BOTiFi Ai
First-Ever AI-Powered Smart DEX Offering Fully Automatic Smart Trading 24/7 Under All Market Conditions. Maximise Profits With Emotion-Free Trading Without KYC or Sign Up. 100% Secure & Non-Custodial Smart DEX.
Audit Report
1 Report
KYC Badge
1 Report
Network Chain
BNB Chain
Onbroaded Date
October 6, 2023
Code Security
SWC-Registry
Static Analysis
Manaul Analysis
WAS by SCRL
Audit Scope
https://bscscan.com/address/0xb1bf223D00a0c0086EE0AE6c8B1fcb1c2E4a479C#code
Severity Risk
Critical Vulnerability
| CEN-01 | Owner can set buy & sell tax up to 100% |
Scenario: In cases where the Buy/Sell Tax function does not have a maximum value function set, the Owner can set the value up to 100%, resulting in the trader not receiving any trade. And the benefit will go to the account that is designated to receive the tax fee. This is a serious centralized risk.
High Vulnerability
| SEC-01 | If Owner Set ‘setSellTax’ and add address to exclude tax list with function ’exclude’ only exclude tax address list can trading with out tax |
| SEC-02 | If ’setSellTax’ & ‘setBuyTax’ > 49%, the tokens will not be able to be trading |
| SEC-03 | Centralization Risk |
| SEC-04 | No-slippage-check |
Medium Vulnerability
| SEC-05 | Unchecked low-level calls (unchecked-lowlevel) |
| SEC-06 | Unused return values (unused-return) |
| SEC-07 | Imprecise arithmetic operations order (divide-before-multiply) |
| SEC-08 | Dangerous strict equalities (incorrect-equality) |
| SEC-09 | Uninitialized local variables (uninitialized-local) |
Low Vulnerability
| SEC-10 | Reentrancy vulnerabilities leading to out-of-order Events (reentrancy-events) |
| SEC-11 | Benign reentrancy vulnerabilities (reentrancy-benign) |
| SEC-12 | Contract function does not emit event after the value is set (pess-event-setter) |
Very Low Vulnerability
No Very Low Vulnerability
Informational Vulnerability
| SEC-13 | Unused state variables (unused-state) |
| SEC-14 | Conformance to numeric notation best practices (too-many-digits) |
| SEC-15 | Low level calls (low-level-calls) |
| SEC-16 | Unlocked pragma |
| SEC-17 | Use-nested-if |
Risk Checker
Contract Functional
Honeypot Risk
Web Security Pentest
SSL Checking
- Certificate matches server hostname
- Certificate is trusted
- Anchor certificate not sent
- Certificate Transparency
- OCSP Response Status
- Cert Status
- Deflate Compression
- OpenSSL CCS Injection
- OpenSSL Heartbleed
- ROBOT Attack
- Client Renegotiation DoS Attack
- Secure Renegotiation
Web Security Checking
- OWASP TOP 10/OWASP WSTG
- DOM-based Cross Site Scripting
- Cross Site Script Inclusion
- CSS Injection
- XML Injection
- Clickjacking
- X-Content-Type-Option Header
- Server may leak inodes via ETags
- Testing Session Timeout
- Injection (XSS/Script/HTML)
KYC
KYC Detail
| Identities Document | Passport – Republic Of India |
| Badge Tier | Bronze – The Core Team has KYC verification only for founders/co-founders. and did not find any history or success in any project This may be the first project. and did not find any work experience or any certificates and awards This is a risk that should be considered. |
| GEO Tier | Tier 3 – The country of the person being assessed It is a country without laws for cryptocurrency. Legal proceedings are not supported. Weak legal enforcement Countries with high fraud rates or harbors of scammers There is no international legal cooperation. It is considered the highest risk. |
| Smart Contract Audit | They have smart contract audit with SCRL, but it’s have a critical risk please read it before participating and DYOR this report is not an Investment/Financial Advice and SCRL disclaims any liability incurred. Whether it’s Rugpull, Abandonment, Soft Rugpull , Exploit, Exit Scam |
| Number of people who perform KYC | 1 |
| The number of Sanction databases that have performed the KYC. | 96 of Sanction Database & Regulator Law Enforcement Database |
