What is HOGE?
HOGE, formerly known as Hoge.Finance or Hogecoin, describes itself as a community-driven DeFi auto-staking ERC-20 token with a capped and deflationary supply. HOGE was fair-launched on February 7, 2021 with no tokens allocated to the team. Initial HOGE supply was 1,000,000,000,000 with half (500 billion) permanently burned at launch.
Deflationary Cryptocurrency
A 2% tax is levied on every HOGE transaction that takes place. 1% of that tax is sent to the burn wallet and permanently removed from the supply. The other 1% is redistributed to all wallets holding HOGE outside of exchanges.
HOGE launched with the intention of simply being a deflationary “Doge but DeFi”. However, a team of HOGE founders with a larger vision stewarded the project toward a more philanthropic and utilitarian roadmap.
HOGE is one of the first DeFi memecoins to successfully complete a Certik audit. No critical, major, or medium findings were found. As of this writing the skynet security score is 90. https://www.certik.org/projects/hogefinance
HOGE has begun minting NFT's for holders as well as sponsoring eSports and Rally Racing Trucks.
In May a Swiss verein non-profit DAO hybrid was created to enact community approved actions for the token also to sign contracts and business agreements going forward with Centralized Exchange’s. HOGE has implemented a non-profit partnership initiative including a Twitter campaign called #HogeSavesTheAnimals through which the community nominates charitable causes for HOGE to support. Under this and related initiatives HOGE has raised over $20,000 for animals. The HOGE team looks to it’s HogeGameLabs to explore dApp games development later in 2021.
Articles about HOGE
https://coinpedia.org/price-analysis/hoge-finance-and-meme-price-analysis/ https://www.prweb.com/releases/who_let_the_crypto_dogs_out_hoge_the_king_of_defi_made_easy/prweb17885931.htm https://jessejrogers.medium.com/can-hoge-become-heir-to-doge-496079b3c624 https://marketrealist.com/p/where-can-i-buy-hoge-crypto/
Contract ownership is not renounced (belongs to a wallet)
Contract name (hoge.finance) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
Pragma version0.8.2 (#23) allows old versions
solc-0.8.2 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (#121-132):
- (success,returndata) = address(token).call(data) (#125)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
AnyswapV5ERC20.depositWithTransferPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#339-342) ignores return value by IERC20(underlying).transferWithPermit(target,address(this),value,deadline,v,r,s) (#340)
Ensure that all the return values of the function calls are used.
Additional information: link
AnyswapV5ERC20.initVault(address)._vault (#203) lacks a zero-check on :
- vault = _vault (#205)
- pendingVault = _vault (#206)
AnyswapV5ERC20.setMinter(address)._auth (#213) lacks a zero-check on :
- pendingMinter = _auth (#214)
AnyswapV5ERC20.setVault(address)._vault (#218) lacks a zero-check on :
- pendingVault = _vault (#219)
AnyswapV5ERC20.constructor(string,string,uint8,address,address)._underlying (#298) lacks a zero-check on :
- underlying = _underlying (#302)
AnyswapV5ERC20.constructor(string,string,uint8,address,address)._vault (#298) lacks a zero-check on :
- vault = _vault (#313)
- pendingVault = _vault (#314)
Check that the address is not zero.
Additional information: link
Reentrancy in AnyswapV5ERC20.deposit() (#344-348):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),_amount) (#346)
State variables written after the call(s):
- _deposit(_amount,msg.sender) (#347)
- _totalSupply += amount (#404)
- _deposit(_amount,msg.sender) (#347)
- balanceOf[account] += amount (#405)
Reentrancy in AnyswapV5ERC20.deposit(uint256) (#350-353):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#351)
State variables written after the call(s):
- _deposit(amount,msg.sender) (#352)
- _totalSupply += amount (#404)
- _deposit(amount,msg.sender) (#352)
- balanceOf[account] += amount (#405)
Reentrancy in AnyswapV5ERC20.deposit(uint256,address) (#355-358):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#356)
State variables written after the call(s):
- _deposit(amount,to) (#357)
- _totalSupply += amount (#404)
- _deposit(amount,to) (#357)
- balanceOf[account] += amount (#405)
Reentrancy in AnyswapV5ERC20.depositWithPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#333-337):
External calls:
- IERC20(underlying).permit(target,address(this),value,deadline,v,r,s) (#334)
- IERC20(underlying).safeTransferFrom(target,address(this),value) (#335)
State variables written after the call(s):
- _deposit(value,to) (#336)
- _totalSupply += amount (#404)
- _deposit(value,to) (#336)
- balanceOf[account] += amount (#405)
Reentrancy in AnyswapV5ERC20.depositWithTransferPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#339-342):
External calls:
- IERC20(underlying).transferWithPermit(target,address(this),value,deadline,v,r,s) (#340)
State variables written after the call(s):
- _deposit(value,to) (#341)
- _totalSupply += amount (#404)
- _deposit(value,to) (#341)
- balanceOf[account] += amount (#405)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in AnyswapV5ERC20.deposit() (#344-348):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),_amount) (#346)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#406)
- _deposit(_amount,msg.sender) (#347)
Reentrancy in AnyswapV5ERC20.deposit(uint256) (#350-353):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#351)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#406)
- _deposit(amount,msg.sender) (#352)
Reentrancy in AnyswapV5ERC20.deposit(uint256,address) (#355-358):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#356)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#406)
- _deposit(amount,to) (#357)
Reentrancy in AnyswapV5ERC20.depositWithPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#333-337):
External calls:
- IERC20(underlying).permit(target,address(this),value,deadline,v,r,s) (#334)
- IERC20(underlying).safeTransferFrom(target,address(this),value) (#335)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#406)
- _deposit(value,to) (#336)
Reentrancy in AnyswapV5ERC20.depositWithTransferPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#339-342):
External calls:
- IERC20(underlying).transferWithPermit(target,address(this),value,deadline,v,r,s) (#340)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#406)
- _deposit(value,to) (#341)
Apply the check-effects-interactions pattern.
Additional information: link
AnyswapV5ERC20.mpc() (#192-197) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp >= delayVault (#193)
AnyswapV5ERC20.applyVault() (#223-226) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(block.timestamp >= delayVault) (#224)
AnyswapV5ERC20.applyMinter() (#228-232) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(block.timestamp >= delayMinter) (#229)
AnyswapV5ERC20.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#461-478) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,AnyswapV3ERC20: Expired permit) (#462)
AnyswapV5ERC20.transferWithPermit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#480-504) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,AnyswapV3ERC20: Expired permit) (#481)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#95-101) uses assembly
- INLINE ASM (#99)
AnyswapV5ERC20.constructor(string,string,uint8,address,address) (#298-326) uses assembly
- INLINE ASM (#318)
Do not use evm assembly.
Additional information: link
SafeERC20.safeApprove(IERC20,address,uint256) (#115-120) is never used and should be removed
Remove unused functions.
Additional information: link
Parameter AnyswapV5ERC20.initVault(address)._vault (#203) is not in mixedCase
Parameter AnyswapV5ERC20.setMinter(address)._auth (#213) is not in mixedCase
Parameter AnyswapV5ERC20.setVault(address)._vault (#218) is not in mixedCase
Parameter AnyswapV5ERC20.revokeMinter(address)._auth (#235) is not in mixedCase
Function AnyswapV5ERC20.Swapin(bytes32,address,uint256) (#271-275) is not in mixedCase
Function AnyswapV5ERC20.Swapout(uint256,address) (#277-283) is not in mixedCase
Variable AnyswapV5ERC20.DOMAIN_SEPARATOR (#145) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
AnyswapV5ERC20.delay (#158) should be constant
AnyswapV5ERC20.delayDelay (#175) should be constant
AnyswapV5ERC20.pendingDelay (#174) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
owner() should be declared external:
- AnyswapV5ERC20.owner() (#188-190)
changeMPCOwner(address) should be declared external:
- AnyswapV5ERC20.changeMPCOwner(address) (#252-258)
Swapin(bytes32,address,uint256) should be declared external:
- AnyswapV5ERC20.Swapin(bytes32,address,uint256) (#271-275)
Swapout(uint256,address) should be declared external:
- AnyswapV5ERC20.Swapout(uint256,address) (#277-283)
Use the external attribute for functions never called from the contract.
Additional information: link
Token is not listed at Mobula.Finance
Additional information: link
Unable to find Telegram link on the website
Twitter account link seems to be invalid
Unable to find Blog account (Reddit or Medium)