Frax Token Logo

FRAX Token

About FRAX

Listings

Token 3 years
CoinGecko 2 years
CoinMarketCap 4 years
white paper

The first fractional-algorithmic stablecoin

Social

Laser Scorebeta Last Audit: 17 September 2022

report
Token seems to be legit.

CrossChainCanonical.execute(address,uint256,bytes)._to (#1742) lacks a zero-check on :
- (success,result) = _to.call{value: _value}(_data) (#1746)
Owned.nominateNewOwner(address)._owner (#1354) lacks a zero-check on :
- nominatedOwner = _owner (#1355)
Check that the address is not zero.

Additional information: link

Address.isContract(address) (#294-303) uses assembly
- INLINE ASM (#301)
Address._verifyCallResult(bool,bytes,string) (#439-456) uses assembly
- INLINE ASM (#448-451)
ECDSA.tryRecover(bytes32,bytes) (#908-937) uses assembly
- INLINE ASM (#918-922)
- INLINE ASM (#929-932)
ECDSA.tryRecover(bytes32,bytes32,bytes32) (#966-978) uses assembly
- INLINE ASM (#973-976)
Do not use evm assembly.

Additional information: link

Pragma version>=0.8.0 (#2) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

ERC20Permit.constructor(string).name (#1252) shadows:
- ERC20.name() (#522-524) (function)
CrossChainCanonical.constructor(string,string,address,uint256,address,address[])._name (#1530) shadows:
- ERC20._name (#500) (state variable)
CrossChainCanonical.constructor(string,string,address,uint256,address,address[])._symbol (#1531) shadows:
- ERC20._symbol (#501) (state variable)
CrossChainCanonicalFRAX.constructor(string,string,address,uint256,address,address[])._name (#1770) shadows:
- ERC20._name (#500) (state variable)
CrossChainCanonicalFRAX.constructor(string,string,address,uint256,address,address[])._symbol (#1771) shadows:
- ERC20._symbol (#501) (state variable)
Rename the local variables that shadow another component.

Additional information: link

Variable 'ECDSA.tryRecover(bytes32,bytes).r (#913)' in ECDSA.tryRecover(bytes32,bytes) (#908-937) potentially used before declaration: r = mload(uint256)(signature + 0x20) (#930)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.

Additional information: link

Reentrancy in CrossChainCanonical.exchangeOldForCanonical(address,uint256) (#1589-1603):
External calls:
- TransferHelper.safeTransferFrom(bridge_token_address,msg.sender,address(this),token_amount) (#1593)
State variables written after the call(s):
- _mint_capped(msg.sender,canonical_tokens_out) (#1602)
- _balances[account] = _balances[account].add(amount) (#691)
- _mint_capped(msg.sender,canonical_tokens_out) (#1602)
- _totalSupply = _totalSupply.add(amount) (#690)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in CrossChainCanonical.exchangeOldForCanonical(address,uint256) (#1589-1603):
External calls:
- TransferHelper.safeTransferFrom(bridge_token_address,msg.sender,address(this),token_amount) (#1593)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#692)
- _mint_capped(msg.sender,canonical_tokens_out) (#1602)
Apply the check-effects-interactions pattern.

Additional information: link

ERC20Permit.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#1257-1276) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,ERC20Permit: expired deadline) (#1266)
Avoid relying on block.timestamp.

Additional information: link

CrossChainCanonical.addMinter(address) (#1679-1687) compares to a boolean constant:
-require(bool,string)(minters[minter_address] == false,Address already exists) (#1682)
CrossChainCanonical.removeMinter(address) (#1690-1706) compares to a boolean constant:
-require(bool,string)(minters[minter_address] == true,Address nonexistant) (#1692)
Remove the equality to the boolean constant.

Additional information: link

Address._verifyCallResult(bool,bytes,string) (#439-456) is never used and should be removed
Address.functionCall(address,bytes) (#347-349) is never used and should be removed
Address.functionCall(address,bytes,string) (#357-359) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#372-374) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#382-389) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#421-423) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#431-437) is never used and should be removed
Address.functionStaticCall(address,bytes) (#397-399) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#407-413) is never used and should be removed
Address.isContract(address) (#294-303) is never used and should be removed
Address.sendValue(address,uint256) (#321-327) is never used and should be removed
Context._msgData() (#24-27) is never used and should be removed
Counters.decrement(Counters.Counter) (#1207-1213) is never used and should be removed
Counters.reset(Counters.Counter) (#1215-1217) is never used and should be removed
ECDSA.recover(bytes32,bytes) (#953-957) is never used and should be removed
ECDSA.recover(bytes32,bytes32,bytes32) (#985-993) is never used and should be removed
ECDSA.toEthSignedMessageHash(bytes32) (#1055-1059) is never used and should be removed
ECDSA.tryRecover(bytes32,bytes) (#908-937) is never used and should be removed
ECDSA.tryRecover(bytes32,bytes32,bytes32) (#966-978) is never used and should be removed
ERC20._burnFrom(address,uint256) (#771-774) is never used and should be removed
SafeMath.div(uint256,uint256) (#129-131) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#146-153) is never used and should be removed
SafeMath.mod(uint256,uint256) (#166-168) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#183-186) is never used and should be removed
SafeMath.mul(uint256,uint256) (#104-116) is never used and should be removed
TransferHelper.safeApprove(address,address,uint256) (#1315-1319) is never used and should be removed
TransferHelper.safeTransferETH(address,uint256) (#1333-1336) is never used and should be removed
Remove unused functions.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#321-327):
- (success) = recipient.call{value: amount}() (#325)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#382-389):
- (success,returndata) = target.call{value: value}(data) (#387)
Low level call in Address.functionStaticCall(address,bytes,string) (#407-413):
- (success,returndata) = target.staticcall(data) (#411)
Low level call in Address.functionDelegateCall(address,bytes,string) (#431-437):
- (success,returndata) = target.delegatecall(data) (#435)
Low level call in TransferHelper.safeApprove(address,address,uint256) (#1315-1319):
- (success,data) = token.call(abi.encodeWithSelector(0x095ea7b3,to,value)) (#1317)
Low level call in TransferHelper.safeTransfer(address,address,uint256) (#1321-1325):
- (success,data) = token.call(abi.encodeWithSelector(0xa9059cbb,to,value)) (#1323)
Low level call in TransferHelper.safeTransferFrom(address,address,address,uint256) (#1327-1331):
- (success,data) = token.call(abi.encodeWithSelector(0x23b872dd,from,to,value)) (#1329)
Low level call in TransferHelper.safeTransferETH(address,uint256) (#1333-1336):
- (success) = to.call{value: value}(new bytes(0)) (#1334)
Low level call in CrossChainCanonical.execute(address,uint256,bytes) (#1741-1748):
- (success,result) = _to.call{value: _value}(_data) (#1746)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IERC20Permit.DOMAIN_SEPARATOR() (#851) is not in mixedCase
Variable EIP712._CACHED_DOMAIN_SEPARATOR (#1103) is not in mixedCase
Variable EIP712._CACHED_CHAIN_ID (#1104) is not in mixedCase
Variable EIP712._HASHED_NAME (#1106) is not in mixedCase
Variable EIP712._HASHED_VERSION (#1107) is not in mixedCase
Variable EIP712._TYPE_HASH (#1108) is not in mixedCase
Function ERC20Permit.DOMAIN_SEPARATOR() (#1289-1291) is not in mixedCase
Function ERC20Permit.PERMIT_TYPEHASH() (#1293-1295) is not in mixedCase
Variable ERC20Permit._PERMIT_TYPEHASH (#1245) is not in mixedCase
Parameter Owned.nominateNewOwner(address)._owner (#1354) is not in mixedCase
Function CrossChainCanonical._mint_capped(address,uint256) (#1581-1584) is not in mixedCase
Parameter CrossChainCanonical.exchangeOldForCanonical(address,uint256).bridge_token_address (#1589) is not in mixedCase
Parameter CrossChainCanonical.exchangeOldForCanonical(address,uint256).token_amount (#1589) is not in mixedCase
Parameter CrossChainCanonical.exchangeCanonicalForOld(address,uint256).bridge_token_address (#1606) is not in mixedCase
Parameter CrossChainCanonical.exchangeCanonicalForOld(address,uint256).token_amount (#1606) is not in mixedCase
Parameter CrossChainCanonical.withdrawBridgeTokens(address,uint256).bridge_token_address (#1625) is not in mixedCase
Parameter CrossChainCanonical.withdrawBridgeTokens(address,uint256).bridge_token_amount (#1625) is not in mixedCase
Function CrossChainCanonical.minter_mint(address,uint256) (#1632-1635) is not in mixedCase
Parameter CrossChainCanonical.minter_mint(address,uint256).m_address (#1632) is not in mixedCase
Parameter CrossChainCanonical.minter_mint(address,uint256).m_amount (#1632) is not in mixedCase
Function CrossChainCanonical.minter_burn(uint256) (#1638-1641) is not in mixedCase
Parameter CrossChainCanonical.addBridgeToken(address).bridge_token_address (#1651) is not in mixedCase
Parameter CrossChainCanonical.toggleBridgeToken(address).bridge_token_address (#1669) is not in mixedCase
Parameter CrossChainCanonical.addMinter(address).minter_address (#1679) is not in mixedCase
Parameter CrossChainCanonical.removeMinter(address).minter_address (#1690) is not in mixedCase
Parameter CrossChainCanonical.setMintCap(uint256)._mint_cap (#1708) is not in mixedCase
Parameter CrossChainCanonical.setSwapFees(address,uint256,uint256).bridge_token_address (#1714) is not in mixedCase
Parameter CrossChainCanonical.setSwapFees(address,uint256,uint256)._bridge_to_canonical (#1714) is not in mixedCase
Parameter CrossChainCanonical.setSwapFees(address,uint256,uint256)._canonical_to_old (#1714) is not in mixedCase
Parameter CrossChainCanonical.toggleFeesForAddress(address).the_address (#1718) is not in mixedCase
Parameter CrossChainCanonical.setTimelock(address).new_timelock (#1722) is not in mixedCase
Parameter CrossChainCanonical.setCustodian(address)._custodian_address (#1729) is not in mixedCase
Parameter CrossChainCanonical.execute(address,uint256,bytes)._to (#1742) is not in mixedCase
Parameter CrossChainCanonical.execute(address,uint256,bytes)._value (#1743) is not in mixedCase
Parameter CrossChainCanonical.execute(address,uint256,bytes)._data (#1744) is not in mixedCase
Variable CrossChainCanonical.timelock_address (#1477) is not in mixedCase
Variable CrossChainCanonical.custodian_address (#1478) is not in mixedCase
Variable CrossChainCanonical.mint_cap (#1481) is not in mixedCase
Variable CrossChainCanonical.swap_fees (#1482) is not in mixedCase
Variable CrossChainCanonical.fee_exempt_list (#1483) is not in mixedCase
Variable CrossChainCanonical.bridge_tokens_array (#1486) is not in mixedCase
Variable CrossChainCanonical.bridge_tokens (#1487) is not in mixedCase
Variable CrossChainCanonical.minters_array (#1490) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#25)" inContext (#19-28)
Remove redundant statements if they congest code but offer no value.

Additional information: link

name() should be declared external:
- ERC20.name() (#522-524)
symbol() should be declared external:
- ERC20.symbol() (#530-532)
decimals() should be declared external:
- ERC20.decimals() (#547-549)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (#561-563)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#573-576)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#592-595)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#609-613)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#627-630)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#646-649)
burn(uint256) should be declared external:
- ERC20.burn(uint256) (#700-702)
burnFrom(address,uint256) should be declared external:
- ERC20.burnFrom(address,uint256) (#715-720)
permit(address,address,uint256,uint256,uint8,bytes32,bytes32) should be declared external:
- ERC20Permit.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#1257-1276)
nonces(address) should be declared external:
- ERC20Permit.nonces(address) (#1281-1283)
Use the external attribute for functions never called from the contract.

Additional information: link

Holders:
No disclosed threats


Unable to find Youtube account


Token was delisted from CoinGecko

Additional information: link


Unable to find audit link on the website


Unable to find whitepaper link on the website


Token is not listed at Mobula.Finance

Additional information: link

No disclosed threats

Price for FRAX