SAFU
Audit
KYC
- Not available
- Not available
- Binance Smart Chain
- Solidity
- -
- Yes
- Static Analysis, Manual Audit
- 3 November 2022
Note that we only audited the code available to us on this URL at the time of the audit. If the URL is not from any block explorer (main net), it may be subject to change. Always check the contract address on this audit report and compare it to the token you are doing research for.
- total issues
- issues resolved
- total issues
- issues resolved
- total issues
- issues resolved
- total issues
- issues resolved
Contract Information
- -
- -
- -
- -
- Owner can not mint new tokens
- Owner can not blacklist wallets
- Owner can set max tx
- -
- Owner can exclude from fees
- Owner can not pause trading
Audit Results
No fix needed, will not bring problems.
Error Code
Description
CWE-1164
Presence of unused variables
Unused variables are allowed in Solidity and they do not pose a direct security issue. It is best practice though to avoid them as they can: cause an increase in computations (and unnecessary gas consumption), indicate bugs or malformed data structures and they are generally a sign of poor code quality or cause code noise and decrease readability of the code
pragma solidity 0.4.24;
contract ShadowingInFunctions {
uint n = 2;
uint x = 3;
function test1() constant returns (uint n) {
return n; // Will return 0
}
function test2() constant returns (uint n) {
n = 1;
return n; // Will return 1
}
function test3() constant returns (uint x) {
uint n = 4;
return n+x; // Will return 4
}
>=;
"Test"
pragma solidity ^0.5.0;
contract DepositBox {
mapping(address => uint) balance;
// Accept deposit
function deposit(uint amount) public payable {
require(msg.value == amount, 'incorrect amount');
// Should update user balance
balance[msg.sender] == amount;
}
}
} Recommendation
Remove all unused variables from the code base.
Update notes
Could be fixed, will not bring problems.
Error Code
Description
Outdated Compiler Version
Using an outdated compiler version can be problematic especially if there are publicly disclosed bugs and issues that affect the current compiler version.
- -
Recommendation
It is recommended to use a recent version of the Solidity compiler.
- 0.8.17
Update notes
Could be fixed, will not bring problems.
Error Code
Description
SLT-052
Calls inside a loop
Calls inside a loop might lead to a denial-of-service attack.
Test Example
contract CallsInLoop{
address[] destinations;
constructor(address[] newDestinations) public{
destinations = newDestinations;
}
function bad() external{
for (uint i=0; i < destinations.length; i++){
destinations[i].transfer(i);
}
}
}
If one of the destinations has a fallback function that reverts, bad will always revert.
Recommendation
Favor pull over push strategy for external calls.
Update notes
Could be fixed, will not bring problems.
Error Code
Description
SLT-056
Missing zero address validation
Test Example
contract C {
modifier onlyAdmin {
if (msg.sender != owner) throw;
_;
}
function updateOwner(address newOwner) onlyAdmin external {
owner = newOwner;
}
}
Bob calls updateOwner without specifying the newOwner, so Bob loses ownership of the contract.
Recommendation
Check that the address is not zero.
Update notes
Could be fixed, will not bring problems.
Error Code
Description
CST-014
- Test error
code Recommendation
Could be fixed, will not bring problems.
Error Code
Description
Delegatecall to Untrusted Callee (Proxy)
There exists a special variant of a message call, named delegatecall which is identical to a message call apart from the fact that the code at the target address is executed in the context of the calling contract and msg.sender and msg.value do not change their values. This allows a smart contract to dynamically load code from a different address at runtime. Storage, current address and balance still refer to the calling contract.
Calling into untrusted contracts is very dangerous, as the code at the target address can change any storage values of the caller and has full control over the caller’s balance.
Proxy Test Error Example
pragma solidity ^0.4.24;
contract Proxy {
address owner;
constructor() public {
owner = msg.sender;
}
function forward(address callee, bytes _data) public {
require(callee.delegatecall(_data));
}
}
Recommendation
Use delegatecall with caution and make sure to never call into untrusted contracts. If the target address is derived from user input ensure to check it against a whitelist of trusted contracts.
Update notes
This audit report has been prepared by Coinsult’s experts at the request of the client. In this audit, the results of the static analysis and the manual code review will be presented. The purpose of the audit is to see if the functions work as intended, and to identify potential security issues within the smart contract.
The information in this report should be used to understand the risks associated with the smart contract. This report can be used as a guide for the development team on how the contract could possibly be improved by remediating the issues that were identified.
Coinsult is not responsible if a project turns out to be a scam, rug-pull or honeypot. We only provide a detailed analysis for your own research.
Coinsult is not responsible for any financial losses. Nothing in this contract audit is financial advice, please do your own research.
The information provided in this audit is for informational purposes only and should not be considered investment advice. Coinsult does not endorse, recommend, support or suggest to invest in any project.
Coinsult can not be held responsible for when a project turns out to be a rug-pull, honeypot or scam.
Share this audit report