manager.sol
Type | Severity | Location | Status |
Logical Issue | High | initializePresale | Resolved |
Description
There is no guarantee that the owner deposits will satisfy the presale and liquidity rates.
Type | Severity | Location | Status |
Best Practice | Medium | Proxy | Resolved |
Description
masterCopy
is unused and unnecessary. In addition It will be overridden by the implementation contract, making its usage dangerous.Recommendation
Remove this variable.
Type | Severity | Location | Status |
Best Practice | Medium | createNewLaunchpad, createNewFairLaunch | Resolved |
Description
The proxy contract call can be frontrun by a malicious user who deploys to the same address as the legitimate user because the salt is generated only by the address and timestamp.
Recommendation
Use a more secure salt that cannot cause denial of service.
Type | Severity | Location | Status |
Best Practice | Medium | createNewLaunchpad, createNewFairLaunch | Acknowledged |
Description
Proxy contracts are very vulnerable and may easily cause high severity logical and security issues by misusing them.
Recommendation
Make sure you are familiar with the potential risks of using proxy contracts and have handled them properly.
Type | Severity | Location | Status |
Best Practice | Low | createNewLaunchpad, createNewFairLaunch | Not Resolved |
Description
A struct can be used to pass multiple variables in a more descriptive and readable way.
Type | Severity | Location | Status |
Best Practice | Medium | global | Resolved |
Description
There are many different places in the code containing "magic numbers". There is no way for us to know what they mean and therefore, review the logic of the code containing them. In addition, parts containing "magic numbers" are more error prone.
For example:
uint256 tokenAmount = values[3].mul(values[6]).mul(1000 + values[11]).div(1000) + values[3].mul(values[7]).mul(1000 - values[10]).div(1000).mul(values[8]).div(1000);
uint256 hardCap = values[3].mul(1000000).div(1000 - values[7]).div(1000 - values[5]);
uint256 tokenAmount = values[4].mul(1000 + (1000 - values[7]).mul(values[5]).div(1000) + values[8]).div(1000);
IBEP20(addresses[0]).safeTransferFrom(msg.sender, launchpad, tokenAmount.div(10**18) + values[15]);
Recommendation
Change these values into variables or constants with descriptive names.
Type | Severity | Location | Status |
Best Practice | Informational | createNewLaunchpad, createNewFairLaunch | Not Resolved |
Description
If these values must be equal to a constant you know beforehand, why are they received externally? Just use the const.
Last modified 6mo ago