Logo:
Name: Wrapped Minu
Ticker Symbol: WMINU
Network: Pulsechain
Contract Address: 0x8Ce726d39819Afe6b75c30da3c435842aDa5Be00
Purpose: Introducing wMinu on PulseChain: a revolutionary audited and renounced smart contract. Engage in arb trading between Minu and wMinu, while simultaneously burning the circulating supply and gaining a profit.
Project URL: https://www.minupls.com/how-to-arb
Project social media: Twitter, Telegram
Contract Source Code: Link
Audit(s): NIL
REVIEWED BY: Elmyre
This is a complete review of the WrappedMinu smart contract project based on the available code in https://scan.pulsechain.com/address/0x30D235fdC54b806e684e653989364eA1Ae9C8289/contracts#address-tabs.
Even though the code is simple, I would advise anyone that is reading this document to also look at other reviews and analysis of the contract! Some issues or security concerns might not be covered here due to my lack of knowledge and understanding, so getting a second opinion is a good thing to keep in mind! This review is based on the deployed version of the code.
The WrappedMinu smart contract inherits from two OpenZeppelin contracts:
These are widely used for creating ERC-20 tokens and audited, reducing their likelihood of having critical bugs or vulnerabilities. They provide basic token functionality and enable ownership control.
This contract combines the functionality of wrapping and unwrapping tokens, along with a customizable burn fee, allowing users and the owner to manage token transactions. The OnlyOwner modifier ensures that only the owner has control over certain functions like setting the burn percentage and managing fee exclusions/inclusions.
The Constructor, on deployment, initializes the contract with the name “Wrapped Minu” and symbol “WMINU“. It also receives a token address as parameter (supposedly the one for the Minu token) and stores it in the public variable minu.
Minor Bug: In the _calculateTax function, if “amount x burnPercentage” is less than 100000, the burn fee will always be zero due to the value of the division rounding down!
The contract has some owner-only functions that allows it to manage and configure the fee structure and decide which addresses are subject to the burn fee.
Also, as written, it has a mechanism where users are subjected to a burn fee on every transfer. This means that a portion of the WMINU tokens is burned on each transfer and removed from circulation. As a result, over time, the total supply of WMINU tokens will decrease due to the burn fee, and this decrease in supply is equivalent to Minu tokens being held by the contract.
Users who pay the burn fee effectively lose a portion of their WMINU tokens, and this amount cannot be unwrapped to retrieve the initial Minu tokens balance. The contract will accumulate Minu tokens over time because of the burn fees and are effectively owned by the contract.
This aspect of the contract design benefits the contract itself, including the owner if they control it, at the expense of users who are subject to the burn fee.
The contract’s owner can also mint has many WMINU tokens as it wants, via the _mint function, potentially being able to significantly influence the market value of both WMINU and MINU tokens.
Only the mentioned above minor bug was found, and no security risks were uncovered. However, since the contract depends heavily on the MINU token, any vulnerabilities or flaws in its contract could affect this one.
Important Note: The contract’s ownership was revoked in the transaction 0xc93d99082a7d2f09d7dd7ba8673c7a7c94faeeaf780b1ce81e388fdfbf5e49a5, which can also be verified in https://scan.pulsechain.com/address/0x30D235fdC54b806e684e653989364eA1Ae9C8289/logs#address-tabs.
This effectively means that the burning fees cannot be changed anymore and that the Minu tokens accumulated by the contract are effectively lost.