EN

Официальное заключение

Deep Scan Mode Screening: 24 June 2023
Disclaimer

Sanochkina provides due-diligence project scoring for various projects. Sanochkina in no way guarantees that a project will not remove liquidity, sell off teamsupply, or otherwise exit scam.
Sanochkina does the legwork and provides public information about the project in an easy-to-understand format for the common person.

Agreeing to an scoring in no way guarantees that a team will not remove all liquidity (“Rug Pull”), remove liquidity slowly, sell off tokens, quit the project, or completely exit scam. There is also no
way to prevent private sale holders from selling off their tokens.
It is ultimately your responsibility to read through all documentation, social media posts, and contract code of each individual project to draw your own conclusions and set your own risk
tolerance.

Sanochkina in no way takes responsibility for any losses, nor does Sanochkina encourage any speculative investments. The information provided in this scoring is for information purposes only and should not be considered investment advice. Sanochkina does not endorse, recommend, support, or suggest any projects that have been scoring. An scoring is an informational report based on our findings, We BEP recommend you do your own research, we
will never endorse any project to invest in.

The legal opinion is not a guarantee for safety. your reliance on a badge is solely at your own risk. we are not responsible for your investment loss and hereby expressly disclaim any liabilities that may arise from your use or reference of the badge.
Scoring Scope

Sanochkina was comissioned by Briefcase to perform an scoring based on the following code:

  • https://bscscan.com/address/ 0x419264d79b92b8de3c710 ab0cd3406cd11990e02#code

Note that we only scoring the code available to us on this URL at the time of the scoring. If the URL is not from any block explorer (main net), it may be subject to change. Always check the contract address on this scoring report and compare it to the token you are doing research for.


ScoringMethod

Sanochkina manual smart contract scoring is an extensive methodical examination and analysis of the smart contract’s code that is used to interact with the blockchain. This process is conducted to discover errors, issues and security vulnerabilities in the code in order to suggest improvements and ways to fix them.


Automated Vulnerability Check

Sanochkina uses software that checks for common vulnerability issues within smart contracts. We use automated tools that scan the contract for security vulnerabilities such as integer-overflow, integer-underflow, out-of-gas-situations, unchecked transfers, etc.


Manual Code Review

Sanochkina manual code review involves a human looking at source code, line by line, to find vulnerabilities. Manual code review helps to clarify the context of coding decisions. Automated tools are faster but they cannot take the developer’s intentions and general business logic into consideration.

Project Overview

Name & Logo - Briefcase

Project Statement - A decentralised venture capital fund that helps MVP-stage technology projects obtain investment through the issuance and listing of intellectual property royalty-backed digital assets.

Website & Social Media
  • Website - https://briefcase.group/
Blockchain
  • Network - Binance Smart Chain
  • Contract - 0x419264d79b92b8DE3C710 AB0cD3406Cd11990e02 (verified)
Token Data

Token Symbol - BFC

Token Name - BRIEFCASE

Contract Address - 0x419264d79b92b8DE3C710 AB0cD3406Cd11990e02

Compiler Version - v0.8.7+commit.e28d00a7

Total Supply - 21,000,000 BFC

Decimals - 9

Contract Creator - 0xea0636a976b7f6af5f0b61aba9e08f32dc8dc7a6

Contract Owner - 0x2f3392455d0b4882b6fa5bb8650deefbaad628d1
Security Detection

Risky Item - ϟ 0
Attention Item - ⚠️ 2

Safe - ✔️
Attention - ⚠️
Risky - ϟ

Contract Security
  • Contract Verified - ✔️ Yes
  • Proxy Contract - ✔️ No
  • Mint Function - ✔️ No
  • Retrieves Ownership Function - ✔️ No
  • Authority to Change Balance - ✔️ No
  • Hidden Owner - ✔️ No
  • Self-destruct Function - ✔️ No
  • External Call Risk - ✔️ No
Honeypot Risk
  • Appear to be a Honeypot - ✔️ No
  • Suspend Trading Function - ✔️ No
  • Can Sell all of the Token - ✔️ Yes
  • Can be Bought - ✔️ Yes
  • Trading Cooldown Function - ✔️ No
  • Anti_whale Function - ⚠️ No
  • Tax Modified Function - ⚠️ No
  • Blacklist Function - ✔️ No
  • Whitelist Function - ✔️ No
  • Personal Addresses Tax Changes - ✔️ No
Vulnerability Summary

Critical - 0
Major - 1
  • Incorrect Access Control
Medium - 1
  • Account Existence Check For Low Level Calls
Minor - 5
  • Long Number Literals
  • Outdated Compiler Version
  • Internal Functions Never Used
  • Use Of Floating Pragma
  • Missing Events
Info - 7
  • Missing State Variable Visibility
  • Require With Empty Message
  • Unused Receive Fallback
  • In-line Assembly Detected
  • Hard-coded Address Detected
  • Missing Indexed Keywords In Events
  • Presence Of Overpowered Role
Vulnerability Scan

Incorrect Access Control
Severity - Major
Confidence Parameter - Firm

Vulnerability Description
Access control plays an important role in segregation of privileges in smart contracts and other applications. If this is misconfigured or not properly validated on sensitive functions, it may lead to loss of funds, tokens and in some cases compromise of the smart contract.

The contract Briefcase is importing an access control library @openzeppelin/contracts/access/Ownable.sol but the function increaseAllowance is missing the modifier onlyOwner.

Scanning Line:
513 function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
514 _approve(_msgSender(), spender, _allowances[_msgSender()][spender].add(addedValue)); 515 return true;
516 }

518 function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
519 _approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(- subtractedValue, "ERC20: decreased allowance below zero"));
520 return true;
521 }

527 function approve(address spender, uint256 amount) public override returns (bool) {
528 _approve(_msgSender(), spender, amount);
529 return true;
530 }

643 function transfer(address recipient, uint256 amount) public override returns (bool) {
644 _transfer(_msgSender(), recipient, amount);
645 return true;
646 }

Scanning Line:
648 function transferFrom(address sender, address recipient, uint256 amount) public override returns (bool) {
649 _transfer(sender, recipient, amount);
650 _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub- (amount, "ERC20: transfer amount exceeds allowance"));
651 return true;
652 }

Recommendation:
It is recommended to go through the contract and observe the functions that are lacking an access control modifier. If they contain sensitive administrative actions, it is advised to add a suitable modifier to the same.
Vulnerability Scan

Account Existence Check For Low Level Calls
Severity - Minor
Confidence Parameter - Firm

Vulnerability Description
The low-level calls such as the delegatecall, call, or callcode, do not validate prior to the call if the destination account exists or not. They will always return true even if the account is non-existent, therefore, giving invalid output.

Scanning Line:
105 (bool success, ) = recipient.call{ value: amount }("");

Recommendation:
It is recommended to have an account existence check before making these low-level calls to confirm the presence of an external account with some valid code. Eg: using extcodesize.
Weakness Classification

  • Function Default Visibility | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Integer Overflow and Underflow | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Outdated Compiler Version | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Floating Pragma | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Unchecked Call Return Value | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Unprotected Ether Withdrawal | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Unprotected Selfdestruct Instruction | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Reentrancy | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • State Variable Default Visibility | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Uninitialized Storage Pointer | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Assert Violation | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Use of Deprecated Solidity Functions | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Delegatecall to Untrusted Callee | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • DoS with Failed Call | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Transaction Order Dependence | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Authorization through tx.origin | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Block values as a proxy for time | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Signature Malleability | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Incorrect Constructor Name | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Shadowing State Variables | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Weak Sources of Randomness from Chain Attributes | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Missing Protection against Signature Replay Attacks | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Lack of Proper Signature Verification | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Requirement Violation | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Write to Arbitrary Storage Location | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Incorrect Inheritance Order | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Insufficient Gas Griefing | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Arbitrary Jump with Function Type Variable | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • DoS With Block Gas Limit | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Typographical Error | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Right-To-Left-Override control character (U+202E) | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Presence of unused variables | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Unexpected Ether balance | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Hash Collisions With Multiple Variable Length Arguments | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Message call with hardcoded gas amount | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Code With No Effects | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
  • Unencrypted Private Data On-Chain | AI Scan - ✔️ | Human Review - ✔️ | Result - Passed
Website Security

Security Detection - ✔️ Low Security Risk
Our automated scan did not detect malware on your site.

Sitescan Report
  • Normalized URL - URL https://briefcase.group/
  • Submission date - Thu Jun 23 11:03:14 2023
  • Server IP address - 15.235.185.254
  • Country - Switzerland
  • Web Server - LiteSpeed
  • Malicious files - 0
  • Suspicious files - 0
  • Potentially Suspicious files - 0
  • Clean files - 14
  • External links detected - 23
  • Iframes scanned - 0
  • Iframes scanned - No

Scanned files analysis
  • Malicious files - 0
  • Suspicious files - 0
  • Potentially Suspicious files - 0
  • Clean files - 14

Malware Checked
✔️ No malware detected by scan (Low Risk)
✔️ No injected spam detected (Low Risk)
✔️ No defacements detected (Low Risk)
✔️ No internal server errors detected (Low Risk)

Blacklist Checked
✔️ Domain clean by Google Safe Browsing
✔️ Domain clean by McAfee
✔️ Domain clean by Sucuri Labs
✔️ Domain clean by ESET
✔️ Domain clean by PhishTank
✔️ Domain clean by Yandex
✔️ Domain clean by Opera

SSL Checked
✔️ Sanochkina.com resolves to 15.235.185.254
✔️ The certificate should be trusted by all major web browsers
✔️ The certificate will expire in 79 days.
✔️ The hostname (Sanochkina.com) is correctly listed in the certificate

Server
  • Common name: *.briefcase.group
  • ASTs: *.briefcase.group, briefcase.group
  • Valid from March 26, 2023 to June 24, 2023
  • Serial Number: 03af6388087788681935fe4b9769353a4aa7
  • Signature Algorithm: sha256WithRSAEncryption
  • Issuer: R3


Chain 1
  • Common name: R3
  • Organization: Let's Encrypt
  • Location: CH
  • Valid from September 3, 2020 to September 15, 2025
  • Serial Number: 912b084acf0c18a753f6d62e25a75f5a
  • Signature Algorithm: sha256WithRSAEncryption
  • Issuer: ISRG Root X1

Chain 2
  • Common name: ISRG Root X1
  • Organization: Internet Security Research Group
  • Location: CH
  • Valid from January 20, 2021 to September 30, 2024
  • Serial Number: 4001772137d4e942b8ee76aa3c640ab7
  • Signature Algorithm: sha256WithRSAEncryption
  • Issuer: DST Root CA X3
Conclusion opinion

Utility Token AST is a form of intellectual property and is secured by a royalty. A smart contract study found no scam threats and confirms royalty distribution to all holders.

Project verification completed

Sanochkina for - BFC

Block number: 0000075