Security Assessment PeacockCoin Token

$PEKC
6 min readJun 13, 2021

--

Jun 10th, 2021

Main Source information : H E R E

Table Of Content

Summary

Overview

Project Summary

Audit Summary

Vulnerability Summary

Audit Scope

Findings

PEA-01 : Unlocked Compiler Version

PEA-02 : Division Before Multiplication

Appendix

Disclaimer

About

SUMMARY

This report has been prepared for PeacockCoin Token smart contracts, to discover issues and vulnerabilities in the source code of their Smart Contract as well as any contract dependencies that were not part of an officially recognized library. A comprehensive examination has been performed, utilizing Static Analysis and Manual Review techniques. The auditing process pays special attention to the following considerations: Testing the smart contracts against both common and uncommon attack vectors. Assessing the codebase to ensure compliance with current best practices and industry standards. Ensuring contract logic meets the specifications and intentions of the client. Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders. Thorough line-by-line manual review of the entire codebase by industry experts. The security assessment resulted in findings that ranged from critical to informational. We recommend addressing these findings to ensure a high level of security standards and industry practices. We suggest recommendations that could better serve the project from the security perspective: Enhance general coding practices for better structures of source codes; Add enough unit tests to cover the possible use cases given they are currently missing in the repository; Provide more comments per each function for readability, especially contracts are verified in public; Provide more transparency on privileged activities once the protocol is live. No notable vulnerabilities were identified in the codebase and it makes use of the latest security principles and style guidelines. There were certain optimizations observed as well as security principles that can optionally be applied to the codebase to fortify the codebase to a greater extent. It should be noted that the codebase is based on a known project, hence inheriting the original’s vulnerabilities.

Overview Project Summary

Project Name PeacockCoin

Token Description A deflationary yield token

Platform BSC

Language Solidity

Codebase https://bscscan.com/address/0x050787de0cf5da03d9387b344334d51cae5dd0fd#code

Commit

Audit Summary

Delivery Date : Jun 10, 2021

Audit Methodology : Static Analysis, Manual Review

Key Components : Deflationary Yield Token

Vulnerability Summary

Total Issues 2

Critical : 0

Major ; 0

Medium : 0

Minor : 1

Informational :1

Discussion : 0

Audit Scope

ID file SHA256 Checksum

PEA PEACOCKCOIN.sol 532af37c4b88318490e43e62c6e40052c620d04b3b0a5a5490ebcb09f0a1e14b

#Description

The contract has unlocked compiler version. An unlocked compiler version in the source code of the contract permits the user to compile it at or above a particular version. This, in turn, leads to differences in the generated bytecode between compilations due to differing compiler version numbers. This can lead to an ambiguity when debugging as compiler specific bugs may occur in the codebase that would be hard to identify over a span of multiple compiler versions rather than a specific one.

#Recommendation

We advise that the compiler version is instead locked at the lowest version possible that the contract can be compiled at. For example, for version v0.6.2 the contract should contain the following line:

pragma solidity 0.6.2

#Alleviation

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase

#Description

Integer division might truncate, hence division before multiplication can lead to loss of precision.

#Recommendation

We advise to perform multiplication before division to avoid loss of precision.

#Alleviation

The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.

#Appendix

#Finding Categories

#Mathematical Operations

Mathematical Operation findings relate to mishandling of math formulas, such as overflows, incorrect operations etc.

#Language Specific

Language Specific findings are issues that would only arise within Solidity, i.e. incorrect usage of private or delete.

#Checksum Calculation Method

The “Checksum” field in the “Audit Scope” section is calculated as the SHA-256 (Secure Hash Algorithm 2 with digest size of 256 bits) digest of the content of each file hosted in the listed source repository under the specified commit. The result is hexadecimal encoded and is the same as the output of the Linux “sha256sum” command against the target file.

Disclaimer

This report is subject to the terms and conditions (including without limitation, description of services, confidentiality, disclaimer and limitation of liability) set forth in the Services Agreement, or the scope of services, and terms and conditions provided to the Company in connection with the Agreement. This report provided in connection with the Services set forth in the Agreement shall be used by the Company only to the extent permitted under the terms and conditions set forth in the Agreement. This report may not be transmitted, disclosed, referred to or relied upon by any person for any purposes without CertiK’s prior written consent.

This report is not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. This report is not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team or project that contracts CertiK to perform a security assessment. This report does not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors, business, business model or legal compliance.

This report should not be used in any way to make decisions around investment or involvement with any particular project. This report in no way provides investment advice, nor should be leveraged as investment advice of any sort. This report represents an extensive assessing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology.

Blockchain technology and cryptographic assets present a high level of ongoing risk. CertiK’s position is that each company and individual are responsible for their own due diligence and continuous security. CertiK’s goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies, and in no way claims any guarantee of security or functionality of the technology we agree to analyze.

PEACOCKCOIN STRUCTURE

Total Supply: 100,000,000,000,000,000 PEKC

Token Distribution

PEKC TOKEN is listed on BSC chain.
Maximum supply of token is 100 Quadrillion and 50% was initially burnt.

Information Boards

Website : Peacockcoin

TG Official : Telegram

Twitter Official : Twitter

Discord : Discord

Reddit : Reddit

IG: Instagram

PeacockCoin : Whitepaper

PeacockCoin : Roadmap or Website

PEKC Audit (1st) : Solidity Audits

PEKC Audit (2nd) : Certik Audits

PeacockCoin : Marketplace (Beta Preview)

PeacockCoin : Wallet Tracker

PeacockCoin : Coin markets Cap

PeacockCoin : Coingecko

Price List : Coinbase

Price List : Live coin watch

Listing : Coin Sniper

Listing : Stock Wits

Peacockcoin Ecosystem

Peacockcoin is designed to rewards holders. The Peacockcoin tokenomics apply a special tax to every buyer or seller : 2,5% are redistributed back to holders while 2,5% are burned forever reducing the total supply. With the PEKC token there is no need to stake or lock up your tokens anywhere to receive rewards. Just hold tokens in your wallet and watch your balance increase

RISK

Please note there are always risks associated with smart-contracts. Please use at your own risk. PEKC Token is not a registered broker, analyst or investment advisor. Everything that we provide on this site is purely for guidance, informational and educational purposes. All information contained herein should be independently verified and confirmed. We do not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. Please be aware of the risks involved with any trading done in any financial market. Do not trade with money that you cannot afford to lose. When in doubt, you should consult a qualified financial advisor before making any investment decisions.

Our Network :

BINANCE SMART CHAIN

PANCAKE SWAP

Fundraising campaign

We have decided to launch a fundraising campaign that will be used on marketing, exchanges and charity donations. This will help to boost our growth and expand our vision to more communities out there.
Any help and support is greatly appreciated. You can find the Peacockcoin Fundraising wallets below
:

Fundarasing Peacockcoin

--

--

$PEKC

Peacockcoin is a deflationary yield token on the Binance Smart Chain with multi-dimensional NFTs.