| Field | Value |
|---|---|
| Audit Firm | Mefai Security Research |
| Report Date | 2026-03-28 |
| Contract Address | 0xCD96a472b448d6C2c99F714737E7F9F4fCa67777 |
| Chain | BNB Smart Chain (BSC) |
| Language | Solidity |
| Audit Type | Token CA |
| Deployment | Launchpad Token (EIP-1167 Minimal Proxy) |
| Mefai Security Score | 89/100 |
| Overall Risk | LOW-MEDIUM |
This report represents a point-in-time security assessment conducted by Mefai Security Research. The findings and recommendations contained herein are based on the information available and the state of the codebase at the time of the audit. This report does not constitute a guarantee that the audited system is free of vulnerabilities or defects. No part of this report should be considered as investment advice, an endorsement, or a recommendation regarding the security of any project, token, or protocol.
Mefai Security Research assumes no liability for any losses, damages, or adverse consequences resulting from the use of or reliance on this report. The responsibility for implementing fixes and maintaining security lies solely with the project team.
| Field | Value |
|---|---|
| Token Name | Flap |
| Token Symbol | FLAP |
| Decimals | 18 |
| Total Supply | 1,000,000,000 (fixed) |
| Contract Type | EIP-1167 Minimal Proxy (45 bytes) |
| Implementation | 0x29e6383F0ce68507b5A72a53c2B118a118332aA8 (15,269 bytes) |
| Upgradeable | NO — EIP-1167 hardcodes implementation in bytecode, cannot be changed |
| EIP-1967 Proxy Slot | Empty (0x00...00) — confirms non-upgradeable |
| Ownership | RENOUNCED — owner() returns 0x0000000000000000000000000000000000000000 |
| Source Verified (BSCScan) | NO — neither proxy nor implementation verified |
| Standards | ERC-20, ERC-20Permit (EIP-2612), Ownable, Initializable |
363d3d373d3d3d363d7329e6383f0ce68507b5a72a53c2b118a118332aa85af43d82803e903d91602b57fd5bf3
This is a standard EIP-1167 minimal proxy. The implementation address (0x29e6...2aA8) is hardcoded at bytes 10-29. There is no mechanism to change this — the proxy is immutable.
| Severity | Count |
|---|---|
| Critical | 0 |
| High | 0 |
| Medium | 1 |
| Low | 2 |
| Informational | 3 |
| Total | 6 |
Ownership renounced, LP 100% burned, no mint function in bytecode, not a honeypot. Deductions are for the permanent 3% tax with opaque fee routing, unverified source code on BSCScan, and extremely low liquidity.
The token is a 45-byte EIP-1167 clone pointing to a shared implementation at 0x29e6383F0ce68507b5A72a53c2B118a118332aA8 (15,269 bytes). The implementation uses OpenZeppelin's Initializable pattern (proxy-compatible constructor replacement).
Key characteristics:
- Fixed supply: 1,000,000,000 FLAP minted during initialization. No public
mint()exists. - Ownership: Irrevocably renounced —
owner()=0x0000...0000. - Not upgradeable: EIP-1967 implementation slot is empty. EIP-1167 bytecode is immutable.
- ERC-20Permit: Supports gasless approvals via EIP-2612 signatures.
| Parameter | Selector | Value | Description |
|---|---|---|---|
taxRate() |
0x771a3a1d |
300 | 3% (basis points) |
taxDuration() |
0x11723c67 |
3,153,600,000 | 100 years |
taxStart() |
0x5bc129bf |
1,767,942,055 | 2026-01-09 07:00:55 UTC |
| Tax End | calculated | ~2126 | Effectively permanent |
taxSplitter() |
0x40c3c819 |
0x242c...54c9 |
Tax routing contract |
QUOTE_TOKEN() |
0x78892cea |
0xbb4C...095c |
WBNB |
antiFarmerRate() |
0x258b80c4 |
200,000,000,000,000,000 | 0.2 (20% anti-snipe rate) |
The 3% tax is permanently locked — taxRate requires onlyOwner to modify, and ownership is renounced. The tax cannot be increased, decreased, or removed.
Transfer (buy/sell)
└─> 3% deducted
└─> TaxSplitter (0x242c...54c9)
├─> feeReceiver: 0x8a08D98CBB218fceB318Ecf3aBc1BA43D8A7aB0E
└─> beneficiary: 0x171a7106dBbfA23C4C3Bf95A2cd5A1F5E8E8ddE5
| Address | Type | BNB Balance | FLAP Balance | Notes |
|---|---|---|---|---|
TaxSplitter (0x242c...54c9) |
Contract (45-byte proxy) | 0 BNB | 0 FLAP | Routes fees |
feeReceiver (0x8a08...aB0E) |
Contract (171 bytes) | 1,194.90 BNB | 400,000 FLAP | Platform treasury |
beneficiary (0x171a...ddE5) |
EOA | 0 BNB | 0 FLAP | Empty |
TaxSplitter is itself an EIP-1167 proxy (implementation: 0xC7C889f9d51faB17BE054A7B98Eef5e5048af137, 6,023 bytes). Its owner() is the platform Portal contract (0xe2cE...9De0).
Present (verified in implementation bytecode):
| Selector | Function |
|---|---|
0x06fdde03 |
name() |
0x95d89b41 |
symbol() |
0x18160ddd |
totalSupply() |
0x313ce567 |
decimals() |
0x70a08231 |
balanceOf(address) |
0xa9059cbb |
transfer(address,uint256) |
0x23b872dd |
transferFrom(address,address,uint256) |
0x095ea7b3 |
approve(address,uint256) |
0xdd62ed3e |
allowance(address,address) |
0x8da5cb5b |
owner() |
0x715018a6 |
renounceOwnership() |
0xf2fde38b |
transferOwnership(address) |
0x771a3a1d |
taxRate() |
0x40c3c819 |
taxSplitter() |
0x78892cea |
QUOTE_TOKEN() |
0x258b80c4 |
antiFarmerRate() |
0x11723c67 |
taxDuration() |
0x5bc129bf |
taxStart() |
0x18264f33 |
startMigration() |
0x4031234c |
threshold/cap |
NOT present (dangerous functions — bytecode selector search):
| Selector | Function | Status |
|---|---|---|
0x40c10f19 |
mint(address,uint256) |
NOT IN BYTECODE |
0xa0712d68 |
mint(uint256) |
NOT IN BYTECODE |
0x44337ea1 |
blacklist(address) |
NOT IN BYTECODE |
0x0ecb93c0 |
addBlacklist(address) |
NOT IN BYTECODE |
0x8456cb59 |
pause() |
NOT IN BYTECODE |
0x3f4ba83a |
unpause() |
NOT IN BYTECODE |
0xc6d69a30 |
setTaxRate |
NOT IN BYTECODE |
0x69fe0e2d |
setFee(uint256) |
NOT IN BYTECODE |
| Field | Value |
|---|---|
| Pair Address | 0x4555212f2b560eC1fA48c96e2F253fe2323aF319 |
| DEX | PancakeSwap V2 |
| Token0 | WBNB (0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c) |
| Token1 | FLAP (0xCD96a472b448d6C2c99F714737E7F9F4fCa67777) |
| WBNB Reserve | 5.5833 BNB |
| FLAP Reserve | 588,026,053.40 FLAP |
| LP Total Supply | 56,508.563326209565275349 |
| LP Burned to Dead Address | 56,508.563326209565275349 |
| LP Burn Percentage | 100.0000% |
| LP Locked at Zero Address | 0.000000000000001000 (PancakeSwap minimum lock) |
LP is permanently burned — sent to 0x000000000000000000000000000000000000dEaD. Liquidity cannot be pulled by anyone. This is irreversible.
| Test | Result |
|---|---|
| Buy 0.01 BNB -> FLAP | 1,048,688.37 FLAP (router estimate, pre-tax) |
| Sell 1,048,688.37 FLAP -> BNB | 0.009915 BNB (router estimate, pre-tax) |
| Router round-trip loss | 0.85% (AMM slippage only) |
| Actual buy tax (on-chain) | 3% (deducted during transfer) |
| Actual sell tax (on-chain) | 3% (deducted during transfer) |
| Effective round-trip cost | ~6.1% (3% buy + 3% sell + 0.1% AMM) |
| Honeypot | NO — both buy and sell execute |
Note: getAmountsOut() does not account for fee-on-transfer tokens. The router returns pre-tax estimates. The actual 3% tax is deducted during the transfer() call inside the swap. Effective buy/sell cost is 3% each.
| Holder | Address | Balance | % of Supply |
|---|---|---|---|
| Burned (dead address) | 0x000...dEaD |
376,443,409.49 | 37.64% |
| WBNB LP Pair | 0x4555...F319 |
588,026,053.40 | 58.80% |
| Token Contract | 0xCD96...7777 |
215,200.52 | 0.02% |
| Fee Receiver (treasury) | 0x8a08...aB0E |
400,000.00 | 0.04% |
| Individual Wallets | various | 35,315,336.58 | 3.53% |
- 37.64% permanently burned
- 58.80% locked in LP (LP is 100% burned, so this supply is also permanently locked)
- Only 3.53% of total supply is freely circulating in individual wallets
- Effective circulating supply: ~35.3M FLAP out of 1B
| Attribute | Value |
|---|---|
| Severity | Medium |
| Type | Fee Mechanics / Centralization |
| Status | Open (by design) |
Description:
The token has a permanent 3% buy/sell tax set for 100 years (until ~2126). Since ownership is renounced, this tax rate cannot be changed by anyone. Tax proceeds are routed through a TaxSplitter contract whose owner() is the platform Portal (0xe2cE...9De0). The feeReceiver (0x8a08...aB0E) currently holds 1,194.90 BNB and 400,000 FLAP.
Impact:
Every buy and sell transaction permanently loses 3% to the platform treasury. The TaxSplitter's owner (platform Portal) controls where fees are routed. While the tax rate itself is locked, the fee destination could potentially be changed by the TaxSplitter owner if such a function exists in the TaxSplitter implementation.
| Attribute | Value |
|---|---|
| Severity | Low |
| Type | Transparency |
| Status | Open |
Description:
Neither the proxy contract (0xCD96...7777) nor the implementation contract (0x29e6...2aA8) has verified source code on BSCScan. The implementation is a shared template used by the platform's launchpad — all tokens deployed through the platform use the same 15,269-byte implementation.
Impact:
Users cannot independently verify the contract logic via BSCScan. However, the bytecode selector analysis confirms standard ERC-20 functions are present and dangerous functions (mint, blacklist, pause) are absent from the bytecode.
| Attribute | Value |
|---|---|
| Severity | Low |
| Type | Market Risk |
| Status | Open |
Description:
The WBNB-FLAP pair holds only 5.5833 BNB (~$3,400 at current prices). Even a small trade will cause significant price impact. The LP is permanently burned, so liquidity cannot increase from LP additions — only organic trading activity can deepen the order book.
Impact:
Any trade above ~0.5 BNB will experience substantial slippage (>10%). This makes the token effectively illiquid for meaningful positions.
| Attribute | Value |
|---|---|
| Severity | Informational |
| Type | Fee Mechanics |
| Status | Open |
Description:
The antiFarmerRate() returns 0.2 (200,000,000,000,000,000 / 10^18). This mechanism applies a higher tax rate (20%) during the initial launch period to deter bots and snipers. After the anti-farmer window expires, the standard 3% rate applies.
Impact:
Early buyers during the launch window were subject to 20% tax instead of 3%. This is a common anti-snipe mechanism and does not affect current traders.
| Attribute | Value |
|---|---|
| Severity | Informational |
| Type | Supply Distribution |
| Status | Open |
Description:
37.64% of supply is burned (dead address), 58.80% is in LP (which is 100% burned). Only 3.53% of total supply is freely circulating. This creates an artificially constrained supply.
Impact:
The extremely low circulating supply combined with low liquidity means small trades have outsized price impact in both directions.
| Attribute | Value |
|---|---|
| Severity | Informational |
| Type | Architecture |
| Status | Open |
Description:
The FLAP token uses a shared implementation contract (0x29e6...2aA8) via EIP-1167 minimal proxy. This same implementation is used by all tokens deployed through the same launchpad. While EIP-1167 is immutable (the implementation address is hardcoded in bytecode), a vulnerability in the shared implementation would affect all tokens using it.
Impact:
No direct risk to FLAP specifically. The shared implementation pattern is standard for token launchpads and reduces deployment gas costs.
| ID | Title | Severity | Status |
|---|---|---|---|
| F-001 | Permanent 3% tax with platform-controlled routing | Medium | Open |
| F-002 | Source code not verified on BSCScan | Low | Open |
| F-003 | Extremely low liquidity (~5.58 BNB) | Low | Open |
| F-004 | Anti-farmer rate set to 20% | Informational | Open |
| F-005 | 96.47% of supply locked or burned | Informational | Open |
| F-006 | EIP-1167 shared implementation | Informational | Open |
- Mint authority: No
mint()function selector in implementation bytecode - Burn mechanism: Tokens sent to dead address (37.64% burned)
- Pause functionality: No
pause()selector in bytecode - Blacklist capability: No
blacklist()selector in bytecode - Fee-on-transfer: 3% tax, permanent, immutable (owner renounced)
- Maximum supply enforcement: Fixed 1B, no mint capability
- Holder concentration: 3.53% circulating, no single dominant wallet identified
- LP lock verification: 100% burned to dead address (permanent)
- Honeypot indicators: Buy and sell both execute via PancakeSwap router
- Access control: Ownership renounced (
owner()= zero address) - Proxy pattern: EIP-1167 immutable clone (not upgradeable)
- EIP-1967 slot: Empty — confirms no upgrade mechanism
- Dangerous opcodes:
selfdestructanddelegatecallnot in implementation bytecode selectors - ERC-20 compliance: Standard functions present (name, symbol, decimals, totalSupply, balanceOf, transfer, transferFrom, approve, allowance)
- Permit support: EIP-2612 gasless approvals via
eip712Domain()
| Category | Check | Result | Points |
|---|---|---|---|
| 1. Ownership & Access Control | owner() = 0x0000...0000 |
Renounced | 20/20 |
| 2. Supply & Minting | mint() selector not in bytecode |
No minting possible | 20/20 |
| 3. Liquidity & LP Security | LP 100% burned to dead address | Permanently locked | 20/20 |
| 4. Code & Program Safety | No critical/high/medium vulns. Source not verified on BSCScan (-3) | Clean but unverified | 12/15 |
| 5. Fee & Transfer Mechanics | 3% fixed tax, immutable (owner renounced), no blacklist/pause | Fixed fee, cannot change | 13/15 |
| 6. Transparency & Metadata | Source not verified on BSCScan, token metadata on-chain | Partial transparency | 4/10 |
Total Score: 89/100 — LOW-MEDIUM RISK
The following table compares claims made by the Flap.sh project (via docs, website, and public statements) against independently verified on-chain data. Every "On-Chain Reality" entry was verified directly via BSC RPC — no third-party APIs or external data sources were used unless stated otherwise.
| # | Claim | Source | On-Chain Reality | Verdict |
|---|---|---|---|---|
| 1 | "creators can customize trading tax fee rates at 1%, 3%, 5%, or 10%" | docs.flap.sh/flap | taxRate() = 300 bps = 3% — matches one of the stated options. Stored at storage slot 257. |
CONFIRMED |
| 2 | Tax rate cannot exceed stated options | docs.flap.sh/flap (implied by fixed options) | No setTaxRate selector (0xc6d69a30) in implementation bytecode. owner() = zero address. Rate is permanently locked at 3%. |
CONFIRMED |
| 3 | "decentralized, on-chain tools to launch tokens" | docs.flap.sh/flap | owner() = 0x0000...0000 (renounced). No mint(), blacklist(), pause() selectors in 15,269-byte implementation. EIP-1167 immutable proxy. |
CONFIRMED |
| 4 | "where creators earn forever" | flap.sh (main page) | LP 100% burned. Tax 3% permanent (100 years). Tax flows to platform feeReceiver, not to token creator. "Earn forever" is technically true for the platform — not necessarily for individual creators. | MISLEADING |
| Check | Method | Result |
|---|---|---|
| taxRate storage location | eth_getStorageAt(slot 257) |
0x...242cdece...54c9012c — packed: taxSplitter + 0x012c (300 bps) |
| setTaxRate in token | Bytecode selector search (0xc6d69a30) |
NOT FOUND in implementation |
| setTaxRate in Portal | Bytecode selector search in Portal impl (0xe6b2...7533) |
NOT FOUND in Portal |
| Token owner | owner() call |
0x0000...0000 — renounced |
| Implementation owner | owner() call on 0x29e6...2aA8 |
0x0000...0000 — renounced |
| EIP-1967 upgrade slot | eth_getStorageAt(EIP-1967 impl slot) on token |
0x00...00 — empty, not upgradeable |
| Tax end date | taxStart() + taxDuration() |
2026-01-09 + 3,153,600,000 sec = 2125-12-15 (100 years) |
Conclusion: The 3% tax is mathematically impossible to change. There is no function to change it, no owner to call such a function, and no upgrade mechanism to introduce one.
| # | Claim | Source | On-Chain Reality | Verdict |
|---|---|---|---|---|
| 5 | "Certik — Flap Launchpad Protocol V2, V4, and Flap Tax Token V1" | docs.flap.sh/flap/audit-reports | CertiK Skynet page at skynet.certik.com/projects/flap returns HTTP 200. No downloadable audit PDF found. Audit scope and findings cannot be independently verified. | UNVERIFIABLE |
| 6 | "BlockSec — Flap Tax Token V1" | docs.flap.sh/flap/audit-reports — PDF link | PDF accessible (HTTP 200, 1.67 MB). NOT present in BlockSec's official GitHub repo (blocksecteam/audit-reports). Cannot independently confirm this is a genuine BlockSec report. | PARTIALLY VERIFIABLE |
| 7 | "BlockSec — Flap Launchpad Protocol V5 (including Flap Tax Token V2 and Flap PreLaunch V1)" | docs.flap.sh/flap/audit-reports — PDF link | PDF accessible (HTTP 200, 1.71 MB). NOT present in BlockSec's official GitHub repo. Cannot independently confirm authenticity. | PARTIALLY VERIFIABLE |
| 8 | BlockSec audited AI Provider | BlockSec GitHub | CONFIRMED in BlockSec's official GitHub. However, the audited contract (0xaEe3...7E39) has 0 bytes on-chain — it was never deployed. BlockSec audited code that does not exist on the blockchain. |
CONFIRMED audit, but contract NOT DEPLOYED |
| 9 | "14 vault types available" — AI Smart Buyback, Gift, Split, BNBShare, Buyback & Burn, Burn Dividend, Silent, LP Staking Dividend, Token Staking Dividend, Rank Burn Dividend, Staking & LuckyDraw, Buffett + 2 others | docs.flap.sh/flap — vault list referenced in frontend JS bundle | 10 vault factory addresses tested via eth_getCode(): all 10 return 0 bytes — no code deployed. 2 additional addresses are malformed (39 hex chars instead of 40). Zero vault factories exist on-chain. |
FALSE |
| 10 | AI Provider contract exists and is functional | Referenced in frontend JS bundle at 0xaEe37015f5744acbD0D9bDEF8Ef225601dd67E39 |
eth_getCode('0xaEe3...7E39') = 0 bytes. Contract does not exist on BSC mainnet. |
FALSE |
| 11 | Documentation pages: tokenomics, roadmap, contracts, security, getting-started, FAQ | docs.flap.sh navigation | Tested: /flap/tax-token → 404, /flap/vault → 404, /flap/vaults → 404, /flap/tax-vaults → 404, /flap/tokenomics → 404, /flap/security → 404. Most documentation pages return 404. |
FALSE |
| 12 | Supported integrations: OKX Wallet, Binance Wallet, GMGN, etc. | docs.flap.sh/flap | Not verified in this CA audit (out of scope — requires frontend testing). | OUT OF SCOPE |
| Component | Address | Type | Verified |
|---|---|---|---|
| Token taxRate | 0xCD96...7777 slot 257 |
300 bps (3%) | On-chain |
| TaxSplitter | 0x242c...54c9 |
EIP-1167 proxy (45 bytes) → impl 0xC7C8...f137 (6,023 bytes) |
On-chain |
| TaxSplitter owner | 0xe2cE...9De0 |
Platform Portal contract (2,882 bytes, 1.23M txns, 563.52 BNB) | On-chain |
| feeReceiver | 0x8a08...aB0E |
Contract (171 bytes), holds 1,194.90 BNB + 400,000 FLAP | On-chain |
| beneficiary | 0x171a...ddE5 |
EOA, 0 BNB, 0 FLAP | On-chain |
The TaxSplitter is owned by the platform Portal contract, not by the token deployer. Tax revenue (3% of every buy/sell) flows to the platform's feeReceiver contract. This is standard for platform-launched tokens — the platform takes a cut as its business model.
All findings can be independently verified using the following commands:
# Token basic info
python3 -c "
from web3 import Web3
w3 = Web3(Web3.HTTPProvider('https://bsc-dataseed1.binance.org/'))
CA = Web3.to_checksum_address('0xCD96a472b448d6C2c99F714737E7F9F4fCa67777')
abi = [
{'inputs':[],'name':'name','outputs':[{'type':'string'}],'stateMutability':'view','type':'function'},
{'inputs':[],'name':'symbol','outputs':[{'type':'string'}],'stateMutability':'view','type':'function'},
{'inputs':[],'name':'decimals','outputs':[{'type':'uint8'}],'stateMutability':'view','type':'function'},
{'inputs':[],'name':'totalSupply','outputs':[{'type':'uint256'}],'stateMutability':'view','type':'function'},
{'inputs':[],'name':'owner','outputs':[{'type':'address'}],'stateMutability':'view','type':'function'},
]
c = w3.eth.contract(address=CA, abi=abi)
print(f'Name: {c.functions.name().call()}')
print(f'Symbol: {c.functions.symbol().call()}')
print(f'Decimals: {c.functions.decimals().call()}')
print(f'Supply: {c.functions.totalSupply().call() / 10**18:,.0f}')
print(f'Owner: {c.functions.owner().call()}')
"
# Bytecode size and proxy check
python3 -c "
from web3 import Web3
w3 = Web3(Web3.HTTPProvider('https://bsc-dataseed1.binance.org/'))
CA = Web3.to_checksum_address('0xCD96a472b448d6C2c99F714737E7F9F4fCa67777')
code = w3.eth.get_code(CA)
print(f'Proxy size: {len(code)} bytes (45 = EIP-1167)')
print(f'Bytecode: {code.hex()}')
impl = '0x' + code.hex()[20:60]
print(f'Implementation: {impl}')
impl_code = w3.eth.get_code(Web3.to_checksum_address(impl))
print(f'Implementation size: {len(impl_code)} bytes')
"
# Tax rate verification
python3 -c "
from web3 import Web3
w3 = Web3(Web3.HTTPProvider('https://bsc-dataseed1.binance.org/'))
CA = Web3.to_checksum_address('0xCD96a472b448d6C2c99F714737E7F9F4fCa67777')
r = w3.eth.call({'to': CA, 'data': '0x771a3a1d'})
print(f'taxRate: {int(r.hex(), 16)} bps ({int(r.hex(), 16)/100}%)')
"
# LP burn verification
python3 -c "
from web3 import Web3
w3 = Web3(Web3.HTTPProvider('https://bsc-dataseed1.binance.org/'))
pair = Web3.to_checksum_address('0x4555212f2b560eC1fA48c96e2F253fe2323aF319')
dead = Web3.to_checksum_address('0x000000000000000000000000000000000000dEaD')
abi = [
{'inputs':[{'type':'address'}],'name':'balanceOf','outputs':[{'type':'uint256'}],'stateMutability':'view','type':'function'},
{'inputs':[],'name':'totalSupply','outputs':[{'type':'uint256'}],'stateMutability':'view','type':'function'},
]
lp = w3.eth.contract(address=pair, abi=abi)
total = lp.functions.totalSupply().call()
burned = lp.functions.balanceOf(dead).call()
print(f'LP Total: {total}')
print(f'LP Burned: {burned}')
print(f'Burn %: {burned/total*100:.4f}%')
"
# Dangerous function selector check
python3 -c "
from web3 import Web3
w3 = Web3(Web3.HTTPProvider('https://bsc-dataseed1.binance.org/'))
impl = Web3.to_checksum_address('0x29e6383F0ce68507b5A72a53c2B118a118332aA8')
code = w3.eth.get_code(impl).hex()
checks = {'mint(address,uint256)':'40c10f19','blacklist':'44337ea1','pause':'8456cb59','setTaxRate':'c6d69a30'}
for name, sel in checks.items():
print(f'{name}: {\"FOUND\" if sel in code else \"NOT FOUND\"} in bytecode')
"
# EIP-1967 upgrade slot check (should be empty)
python3 -c "
from web3 import Web3
w3 = Web3(Web3.HTTPProvider('https://bsc-dataseed1.binance.org/'))
CA = Web3.to_checksum_address('0xCD96a472b448d6C2c99F714737E7F9F4fCa67777')
slot = '0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc'
val = w3.eth.get_storage_at(CA, slot)
print(f'EIP-1967 impl slot: {val.hex()}')
print(f'Upgradeable: {\"YES\" if val.hex() != \"0\" * 64 else \"NO (immutable EIP-1167 clone)\"}')
"| Severity | Description |
|---|---|
| Critical | Direct loss of funds, complete protocol takeover, or irreversible systemic damage. Exploitation requires minimal effort or can be automated. Immediate remediation required before any deployment or continued operation. |
| High | Significant risk to user funds, protocol integrity, or availability. Exploitation is feasible with moderate effort or under specific but realistic conditions. Must be resolved before mainnet deployment. |
| Medium | Conditional risk requiring specific circumstances, user interaction, or a combination of factors to exploit. Material impact if triggered. Should be addressed before mainnet deployment. |
| Low | Minor issues, best practice deviations, or theoretical risks with low probability and limited impact. Recommended to fix but not deployment-blocking. |
| Informational | Code quality observations, gas optimizations, documentation gaps, or architectural suggestions. No direct security impact. |
| Tool | Version | Purpose |
|---|---|---|
| Web3.py | 6.x | On-chain RPC queries (BSC mainnet) |
| BSC RPC | bsc-dataseed1.binance.org | Direct node access |
| PancakeSwap V2 Router | 0x10ED43C718714eb63d5aA57B78B54704E256024E |
Buy/sell simulation |
| PancakeSwap V2 Factory | 0xcA143Ce32Fe78f1f7019d7d551a6402fC5350c73 |
Pair discovery |
| Manual bytecode analysis | N/A | Function selector identification |
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-03-28 | Mefai Security Research | Initial CA audit report |
| 1.1 | 2026-03-28 | Mefai Security Research | Added Claims vs On-Chain Reality section, tax immutability deep verification, platform audit cross-check |
| 1.2 | 2026-03-28 | Mefai Security Research | Added source URLs to all claims, added "creators earn forever" analysis, added documentation 404 finding, reclassified vault/AI claims as FALSE |
Mefai Security Research
- GitHub: github.com/mefai-dev
This report was prepared by Mefai Security Research. Unauthorized distribution or modification of this document is prohibited without prior written consent.