Connect your wallet

Audit Report


  • Security Score :  6/10
  • Tags :   token, elastic
  • Address :   0x581B6D6a2e86168352D92447559Ac531c2C2B1bF
  • Blockchain :  BNB Smart Chain
  • Website :


Golden Beans is a new cryptocurrency linked to the BNB All Star project. It has elastic properties that distribute some fees to all token holders by increasing its value. The total supply also changes algorithmically, by increasing or decreasing.

It's recommended that users review the whitepaper of the project and this report in its entirety to fully understand the application's fundamentals and risks.

We found one medium-severity issue related to frontrunning; the deployer team acknowledged it.


  1. The audit focuses on the smart contract deployed on BNB Smart Chain, and is the only smart contract associated with this token.
  2. The audit does not cover any off-chain components or systems associated with the contract.
  3. The audit does not cover any user interfaces or user experience associated with the contract.
  4. The audit does not cover any legal or regulatory compliance of the contract.


This is an elastic token which means the total supply is modified algorithmically, in this case, by burning fees which reduces the total supply of the token, and distributing other fees into the price of each token. This token is acquired by purchasing BEANS through interaction with the smart contract. BEANS can then be burned (which decreases the total supply) and exchanged for BNB. The contract also features a referral system which allows users to increase their individual earnings by inviting others to purchase tokens.

Name: Golden Beans

Symbol: BEANS

Initial price: 0.00000011 BNB for 1 Golden Bean

Fees & burn:

  • Purchase: 6% to 6 accounts, then 10% liquified to increase the price of BEANS.
  • Withdraw: 6% to 6 accounts.
  • Brew: 10% liquified to increase the price of BEANS, the rest is burned.
  • Transfer: 10% burned to increase the price of BEANS.

Fees receivers (1% each, from purchases and withdraws):

  • 0x07315b79FEa4d2eEeF6Cd6498FbF9c61A32a8678
  • 0x6667b89c61bF929bb6440B7772F7893Fa44ED3F8
  • 0xa5a47E554Ba4762Fb3972506F883D4479A91C01b
  • 0x1945f4aC86c97d4E5Bace5c2e55F798f792F6698
  • 0xD212D062F7E4f03D56e41217b0362756E081F492
  • 0x93b01FfD2DB6E8B01088b5063f5A098710Baf44B

Whitelist (early roasters): While the whitelist system is active, the maximum deposit per whitelisted address is 1 BNB.

Referral system:

  • 3.34% distributed to the referrer if the referrer has a BEANS balance higher than "proofOfBean" (this amount can be modified by privilege), on purchase.
  • If no referrer address is provided on purchase, the referral bonus is instead added to the value of the token.

Notable fact: This token does not use a standard liquidity pool. The price for each token is determined algorithmically and swapped from the smart contract directly.


[CPFM-1] sandwich MEDIUM
[CPFI-1] dividend fee does not decrease supply INFORMATIONAL

CPFM-1: An attacker can frontrun a buyer purchasing by buying tokens before and selling their tokens immediately after, in order to turn a profit. Buyers can mitigate this frontrunning risk by using private transaction solutions. POC

CPFI-1: function brew(): The dividend fee that is removed from circulation in this function does not decrease the total supply of the token and only increase the value of tokens, which is inconsistent with other usage of this fee.


[CPUT-1] buying OK
[CPUT-2] selling OK
[CPUT-3] fees OK
[CPUT-4] supply variation OK
[CPUT-5] transfer OK
[CPUT-6] whitelist OK
[CPUT-7] elasticity OK

Unit testing was conducted to verify possible exploits, validate the logic, and ensure it aligns with the project's fundamentals. It was done so successfully.


  1. Team
  • Can disable whitelist, can only be done once and is irreversible.
  • Can add new baristas and whitelisted account addresses.
  • Can increase whitelist maximum amount, the new maximum must be strictly higher than the previous one.
  • Can change the amount of beans required for referrals.
  1. Baristas
  • Can add a new whitelisted address.


We recommend implementing a delay before the sale of a token in order to mitigate sandwich attacks and resolve issue CPFM-1, but also to remove a point of failure.