preSaleMasterForToken.sol
Last updated
Last updated
Description
There is no guarantee that the owner deposits will satisfy the presale and liquidity rates.
Description
The functions call external contracts, exposing themselves to potential reentrancy attacks.
The code does not follow check effect interactions pattern.
Recommendation
Add a reentrancy guard and follow check-effect interactions pattern.
Description
Use a modifier instead of the presale require
statement for better readability.
Description
The investor
array's size is limitless. Iterating over an unbounded array may cause the transaction to hit the block gas limit.
Recommendation
Use a mapping to track contributions.
Description
The function does not change the user's deposit value, hence any user can withdraw their deposit multiple times and drain the contract.
Recommendation
Add a require statements that makes sure the user can withdraw their deposit and set deposits[msg.sender]
to 0 after the withdrawal.
Description
The function does not remove the user from the investors
array.
Description
The owner can lock funds in the contracts by never calling this function if the presale exceeds softcap
Description
listingRate
does not subtract the fees taken from the amount listed. Consequently, users may be unable to withdraw their tokens from the contract as the amount of tokens listed does not match the actual amount of tokens in the contract.
Description
The contract multiplies listingRate
by the amount of amount to get the number of tokens. Therefore, listingRate
should be calculated as token/ETH (token per ETH). However it is currently calculated as ETH/token (ETH per token)
Description
If a liquidity pool already exists, there may unrecoverable leftover tokens in the contract.
Description
Move the following line into the if
block to avoid storing the value in storage.
Description
The removal can be done in constant time by passing the indexes if the accounts to remove.
Description
listingRate
is multiplied by a factor.
Description
The function may be called anytime. Should the function be called before presaleEndTimestamp
, (now - presaleEndTimeStamp)
will underflow.
Description
deposits[msg.sender] is zeroed and then sent out as the value, so users will always withdraw 0 tokens - the value must be kept aside before zeroing it out.
Type
Severity
Location
Status
Logical Issue
High
initializePresale
Resolved
Type
Severity
Location
Status
Best Practice
Medium
contribute, claim, finalize
Resolved
Type
Severity
Location
Status
Best Practice
Informational
contribute
Resolved
Type
Severity
Location
Status
Volatile Code
Medium
contribute
Resolved
Type
Severity
Location
Status
Volatile Code
High
withdrawContribute
Resolved
Type
Severity
Location
Status
Logical Issue
Low
withdrawContribute
Resolved
Type
Severity
Location
Status
Owner Capabilities
Low
finalize
Resolved
Type
Severity
Location
Status
Logical Issue
High
finalize
Resolved
Type
Severity
Location
Status
Logical Issue
High
finalize
Resolved
Type
Severity
Location
Status
Logical Issue
Low
finalize
Resolved
Type
Severity
Location
Status
Gas Optimization
Informational
addWhitelist
Resolved
Type
Severity
Location
Status
Gas Optimization
Informational
removeWhitelist
Resolved
Type
Severity
Location
Status
Logical Issue
High
getVestedAmount
Resolved
Type
Severity
Location
Status
Volatile Code
Medium
getVestedAmount
Resolved
Type
Severity
Location
Status
Logical Issue
High
withdrawContribute
Resolved