Note that we only audited the code available to us on this URL at the time of the audit. If the URL is not from any block explorer (main net), it may be subject to change. Always check the contract address on this audit report and compare it to the token you are doing research for.
Could be fixed, will not bring problems.
Reliance on third-parties
Interaction between smart contracts with third-party protocols like Uniswap and Pancakeswap. The audit’s scope presupposes that third party entities will perform as intended and treats them as if they were black boxes. In the real world, third parties can be hacked and used against you. Additionally, improvements made by third parties may have negative effects, such as higher transaction costs or the deprecation of older routers.
Recommendation
Regularly check third-party dependencies, and when required, reduce severe effects.
Update notes
Could be fixed, will not bring problems.
Initial supply
When the contract is deployed, the contract deployer receives all of the initially created assets. Since the deployer and/or contract owner can distribute tokens without consulting the community, this could be a problem.
Recommendation
Private keys belonging to the employer and/or contract owner should be stored properly. The initial asset allocation procedure should involve consultation with the community.
Update notes
Could be fixed, will not bring problems.
Unchecked Call Return Value
The return value of a message call is not checked. Execution will resume even if the called contract throws an exception. If the call fails accidentally or an attacker forces the call to fail, this may cause unexpected behaviour in the subsequent program logic.
function claimStuckTokens(address token) external onlyOwner {
require(token != address(this), "Owner cannot claim contract's balance of its own tokens");
if (token == address(0x0)) {
payable(msg.sender).sendValue(address(this).balance);
return;
}
IERC20 ERC20token = IERC20(token);
uint256 balance = ERC20token.balanceOf(address(this));
ERC20token.transfer(msg.sender, balance);
}
Example
pragma solidity 0.4.25;
contract ReturnValue {
function callchecked(address callee) public {
require(callee.call());
}
function callnotchecked(address callee) public {
callee.call();
}
}
Recommendation
If you choose to use low-level call methods, make sure to handle the possibility that the call will fail by checking the return value.
Update notes
This audit report has been prepared by Coinsult’s experts at the request of the client. In this audit, the results of the static analysis and the manual code review will be presented. The purpose of the audit is to see if the functions work as intended, and to identify potential security issues within the smart contract.
The information in this report should be used to understand the risks associated with the smart contract. This report can be used as a guide for the development team on how the contract could possibly be improved by remediating the issues that were identified.
Coinsult is not responsible if a project turns out to be a scam, rug-pull or honeypot. We only provide a detailed analysis for your own research.
Coinsult is not responsible for any financial losses. Nothing in this contract audit is financial advice, please do your own research.
The information provided in this audit is for informational purposes only and should not be considered investment advice. Coinsult does not endorse, recommend, support or suggest to invest in any project.
Coinsult can not be held responsible for when a project turns out to be a rug-pull, honeypot or scam.
Share this audit report