# manager.sol

## **Issue 01**

| **Type**      | **Severity**                             | **Location**        | **Status**                                     |
| ------------- | ---------------------------------------- | ------------------- | ---------------------------------------------- |
| Logical Issue | <mark style="color:red;">**High**</mark> | `initializePresale` | <mark style="color:green;">**Resolved**</mark> |

**Description**

There is no guarantee that the owner deposits will satisfy the presale and liquidity rates.

## **Issue 02**

| **Type**      | **Severity**                                  | **Location** | **Status**                                     |
| ------------- | --------------------------------------------- | ------------ | ---------------------------------------------- |
| Best Practice | <mark style="color:orange;">**Medium**</mark> | `Proxy`      | <mark style="color:green;">**Resolved**</mark> |

**Description**

`masterCopy`  is unused and unnecessary. In addition It will be overridden by the implementation contract, making its usage dangerous.

**Recommendation**

Remove this variable.

## **Issue 03**

| **Type**      | **Severity**                                  | **Location**                              | **Status**                                     |
| ------------- | --------------------------------------------- | ----------------------------------------- | ---------------------------------------------- |
| Best Practice | <mark style="color:orange;">**Medium**</mark> | `createNewLaunchpad, createNewFairLaunch` | <mark style="color:green;">**Resolved**</mark> |

**Description**

The proxy contract call can be frontrun by a malicious user who deploys to the same address as the legitimate user because the salt is generated only by the address and timestamp.

**Recommendation**

Use a more secure salt that cannot cause denial of service.

## **Issue 04**

| **Type**      | **Severity**                                  | **Location**                              | **Status**                                         |
| ------------- | --------------------------------------------- | ----------------------------------------- | -------------------------------------------------- |
| Best Practice | <mark style="color:orange;">**Medium**</mark> | `createNewLaunchpad, createNewFairLaunch` | <mark style="color:green;">**Acknowledged**</mark> |

**Description**

Proxy contracts are very vulnerable and may easily cause high severity logical and security issues by misusing them.

**Recommendation**

Make sure you are familiar with the potential risks of using proxy contracts and have handled them properly.

## **Issue 05**

| **Type**      | **Severity**                               | **Location**                              | **Status**                                       |
| ------------- | ------------------------------------------ | ----------------------------------------- | ------------------------------------------------ |
| Best Practice | <mark style="color:yellow;">**Low**</mark> | `createNewLaunchpad, createNewFairLaunch` | <mark style="color:red;">**Not Resolved**</mark> |

**Description**

A struct can be used to pass multiple variables in a more descriptive and readable way.&#x20;

## **Issue 06**

| **Type**      | **Severity**                                  | **Location** | **Status**                                     |
| ------------- | --------------------------------------------- | ------------ | ---------------------------------------------- |
| Best Practice | <mark style="color:orange;">**Medium**</mark> | global       | <mark style="color:green;">**Resolved**</mark> |

**Description**

There are many different places in the code containing "magic numbers". There is no way for us to know what they mean and therefore, review the logic of the code containing them. In addition, parts containing "magic numbers" are more error prone.

For example:

```
uint256 tokenAmount = values[3].mul(values[6]).mul(1000 + values[11]).div(1000) + values[3].mul(values[7]).mul(1000 - values[10]).div(1000).mul(values[8]).div(1000);
```

```
uint256 hardCap = values[3].mul(1000000).div(1000 - values[7]).div(1000 - values[5]);
```

```
uint256 tokenAmount = values[4].mul(1000 + (1000 - values[7]).mul(values[5]).div(1000) + values[8]).div(1000);
```

```
IBEP20(addresses[0]).safeTransferFrom(msg.sender, launchpad, tokenAmount.div(10**18) + values[15]);
```

**Recommendation**

Change these values into variables or constants with descriptive names.

## **Issue 07**

| **Type**      | **Severity**                                        | **Location**                              | **Status**                                       |
| ------------- | --------------------------------------------------- | ----------------------------------------- | ------------------------------------------------ |
| Best Practice | <mark style="color:green;">**Informational**</mark> | `createNewLaunchpad, createNewFairLaunch` | <mark style="color:red;">**Not Resolved**</mark> |

**Description**

If these values must be equal to a constant you know beforehand, why are they received externally? Just use the const.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://audits.solidgrp.io/blitz-launchpad/audit-results/findings/manager.sol.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.