Frax Token Logo

FRAX Token

About FRAX

Listings

Token 9 months
CoinGecko 2 months
CoinMarketCap 21 months
white paper

The first fractional-algorithmic stablecoin

Social

Laser Scorebeta Last Audit: 12 April 2022

report
Token seems to be legit.

ERC20Permit.constructor(string).name (#1252) shadows:
- ERC20.name() (#522-524) (function)
CrossChainCanonical.constructor(string,string,address,uint256,address,address[])._name (#1530) shadows:
- ERC20._name (#500) (state variable)
CrossChainCanonical.constructor(string,string,address,uint256,address,address[])._symbol (#1531) shadows:
- ERC20._symbol (#501) (state variable)
CrossChainCanonicalFRAX.constructor(string,string,address,uint256,address,address[])._name (#1770) shadows:
- ERC20._name (#500) (state variable)
CrossChainCanonicalFRAX.constructor(string,string,address,uint256,address,address[])._symbol (#1771) shadows:
- ERC20._symbol (#501) (state variable)
Rename the local variables that shadow another component.

Additional information: link

CrossChainCanonical.execute(address,uint256,bytes)._to (#1742) lacks a zero-check on :
- (success,result) = _to.call{value: _value}(_data) (#1746)
Owned.nominateNewOwner(address)._owner (#1354) lacks a zero-check on :
- nominatedOwner = _owner (#1355)
Check that the address is not zero.

Additional information: link

Variable 'ECDSA.tryRecover(bytes32,bytes).r (#913)' in ECDSA.tryRecover(bytes32,bytes) (#908-937) potentially used before declaration: r = mload(uint256)(signature + 0x20) (#930)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.

Additional information: link

Address.isContract(address) (#294-303) uses assembly
- INLINE ASM (#301)
Address._verifyCallResult(bool,bytes,string) (#439-456) uses assembly
- INLINE ASM (#448-451)
ECDSA.tryRecover(bytes32,bytes) (#908-937) uses assembly
- INLINE ASM (#918-922)
- INLINE ASM (#929-932)
ECDSA.tryRecover(bytes32,bytes32,bytes32) (#966-978) uses assembly
- INLINE ASM (#973-976)
Do not use evm assembly.

Additional information: link

Address._verifyCallResult(bool,bytes,string) (#439-456) is never used and should be removed
Address.functionCall(address,bytes) (#347-349) is never used and should be removed
Address.functionCall(address,bytes,string) (#357-359) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#372-374) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#382-389) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#421-423) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#431-437) is never used and should be removed
Address.functionStaticCall(address,bytes) (#397-399) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#407-413) is never used and should be removed
Address.isContract(address) (#294-303) is never used and should be removed
Address.sendValue(address,uint256) (#321-327) is never used and should be removed
Context._msgData() (#24-27) is never used and should be removed
Counters.decrement(Counters.Counter) (#1207-1213) is never used and should be removed
Counters.reset(Counters.Counter) (#1215-1217) is never used and should be removed
ECDSA.recover(bytes32,bytes) (#953-957) is never used and should be removed
ECDSA.recover(bytes32,bytes32,bytes32) (#985-993) is never used and should be removed
ECDSA.toEthSignedMessageHash(bytes32) (#1055-1059) is never used and should be removed
ECDSA.tryRecover(bytes32,bytes) (#908-937) is never used and should be removed
ECDSA.tryRecover(bytes32,bytes32,bytes32) (#966-978) is never used and should be removed
ERC20._burnFrom(address,uint256) (#771-774) is never used and should be removed
SafeMath.div(uint256,uint256) (#129-131) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#146-153) is never used and should be removed
SafeMath.mod(uint256,uint256) (#166-168) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#183-186) is never used and should be removed
SafeMath.mul(uint256,uint256) (#104-116) is never used and should be removed
TransferHelper.safeApprove(address,address,uint256) (#1315-1319) is never used and should be removed
TransferHelper.safeTransferETH(address,uint256) (#1333-1336) is never used and should be removed
Remove unused functions.

Additional information: link

Pragma version>=0.8.0 (#2) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Reentrancy in CrossChainCanonical.exchangeOldForCanonical(address,uint256) (#1589-1603):
External calls:
- TransferHelper.safeTransferFrom(bridge_token_address,msg.sender,address(this),token_amount) (#1593)
State variables written after the call(s):
- _mint_capped(msg.sender,canonical_tokens_out) (#1602)
- _balances[account] = _balances[account].add(amount) (#691)
- _mint_capped(msg.sender,canonical_tokens_out) (#1602)
- _totalSupply = _totalSupply.add(amount) (#690)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in CrossChainCanonical.exchangeOldForCanonical(address,uint256) (#1589-1603):
External calls:
- TransferHelper.safeTransferFrom(bridge_token_address,msg.sender,address(this),token_amount) (#1593)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#692)
- _mint_capped(msg.sender,canonical_tokens_out) (#1602)
Apply the check-effects-interactions pattern.

Additional information: link

ERC20Permit.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#1257-1276) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,ERC20Permit: expired deadline) (#1266)
Avoid relying on block.timestamp.

Additional information: link

CrossChainCanonical.addMinter(address) (#1679-1687) compares to a boolean constant:
-require(bool,string)(minters[minter_address] == false,Address already exists) (#1682)
CrossChainCanonical.removeMinter(address) (#1690-1706) compares to a boolean constant:
-require(bool,string)(minters[minter_address] == true,Address nonexistant) (#1692)
Remove the equality to the boolean constant.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#321-327):
- (success) = recipient.call{value: amount}() (#325)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#382-389):
- (success,returndata) = target.call{value: value}(data) (#387)
Low level call in Address.functionStaticCall(address,bytes,string) (#407-413):
- (success,returndata) = target.staticcall(data) (#411)
Low level call in Address.functionDelegateCall(address,bytes,string) (#431-437):
- (success,returndata) = target.delegatecall(data) (#435)
Low level call in TransferHelper.safeApprove(address,address,uint256) (#1315-1319):
- (success,data) = token.call(abi.encodeWithSelector(0x095ea7b3,to,value)) (#1317)
Low level call in TransferHelper.safeTransfer(address,address,uint256) (#1321-1325):
- (success,data) = token.call(abi.encodeWithSelector(0xa9059cbb,to,value)) (#1323)
Low level call in TransferHelper.safeTransferFrom(address,address,address,uint256) (#1327-1331):
- (success,data) = token.call(abi.encodeWithSelector(0x23b872dd,from,to,value)) (#1329)
Low level call in TransferHelper.safeTransferETH(address,uint256) (#1333-1336):
- (success) = to.call{value: value}(new bytes(0)) (#1334)
Low level call in CrossChainCanonical.execute(address,uint256,bytes) (#1741-1748):
- (success,result) = _to.call{value: _value}(_data) (#1746)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IERC20Permit.DOMAIN_SEPARATOR() (#851) is not in mixedCase
Variable EIP712._CACHED_DOMAIN_SEPARATOR (#1103) is not in mixedCase
Variable EIP712._CACHED_CHAIN_ID (#1104) is not in mixedCase
Variable EIP712._HASHED_NAME (#1106) is not in mixedCase
Variable EIP712._HASHED_VERSION (#1107) is not in mixedCase
Variable EIP712._TYPE_HASH (#1108) is not in mixedCase
Function ERC20Permit.DOMAIN_SEPARATOR() (#1289-1291) is not in mixedCase
Function ERC20Permit.PERMIT_TYPEHASH() (#1293-1295) is not in mixedCase
Variable ERC20Permit._PERMIT_TYPEHASH (#1245) is not in mixedCase
Parameter Owned.nominateNewOwner(address)._owner (#1354) is not in mixedCase
Function CrossChainCanonical._mint_capped(address,uint256) (#1581-1584) is not in mixedCase
Parameter CrossChainCanonical.exchangeOldForCanonical(address,uint256).bridge_token_address (#1589) is not in mixedCase
Parameter CrossChainCanonical.exchangeOldForCanonical(address,uint256).token_amount (#1589) is not in mixedCase
Parameter CrossChainCanonical.exchangeCanonicalForOld(address,uint256).bridge_token_address (#1606) is not in mixedCase
Parameter CrossChainCanonical.exchangeCanonicalForOld(address,uint256).token_amount (#1606) is not in mixedCase
Parameter CrossChainCanonical.withdrawBridgeTokens(address,uint256).bridge_token_address (#1625) is not in mixedCase
Parameter CrossChainCanonical.withdrawBridgeTokens(address,uint256).bridge_token_amount (#1625) is not in mixedCase
Function CrossChainCanonical.minter_mint(address,uint256) (#1632-1635) is not in mixedCase
Parameter CrossChainCanonical.minter_mint(address,uint256).m_address (#1632) is not in mixedCase
Parameter CrossChainCanonical.minter_mint(address,uint256).m_amount (#1632) is not in mixedCase
Function CrossChainCanonical.minter_burn(uint256) (#1638-1641) is not in mixedCase
Parameter CrossChainCanonical.addBridgeToken(address).bridge_token_address (#1651) is not in mixedCase
Parameter CrossChainCanonical.toggleBridgeToken(address).bridge_token_address (#1669) is not in mixedCase
Parameter CrossChainCanonical.addMinter(address).minter_address (#1679) is not in mixedCase
Parameter CrossChainCanonical.removeMinter(address).minter_address (#1690) is not in mixedCase
Parameter CrossChainCanonical.setMintCap(uint256)._mint_cap (#1708) is not in mixedCase
Parameter CrossChainCanonical.setSwapFees(address,uint256,uint256).bridge_token_address (#1714) is not in mixedCase
Parameter CrossChainCanonical.setSwapFees(address,uint256,uint256)._bridge_to_canonical (#1714) is not in mixedCase
Parameter CrossChainCanonical.setSwapFees(address,uint256,uint256)._canonical_to_old (#1714) is not in mixedCase
Parameter CrossChainCanonical.toggleFeesForAddress(address).the_address (#1718) is not in mixedCase
Parameter CrossChainCanonical.setTimelock(address).new_timelock (#1722) is not in mixedCase
Parameter CrossChainCanonical.setCustodian(address)._custodian_address (#1729) is not in mixedCase
Parameter CrossChainCanonical.execute(address,uint256,bytes)._to (#1742) is not in mixedCase
Parameter CrossChainCanonical.execute(address,uint256,bytes)._value (#1743) is not in mixedCase
Parameter CrossChainCanonical.execute(address,uint256,bytes)._data (#1744) is not in mixedCase
Variable CrossChainCanonical.timelock_address (#1477) is not in mixedCase
Variable CrossChainCanonical.custodian_address (#1478) is not in mixedCase
Variable CrossChainCanonical.mint_cap (#1481) is not in mixedCase
Variable CrossChainCanonical.swap_fees (#1482) is not in mixedCase
Variable CrossChainCanonical.fee_exempt_list (#1483) is not in mixedCase
Variable CrossChainCanonical.bridge_tokens_array (#1486) is not in mixedCase
Variable CrossChainCanonical.bridge_tokens (#1487) is not in mixedCase
Variable CrossChainCanonical.minters_array (#1490) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#25)" inContext (#19-28)
Remove redundant statements if they congest code but offer no value.

Additional information: link

name() should be declared external:
- ERC20.name() (#522-524)
symbol() should be declared external:
- ERC20.symbol() (#530-532)
decimals() should be declared external:
- ERC20.decimals() (#547-549)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (#561-563)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#573-576)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#592-595)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#609-613)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#627-630)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#646-649)
burn(uint256) should be declared external:
- ERC20.burn(uint256) (#700-702)
burnFrom(address,uint256) should be declared external:
- ERC20.burnFrom(address,uint256) (#715-720)
permit(address,address,uint256,uint256,uint8,bytes32,bytes32) should be declared external:
- ERC20Permit.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#1257-1276)
nonces(address) should be declared external:
- ERC20Permit.nonces(address) (#1281-1283)
Use the external attribute for functions never called from the contract.

Additional information: link

Holders:
No disclosed threats


Unable to find Youtube account


Unable to find audit link on the website


Unable to find whitepaper link on the website

No disclosed threats

Price for FRAX

News for FRAX