Blitz Labs
  • Overview
  • Legal Disclaimer
  • Audit Results
    • Owner Capabilities
      • fairLaunch.sol
      • fairLaunchToken.sol
      • preSaleMaster.sol
      • preSaleMasterForToken.sol
      • manager.sol
      • airdrop.sol
    • Findings
      • General Notes
      • fairLaunch.sol
      • fairLaunchToken.sol
      • preSaleMaster.sol
      • preSaleMasterForToken.sol
      • manager.sol
      • airdrop.sol
      • helper.sol
      • airdropManager.sol
      • badgeManager.sol
      • locker.sol
  • Summary
Powered by GitBook
On this page
  • Issue 01
  • Issue 02
  • Issue 03
  • Issue 04
  • Issue 05
  • Issue 06
  • Issue 07
  1. Audit Results
  2. Findings

manager.sol

Issue 01

Type

Severity

Location

Status

Logical Issue

High

initializePresale

Resolved

Description

There is no guarantee that the owner deposits will satisfy the presale and liquidity rates.

Issue 02

Type

Severity

Location

Status

Best Practice

Medium

Proxy

Resolved

Description

masterCopy is unused and unnecessary. In addition It will be overridden by the implementation contract, making its usage dangerous.

Recommendation

Remove this variable.

Issue 03

Type

Severity

Location

Status

Best Practice

Medium

createNewLaunchpad, createNewFairLaunch

Resolved

Description

The proxy contract call can be frontrun by a malicious user who deploys to the same address as the legitimate user because the salt is generated only by the address and timestamp.

Recommendation

Use a more secure salt that cannot cause denial of service.

Issue 04

Type

Severity

Location

Status

Best Practice

Medium

createNewLaunchpad, createNewFairLaunch

Acknowledged

Description

Proxy contracts are very vulnerable and may easily cause high severity logical and security issues by misusing them.

Recommendation

Make sure you are familiar with the potential risks of using proxy contracts and have handled them properly.

Issue 05

Type

Severity

Location

Status

Best Practice

Low

createNewLaunchpad, createNewFairLaunch

Not Resolved

Description

A struct can be used to pass multiple variables in a more descriptive and readable way.

Issue 06

Type

Severity

Location

Status

Best Practice

Medium

global

Resolved

Description

There are many different places in the code containing "magic numbers". There is no way for us to know what they mean and therefore, review the logic of the code containing them. In addition, parts containing "magic numbers" are more error prone.

For example:

uint256 tokenAmount = values[3].mul(values[6]).mul(1000 + values[11]).div(1000) + values[3].mul(values[7]).mul(1000 - values[10]).div(1000).mul(values[8]).div(1000);
uint256 hardCap = values[3].mul(1000000).div(1000 - values[7]).div(1000 - values[5]);
uint256 tokenAmount = values[4].mul(1000 + (1000 - values[7]).mul(values[5]).div(1000) + values[8]).div(1000);
IBEP20(addresses[0]).safeTransferFrom(msg.sender, launchpad, tokenAmount.div(10**18) + values[15]);

Recommendation

Change these values into variables or constants with descriptive names.

Issue 07

Type

Severity

Location

Status

Best Practice

Informational

createNewLaunchpad, createNewFairLaunch

Not Resolved

Description

If these values must be equal to a constant you know beforehand, why are they received externally? Just use the const.

PreviouspreSaleMasterForToken.solNextairdrop.sol

Last updated 2 years ago