Lympo Market Token Token Logo

LMT [Lympo Market] Token

About LMT

Listings

Token 18 months
CoinGecko 17 months
CoinMarketCap 17 months

Website

[CoinMarketCap] alert: Important announcement about the future of the LMT token following the hacking incident on January 10, 2022
white paper

Lympo is building a sports NFTs ecosystem including NFTs with IP rights of world-famous athletes and clubs

Laser Scorebeta Last Audit: 31 May 2022

report
Token seems to be legit.

Anti-Scam

Links


Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)


Contract ownership is not renounced (belongs to a wallet)

AnyswapV4ERC20.depositWithTransferPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#323-326) ignores return value by IERC20(underlying).transferWithPermit(target,address(this),value,deadline,v,r,s) (#324)
Ensure that all the return values of the function calls are used.

Additional information: link

AnyswapV4ERC20.initVault(address)._vault (#187) lacks a zero-check on :
- vault = _vault (#189)
- pendingVault = _vault (#190)
AnyswapV4ERC20.setMinter(address)._auth (#197) lacks a zero-check on :
- pendingMinter = _auth (#198)
AnyswapV4ERC20.setVault(address)._vault (#202) lacks a zero-check on :
- pendingVault = _vault (#203)
AnyswapV4ERC20.constructor(string,string,uint8,address,address)._underlying (#282) lacks a zero-check on :
- underlying = _underlying (#286)
AnyswapV4ERC20.constructor(string,string,uint8,address,address)._vault (#282) lacks a zero-check on :
- vault = _vault (#297)
- pendingVault = _vault (#298)
Check that the address is not zero.

Additional information: link

Reentrancy in AnyswapV4ERC20.deposit() (#328-332):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),_amount) (#330)
State variables written after the call(s):
- _deposit(_amount,msg.sender) (#331)
- _totalSupply += amount (#388)
- _deposit(_amount,msg.sender) (#331)
- balanceOf[account] += amount (#389)
Reentrancy in AnyswapV4ERC20.deposit(uint256) (#334-337):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#335)
State variables written after the call(s):
- _deposit(amount,msg.sender) (#336)
- _totalSupply += amount (#388)
- _deposit(amount,msg.sender) (#336)
- balanceOf[account] += amount (#389)
Reentrancy in AnyswapV4ERC20.deposit(uint256,address) (#339-342):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#340)
State variables written after the call(s):
- _deposit(amount,to) (#341)
- _totalSupply += amount (#388)
- _deposit(amount,to) (#341)
- balanceOf[account] += amount (#389)
Reentrancy in AnyswapV4ERC20.depositWithPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#317-321):
External calls:
- IERC20(underlying).permit(target,address(this),value,deadline,v,r,s) (#318)
- IERC20(underlying).safeTransferFrom(target,address(this),value) (#319)
State variables written after the call(s):
- _deposit(value,to) (#320)
- _totalSupply += amount (#388)
- _deposit(value,to) (#320)
- balanceOf[account] += amount (#389)
Reentrancy in AnyswapV4ERC20.depositWithTransferPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#323-326):
External calls:
- IERC20(underlying).transferWithPermit(target,address(this),value,deadline,v,r,s) (#324)
State variables written after the call(s):
- _deposit(value,to) (#325)
- _totalSupply += amount (#388)
- _deposit(value,to) (#325)
- balanceOf[account] += amount (#389)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in AnyswapV4ERC20.deposit() (#328-332):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),_amount) (#330)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#390)
- _deposit(_amount,msg.sender) (#331)
Reentrancy in AnyswapV4ERC20.deposit(uint256) (#334-337):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#335)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#390)
- _deposit(amount,msg.sender) (#336)
Reentrancy in AnyswapV4ERC20.deposit(uint256,address) (#339-342):
External calls:
- IERC20(underlying).safeTransferFrom(msg.sender,address(this),amount) (#340)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#390)
- _deposit(amount,to) (#341)
Reentrancy in AnyswapV4ERC20.depositWithPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#317-321):
External calls:
- IERC20(underlying).permit(target,address(this),value,deadline,v,r,s) (#318)
- IERC20(underlying).safeTransferFrom(target,address(this),value) (#319)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#390)
- _deposit(value,to) (#320)
Reentrancy in AnyswapV4ERC20.depositWithTransferPermit(address,uint256,uint256,uint8,bytes32,bytes32,address) (#323-326):
External calls:
- IERC20(underlying).transferWithPermit(target,address(this),value,deadline,v,r,s) (#324)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#390)
- _deposit(value,to) (#325)
Apply the check-effects-interactions pattern.

Additional information: link

AnyswapV4ERC20.mpc() (#176-181) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp >= delayVault (#177)
AnyswapV4ERC20.applyVault() (#207-210) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(block.timestamp >= delayVault) (#208)
AnyswapV4ERC20.applyMinter() (#212-216) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(block.timestamp >= delayMinter) (#213)
AnyswapV4ERC20.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#445-462) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,AnyswapV3ERC20: Expired permit) (#446)
AnyswapV4ERC20.transferWithPermit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#464-488) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,AnyswapV3ERC20: Expired permit) (#465)
Avoid relying on block.timestamp.

Additional information: link

Address.isContract(address) (#79-85) uses assembly
- INLINE ASM (#83)
AnyswapV4ERC20.constructor(string,string,uint8,address,address) (#282-310) uses assembly
- INLINE ASM (#302)
Do not use evm assembly.

Additional information: link

SafeERC20.safeApprove(IERC20,address,uint256) (#99-104) is never used and should be removed
Remove unused functions.

Additional information: link

Pragma version0.8.2 (#7) allows old versions
solc-0.8.2 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Low level call in SafeERC20.callOptionalReturn(IERC20,bytes) (#105-116):
- (success,returndata) = address(token).call(data) (#109)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Parameter AnyswapV4ERC20.initVault(address)._vault (#187) is not in mixedCase
Parameter AnyswapV4ERC20.setMinter(address)._auth (#197) is not in mixedCase
Parameter AnyswapV4ERC20.setVault(address)._vault (#202) is not in mixedCase
Parameter AnyswapV4ERC20.revokeMinter(address)._auth (#219) is not in mixedCase
Function AnyswapV4ERC20.Swapin(bytes32,address,uint256) (#255-259) is not in mixedCase
Function AnyswapV4ERC20.Swapout(uint256,address) (#261-267) is not in mixedCase
Variable AnyswapV4ERC20.DOMAIN_SEPARATOR (#129) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

AnyswapV4ERC20.delay (#142) should be constant
AnyswapV4ERC20.delayDelay (#159) should be constant
AnyswapV4ERC20.pendingDelay (#158) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

owner() should be declared external:
- AnyswapV4ERC20.owner() (#172-174)
changeMPCOwner(address) should be declared external:
- AnyswapV4ERC20.changeMPCOwner(address) (#236-242)
Swapin(bytes32,address,uint256) should be declared external:
- AnyswapV4ERC20.Swapin(bytes32,address,uint256) (#255-259)
Swapout(uint256,address) should be declared external:
- AnyswapV4ERC20.Swapout(uint256,address) (#261-267)
Use the external attribute for functions never called from the contract.

Additional information: link

Holders:
No disclosed threats


Unable to find Youtube account


Unable to find whitepaper link on the website


Token is not listed at Mobula.Finance

Additional information: link


Unable to find audit link on the website

No disclosed threats

Price for LMT

News for LMT