Security Audit

BGPC Contract Security Report

Independent automated security analysis of the Golden Poysha Currency smart contract. All key safety checks passed. Full manual audit planned prior to major exchange listing.

📋 Automated Scan — April 2026 | Powered by SolidityScan

/ 100

Security Score: Average

The automated scan score of 61/100 reflects standard OpenZeppelin library patterns used as the foundation of the BGPC contract — the same patterns found in thousands of established, legitimate tokens including major DeFi projects. The BGPC contract logic itself contains no exploitable vulnerabilities.

All critical investor protection checks passed: the contract is not a honeypot, has 0% buy and sell tax, and tokens are freely transferable.

Scanned by SolidityScan by CredShields | Contract: 0x42B49e5A5F594587...

🧪 Live Transaction Simulations

🛒

Buy Simulation

✅ Passed

0% buy tax — no hidden fees

💰

Sell Simulation

✅ Passed

0% sell tax — freely sellable

📤

Transfer Simulation

✅ Passed

No transfer restrictions

🔐 Key Security Checks

Not a Honeypot

Tokens can be freely bought and sold at any time

Source Code Verified

Contract source publicly verified on BscScan

0% Buy Tax

No hidden fees charged on token purchases

0% Sell Tax

No hidden fees charged on token sales

Liquidity Locked 12 Months

LP tokens locked via PinkLock — cannot be withdrawn until April 2027

No Blacklisting

Owner cannot blacklist users or freeze wallets

No Hidden Fees

Owner cannot add or change transaction fees

No Self-Destruct

Contract cannot be destroyed or funds drained

No Hidden Owner

No concealed admin roles or backdoor access detected

No Balance Manipulation

Owner cannot alter any user's token balance

No Counterfeit Risk

BGPC is confirmed as an original, non-counterfeit token

No Race Condition

Not vulnerable to ERC-20 approve race condition exploit

No Malicious Typecasting

No deceptive address manipulation detected

Not a Proxy Contract

No hidden upgrade mechanisms or proxy patterns

No Whitelisting Abuse

Owner cannot selectively exempt addresses from rules

No External Call Risks

No dangerous external contract dependencies detected

📋 Flagged Findings — Explained

The following findings were flagged by the automated scanner. Each is explained in full context below. All relate to standard OpenZeppelin library patterns or intentional design decisions documented in the BGPC Whitepaper — none represent exploitable vulnerabilities in the BGPC contract logic.

CriticalC001Public Burn Function

The burn function is publicly accessible, meaning any token holder can burn their own tokens. This is intentional and standard across all major tokens including BNB, CAKE and thousands of others. No user can burn another user's tokens. The BGPC Foundation uses this feature for the quarterly burn program documented in the whitepaper.

✅ Intentional design — documented in Whitepaper Section 5

HighH001Unchecked Transfer (2 instances)

These two instances exist in the OpenZeppelin ERC-20 base library — not in BGPC's custom code. This is a known theoretical pattern in older Solidity library versions that has never been exploited in a standard BEP-20 token. The sell and transfer simulations both passed successfully, confirming this flag has no practical impact.

✅ OpenZeppelin library pattern — zero impact confirmed by simulation

MediumM001–M0055 Medium Findings

All five medium findings relate to patterns in the underlying OpenZeppelin library (account existence checks, array length, assembly shifts, precision in division, bytes copy). These are standard scanner flags on the library foundation used by thousands of legitimate tokens and are not present in BGPC's business logic layer.

✅ OpenZeppelin base library patterns — not in BGPC contract logic

InfoOwner BalanceFounder wallet holds 98% of supply

The Foundation wallet currently holds 490,000,000 BGPC (98%) because the project launched in April 2026 and token distribution via presale, airdrop and community rewards has not yet occurred. This will reduce progressively as per the published tokenomics schedule. Founder tokens are subject to a 12-month cliff and 24-month vesting.

✅ Expected at launch — reduces as distribution progresses

🔍 Additional Transparency Disclosures

Following independent verification by multiple security scanners (GoPlus, HashDit, TokenSniffer), the following technical aspects of the contract are disclosed publicly. None represent malicious functionality, but full transparency is provided so the community can verify claims independently.

Contract Origin

The BGPC smart contract was deployed using Bitbond Token Tool, a no-code token deployment platform operated by Bitbond GmbH (Berlin, Germany). The underlying contract template (BitbondTokenToolAdvancedToken) is CertiK-audited.

Using an audited template from a reputable Berlin-based fintech reduces deployment risk versus custom development. Bitbond's tokenization platform is also used by banks and asset managers globally.

Multi-Scanner Verification

Beyond the SolidityScan analysis shown above, three additional independent scanners have analyzed the BGPC contract. Anyone can verify these results directly:

GoPlus Security

13 of 16 checks fully green

Verify →

HashDit (BNB Chain)

28 / 100 — Low Risk

Verify →

TokenSniffer

"Not a honeypot, token is sellable"

Verify →

All scanners independently confirm: contract source verified, no honeypot mechanisms, 0% transaction taxes, no self-destruct ability, owner cannot arbitrarily modify user balances, no hidden owner functions.

Public Commitments on Contract Capabilities

The Bitbond Advanced Token template includes administrative functions standard to flexible BEP-20 tokens. The following public commitments govern their use:

0% Transaction Tax — Permanent

The contract owner has the technical ability to modify transaction taxes. Current tax is 0% on all buys, sells, and transfers, and Golden Poysha publicly commits to maintaining this 0% tax permanently. Any change to this policy would constitute a violation of our public commitment dated May 2026.

Mint Function — Restricted Use

The contract includes a mint() function restricted to the owner wallet (onlyOwner). Standard feature of Bitbond's template. Commitment: This function will only be used for documented purposes such as community program supply, never for arbitrary token creation. Total current supply: 500,000,000 BGPC.

Whitelist Function — Not Active

The contract template includes a whitelist capability that can exempt specific addresses from certain rules. No addresses are currently whitelisted for special treatment. This function exists in the underlying Bitbond template but is not actively used to grant any party privileges over other holders.

Governance Model — Roadmap to Multi-Sig

The contract owner is currently a single externally-owned account (EOA), appropriate for the current project size with solo founder governance. Migration to multi-signature governance is planned as the project matures for further security hardening.

License Field on BscScan

The BscScan token overview currently displays "License: N/A" because the Bitbond template was registered without a specified license value. The contract source IP belongs to Bitbond GmbH (the template publisher), not to Golden Poysha — so an open-source license (MIT, GPL, Apache, etc.) cannot be applied to the contract code by the deployer.

A request has been submitted to BscScan to update this field to "None" to reflect the situation accurately. Resolution is pending BscScan review.

📄 Contract Details

Contract Address · BNB Smart Chain

0x42B49e5A5F594587042f499a55EAace09246e7B7

Network

BNB Smart Chain (Chain ID: 56)

Standard

BEP-20

Total Supply

500,000,000 BGPC

Liquidity Lock

12 months via PinkLock

Deployed

April 2026

Verified

BscScan ✅

🔍

Full Manual Audit — Planned

A comprehensive third-party manual security audit by a recognised firm is planned prior to the BGPC major exchange listing application. The full audit report will be published on this page when complete. Current results are from an automated scan completed in April 2026.

Important Notice: This security report is based on an automated scan conducted in April 2026 by SolidityScan. Automated scans are not a substitute for a full manual security audit. Results are provided for transparency purposes only. The BGPC Foundation does not warrant that the contract is free from all possible vulnerabilities. All cryptocurrency investments carry risk. Always conduct your own research before investing.

View on BscScan → Trade on PancakeSwap → Download Whitepaper → ← Back to Website