Security Audit of `Narfex` contracts.

# Security Audit of `Narfex` contracts. ## Conclusion This audit was made by Auditor: Vladimir Smelov <vladimirfol@gmail.com>. Date: 2023-01-24 TODO ## Scope TODO ## Methodology 1. Blind audit. Understand the structure of the code without reading any docs. 2. Ask questions to developers. 3. Run static analyzers. 4. Find problems with: - backdoors; - bugs; - math; - potential leaking of funds; - potential locking of the contract; - validate arguments and events; - others. ## Result #### WARNING-1. At - Contract.sol:6 ```solidity=6 pragma solidity >=0.4.22 <0.9.0; ``` too wide versions range, define exact solc version ##### Status. NEW ______ #### WARNING-2. At - Contract.sol:438-439,441-442 ```solidity=438 uint256 public _taxFee = 1; uint256 private _previousTaxFee = _taxFee; ``` ```solidity=441 uint256 public _liquidityFee = 1; uint256 private _previousLiquidityFee = _liquidityFee; ``` this is never used, were you going to use it? Consider removal, or using them! ##### Status. NEW ______ #### WARNING-3. At - Contract.sol:634 ```solidity=634 uint256 tFee = tAmount.div(100).mul(2); ``` performs a multiplication on the result of a division, decreases accuracy ##### Status. NEW ______ #### LOW-1. At - Contract.sol:422 ```solidity=422 contract NarfexToken is Context, IERC20, Ownable { ``` Context is not needed, consider the usage of just msg.sender instead of _msgSender() ##### Status. NEW ______ #### LOW-2. At - Contract.sol:423 ```solidity=423 using SafeMath for uint256; ``` you dont need it if you use solc 0.8.X ##### Status. NEW ______ #### LOW-3. At - Contract.sol:433 ```solidity=433 uint256 private constant MAX = ~uint256(0); ``` wrong indentation (extra space) ##### Status. NEW ______ #### LOW-4. At - Contract.sol:433 ```solidity=433 uint256 private constant MAX = ~uint256(0); ``` use type(uint256).max embedded constant ##### Status. NEW ______ #### LOW-5. At - Contract.sol:434 ```solidity=434 uint256 private _tTotal = 20000000000 * 10**6 * 10**9; ``` declare as immutable ##### Status. NEW ______ #### LOW-6. At - Contract.sol:434 ```solidity=434 uint256 private _tTotal = 20000000000 * 10**6 * 10**9; ``` consider rewrite as 20_000_000_000 for readability. Also from 20bln * 1mln * 1bln it's not clear how many decimals=18 tokens will be minted. ##### Status. NEW ______ #### LOW-7. At - Contract.sol:444-446 ```solidity=444 string private _name = "Narfex"; string private _symbol = "NRFX"; uint8 private _decimals = 18; ``` consider declaring as immutable ##### Status. NEW ______ #### LOW-8. At - Contract.sol:448-451 ```solidity=448 constructor () public { _rOwned[_msgSender()] = _rTotal; emit Transfer(address(0), _msgSender(), _tTotal); } ``` you usually want to declare owner _isExcluded also. ##### Status. NEW