Findings
Issue 01
Type | Severity | Location | Status |
Owner Capabilities | High |
| Fixed |
Description
The owner of the contract can adjust the fees for buy/sell to any value. If the owner sets the fees to a high value, trading the token manually in Pancakeswap may not work.
Recommendation
Add upper limit for the set function.
Issue 02
Type | Severity | Location | Status |
Owner Capabilities | High |
| Fixed |
Description
The owner of the token can mint new tokens.
Recommendation
Consider removing mint
function if it's not necessary for the project.
Issue 03
Type | Severity | Location | Status |
Owner Capabilities | High |
| Not Fixed |
Description
The owner of the contract can mint new tokens by calling setMAdrress
to an address he owns. M address has the permissions to call battleReward
which mint tokens to the winner address.
Recommendation
Consider transferring the ownership to a timelock contract, which will delay the actual execution for such operation and will be transparent to investors.
Team Response
The MAddress is a dynamic contract to handle Reward, Batttles and other parameters of the game. This contract cannot be hard-coded because we need to change game parameters following our marketing campaigns.
Issue 04
Type | Severity | Location | Status |
Best Practice | Informational |
| Acknowledge |
Description
Lack of events in set functions when changing contracts' variables.
Recommendation
Consider emitting events when changing the state of the contract.
Issue 05
Type | Severity | Location | Status |
Informational | Informational |
| Acknowledge |
Description
There is no way to differentiate between add liquidity transaction, sell transaction, remove liquidity, and buy transactions. buy fee/sell fee will be applied for additional liquidity transactions and will remove liquidity transactions as well.
Last updated