Knoxnet

We express our gratitude to the Knoxnet team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

KnoxNet is a fee-on-transfer token architecture built on a single ERC-20 contract, featuring built-in trading controls, tax handling, blacklist capabilities, and automated fee conversion through Uniswap V2.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• The project does not provide a specification describing the intended behavior of trading controls, fee processing, blacklist logic, launch flow, or administrative configuration boundaries.

• A technical design description is not provided. In particular, there is no separate documentation explaining how tax collection, auto-swap, liquidity support, privileged roles, and transfer restrictions are expected to interact under different configurations.

Code quality

• The code inlines commonly known utility and base-contract logic instead of reusing external well-established dependencies through imports. This increases file size and reduces modularity and review clarity.

• Several template-style patterns are present, particularly around standard ERC-20, ownership, and router-integration logic, combined directly with custom business logic in a single file. This makes it harder to distinguish standard behavior from protocol-specific behavior during review and maintenance.

• The development environment is configured.

Test coverage

Code coverage of the project is 52.10% (branch coverage).

• The test suite covers deployment, two-step ownership transfer, ERC-20 core behavior, trading activation, buy and sell transaction limits, wallet-limit enforcement, blacklist add flow, tax application, tax configuration updates, manual clog clearing, airdrop behavior, ETH recovery, liquidity-pool management, and auto-swap configuration setters.

• The main remaining coverage gap is the automatic _autoSwapBack execution path during live sell transactions, including swap execution, liquidity addition, per-block auto-swap counting, and related try/catch failure branches.

• Additional uncovered paths include blacklist removal, recipient and caller blacklist reverts, the inSwap internal transfer bypass, several view/helper functions, and direct execution of the _tryAddLiquidityETH helper.

KnoxNet is a fee-on-transfer token protocol built around a single main ERC-20 token contract with integrated trading controls, tax collection, blacklist management, and automated fee conversion through Uniswap V2.

It consists of the following components:

KnoxNet — the main ERC-20 token contract that mints the full initial supply to the deployer at deployment and manages all token logic internally, including transfer taxation, transaction and wallet limits, blacklist restrictions, launch controls, and fee processing.

It has the following attributes:

Name: KnoxNet Symbol: KNX Decimals: 18 Total supply: 1b tokens

The protocol is designed for Ethereum-compatible deployment and is tightly coupled to a Uniswap V2-style trading flow. The contract creates its own liquidity pair against WETH during deployment and distinguishes between buy, sell, and regular transfer activity based on whether a liquidity pool is involved.

The token applies configurable fees on buy and sell transactions, with optional taxation on wallet-to-wallet transfers. Collected fee tokens are accumulated inside the contract and can later be converted into ETH. Depending on configuration, the converted value may be routed to a marketing receiver and, if liquidity fees are enabled, partially paired back into liquidity.

The system includes multiple administrative controls. The owner can adjust tax settings, transaction and wallet limits, fee receivers, liquidity-pool classification, and auto-swap behavior. A separate trusted-operator role can perform selected sensitive actions such as opening trading, updating the blacklist, and recovering ETH from the contract.

The protocol does not include staking, vesting, governance, upgradeability, or minting beyond the initial supply. Its design centers on token trading controls and post-trade fee handling rather than on broader DeFi utility.KnoxNet is a fee-on-transfer token protocol built around a single main ERC-20 token contract with integrated trading controls, tax collection, blacklist management, and automated fee conversion through Uniswap V2.

Privileged roles

• The owner of the KnoxNet contract role can arbitrarily change taxation parameters, transaction and wallet restrictions, fee receivers, transfer-tax behavior, liquidity-pool classification, and auto-swap settings. The owner can therefore materially change core token behavior and trading conditions at will.

• The owner can also assign or remove trusted operators. Through this capability, the owner indirectly controls which external addresses are allowed to perform selected sensitive operational actions on the protocol.

• A trusted operator of the KnoxNet contract has elevated operational authority over a subset of critical functions. This role can enable trading, update the blacklist, and recover ETH from the contract to an arbitrary address. As a result, trusted operators are able to influence market access and extract ETH held by the contract.

• The owner and trusted operators are exempt from some of the restrictions imposed on regular users, either directly or through configurable exemption mappings. This creates a privileged administrative layer with materially different execution rights from ordinary token holders.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope