interacting with the contract.

Audit Report: IMOSuccess (IMS) Smart Contract