KYOTO security concern

# KYOTO security concern ## Problem description To stop the trading, the existing solution is blacklisting the `LP pair` smart contract. This can cause problem. The LP liquidity can not be removed until 07/Oct(3 weeks). When we need to remove the liquidity, we need to remove the `LP pair` smart contract from the blacklist(please correct me if my understanding is wrong). This approach will cause problems. Reason: when `LP pair` is removed from the blacklist, KYOTO token holders can sell their tokens, even if some of them already sold through the OTC. ## Proposed solution - Deploy a simple smart contract - And then set the `pairContract` as this newly-deployed smart contract by `setLP`. ```solidity contract SyncRevert { function sync() pure external { require(false, "can not sync()"); } } ``` ```solidity function setLP(address _address) external onlyOwner { pairContract = IPancakeSwapPair(_address); } ``` How does it work. ```solidity function _transferFrom( address sender, address recipient, uint256 amount ) internal returns (bool) { require(!blacklist[sender] && !blacklist[recipient], "in_blacklist"); if (inSwap) { return _basicTransfer(sender, recipient, amount); } if (shouldRebase()) { rebase(); // Revert here } //... } function rebase() internal { if (inSwap) return; uint256 rebaseRate; uint256 deltaTimeFromInit = block.timestamp - _initRebaseStartTime; uint256 deltaTime = block.timestamp - _lastRebasedTime; uint256 times = deltaTime.div(15 minutes); uint256 epoch = times.mul(15); if (deltaTimeFromInit < (365 days)) { rebaseRate = 2604; } else if (deltaTimeFromInit >= (7 * 365 days)) { rebaseRate = 2; } else if (deltaTimeFromInit >= ((15 * 365 days) / 10)) { rebaseRate = 14; } else { rebaseRate = 211; } for (uint256 i = 0; i < times; i++) { _totalSupply = _totalSupply .mul((10**RATE_DECIMALS).add(rebaseRate)) .div(10**RATE_DECIMALS); } _gonsPerFragment = TOTAL_GONS.div(_totalSupply); _lastRebasedTime = _lastRebasedTime.add(times.mul(15 minutes)); pairContract.sync(); // Revert here emit LogRebase(epoch, _totalSupply); } ``` - User can not transfer/sell because `rebase()` will revert. - KYOTO team can `removeLiquidity` freely.