Blitz Labs
Search
⌃K

manager.sol

Issue 01

Type
Severity
Location
Status
Logical Issue
High
initializePresale
Resolved
Description
There is no guarantee that the owner deposits will satisfy the presale and liquidity rates.

Issue 02

Type
Severity
Location
Status
Best Practice
Medium
Proxy
Resolved
Description
masterCopy is unused and unnecessary. In addition It will be overridden by the implementation contract, making its usage dangerous.
Recommendation
Remove this variable.

Issue 03

Type
Severity
Location
Status
Best Practice
Medium
createNewLaunchpad, createNewFairLaunch
Resolved
Description
The proxy contract call can be frontrun by a malicious user who deploys to the same address as the legitimate user because the salt is generated only by the address and timestamp.
Recommendation
Use a more secure salt that cannot cause denial of service.

Issue 04

Type
Severity
Location
Status
Best Practice
Medium
createNewLaunchpad, createNewFairLaunch
Acknowledged
Description
Proxy contracts are very vulnerable and may easily cause high severity logical and security issues by misusing them.
Recommendation
Make sure you are familiar with the potential risks of using proxy contracts and have handled them properly.

Issue 05

Type
Severity
Location
Status
Best Practice
Low
createNewLaunchpad, createNewFairLaunch
Not Resolved
Description
A struct can be used to pass multiple variables in a more descriptive and readable way.

Issue 06

Type
Severity
Location
Status
Best Practice
Medium
global
Resolved
Description
There are many different places in the code containing "magic numbers". There is no way for us to know what they mean and therefore, review the logic of the code containing them. In addition, parts containing "magic numbers" are more error prone.
For example:
uint256 tokenAmount = values[3].mul(values[6]).mul(1000 + values[11]).div(1000) + values[3].mul(values[7]).mul(1000 - values[10]).div(1000).mul(values[8]).div(1000);
uint256 hardCap = values[3].mul(1000000).div(1000 - values[7]).div(1000 - values[5]);
uint256 tokenAmount = values[4].mul(1000 + (1000 - values[7]).mul(values[5]).div(1000) + values[8]).div(1000);
IBEP20(addresses[0]).safeTransferFrom(msg.sender, launchpad, tokenAmount.div(10**18) + values[15]);
Recommendation
Change these values into variables or constants with descriptive names.

Issue 07

Type
Severity
Location
Status
Best Practice
Informational
createNewLaunchpad, createNewFairLaunch
Not Resolved
Description
If these values must be equal to a constant you know beforehand, why are they received externally? Just use the const.