ShopNEXT is a Shop-To-Earn Crypto Onboarding Platform promoted by Binance. We onboard new-to-crypto users by rewarding them free crypto (Bitcoin, Ethereum, BNB, USDT) when shopping at ShopNEXT partners.
In addition, for every shopping transaction, ShopNEXT also rewards users extra NEXT, the cryptocurrency issued by ShopNEXT. Users can sell NEXT on the DEX and CEX exchanges to make money. This is the first-ever Shop-To-Earn model ShopNEXT wants to build up.
ShopNEXT is backed by Shopiness, the top cashback platform in VietNam. Shopiness currently has 700.000 users and 100.000 MAU, who generate $4M GMV from 1M transactions monthly. ShopNEXT has already partnered with more than 600 local and global merchant brands such as: Shopee, Lazada, Amazon, Adidas, Booking.com, etc.
VIPLockToken._vipUnlock(address) (#307-325) uses a dangerous strict equality:
- ! vipLockOfAddress.existed || vipLockOfAddress.unlocked || vipLockOfAddress.unlockAfter == 0 || block.timestamp < vipLockOfAddress.unlockAfter (#312-315)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Contract ownership is not renounced (belongs to a wallet)
Pragma version^0.8.0 (#339) allows old versions
Pragma version^0.8.0 (#629) allows old versions
Pragma version^0.8.0 (#1087) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
BEP20.allowance(address,address).owner (#673) shadows:
- Ownable.owner() (#61-63) (function)
BEP20._approve(address,address,uint256).owner (#815) shadows:
- Ownable.owner() (#61-63) (function)
TimeLockedToken.constructor(string,string,uint256)._totalSupply (#1179) shadows:
- BEP20._totalSupply (#641) (state variable)
Rename the local variables that shadow another component.
Additional information: link
VIPLockToken.currentVIPLockTokenOf(address) (#194-215) uses timestamp for comparisons
Dangerous comparisons:
- vipLockOfAddress.unlockAfter > 0 && vipLockOfAddress.unlockAfter <= block.timestamp (#209-210)
VIPLockToken._vipLock(address,uint256) (#228-255) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= vipLockOfAddress.unlockRegisteredTime + relockVIPAddedTime,Await next lock VIP) (#240-243)
VIPLockToken.vipUnlockRequest() (#286-303) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(vipLockOfAddress.existed && ! vipLockOfAddress.unlocked && vipLockOfAddress.unlockAfter == 0 && vipLockOfAddress.unlockRegisteredTime == 0,Not valid unlock request) (#291-294)
VIPLockToken._vipUnlock(address) (#307-325) uses timestamp for comparisons
Dangerous comparisons:
- ! vipLockOfAddress.existed || vipLockOfAddress.unlocked || vipLockOfAddress.unlockAfter == 0 || block.timestamp < vipLockOfAddress.unlockAfter (#312-315)
SavingToken.earlyCloseSaving(uint256) (#1002-1015) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(mappingSavingIDToDetail[account][savingID].expectedReleaseTime > block.timestamp) (#1005-1008)
SavingToken.processSaving(uint256[],address[]) (#1031-1069) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(done,Failed tranfer) (#1065)
TimeLockedToken._unLockTimeLockedToken(address) (#1213-1247) uses timestamp for comparisons
Dangerous comparisons:
- timeLockByAddress.nextIndexTimeLock < timeLockByAddress.arrTimeLock.length && block.timestamp >= timeLockByAddress.arrTimeLock[timeLockByAddress.nextIndexTimeLock].unlockTime (#1222-1227)
ShopNextToken.transfer(address,uint256) (#1424-1438) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(getAvailableBalance(_msgSender()) >= _amount,Not enough unlocked token balance) (#1431-1434)
ShopNextToken.transferFrom(address,address,uint256) (#1440-1455) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(getAvailableBalance(_from) >= _amount,Not enough unlocked token balance of sender) (#1448-1451)
ShopNextToken.getAvailableBalance(address) (#1460-1473) uses timestamp for comparisons
Dangerous comparisons:
- balance <= (lockedAmount + vipLockedAmount + savingLockedAmount) (#1470)
Avoid relying on block.timestamp.
Additional information: link
Different versions of Solidity is used:
- Version used: ['0.8.7', '^0.8.0']
- 0.8.7 (#5)
- 0.8.7 (#31)
- 0.8.7 (#103)
- ^0.8.0 (#339)
- 0.8.7 (#418)
- 0.8.7 (#470)
- ^0.8.0 (#629)
- 0.8.7 (#838)
- ^0.8.0 (#1087)
- 0.8.7 (#1144)
- 0.8.7 (#1408)
Use one Solidity version.
Additional information: link
BEP20._burn(address,uint256) (#794-800) is never used and should be removed
BEP20._burnFrom(address,uint256) (#829-832) is never used and should be removed
Context._msgData() (#22-24) is never used and should be removed
SafeMath.div(uint256,uint256) (#566-568) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#583-590) is never used and should be removed
SafeMath.mod(uint256,uint256) (#603-605) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#620-623) is never used and should be removed
SafeMath.mul(uint256,uint256) (#542-553) is never used and should be removed
SafeMath.sub(uint256,uint256) (#511-513) is never used and should be removed
SavingToken.getTokenDecimal() (#1071) is never used and should be removed
Remove unused functions.
Additional information: link
Struct VIPLockToken.vipLockedToken (#108-115) is not in CapWords
Variable VIPLockToken._locker (#117) is not in mixedCase
Parameter SavingToken.overrideRates(uint8[],uint256[])._periodPlans (#936) is not in mixedCase
Parameter SavingToken.overrideRates(uint8[],uint256[])._rates (#937) is not in mixedCase
Parameter SavingToken.createSaving(uint256,uint8,bool,uint256)._amount (#974) is not in mixedCase
Parameter SavingToken.createSaving(uint256,uint8,bool,uint256)._periodPlan (#975) is not in mixedCase
Parameter SavingToken.createSaving(uint256,uint8,bool,uint256)._autoResaving (#976) is not in mixedCase
Variable SavingToken._savingPaused (#861) is not in mixedCase
Parameter TimeLockedToken.getLockedAmount(address)._addressLock (#1252) is not in mixedCase
Parameter TimeLockedToken.getNextScheduleUnlock(address)._addressLock (#1263) is not in mixedCase
Parameter TimeLockedToken.overwriteScheduleLock(address,uint256[],uint256[])._addressLock (#1290) is not in mixedCase
Parameter TimeLockedToken.overwriteScheduleLock(address,uint256[],uint256[])._arrAmount (#1291) is not in mixedCase
Parameter TimeLockedToken.overwriteScheduleLock(address,uint256[],uint256[])._arrUnlockTime (#1292) is not in mixedCase
Parameter TimeLockedToken.getScheduleLock(address,uint256)._addressLock (#1308) is not in mixedCase
Parameter TimeLockedToken.getScheduleLock(address,uint256)._index (#1308) is not in mixedCase
Parameter TimeLockedToken.addScheduleLockByAddress(address,uint256[],uint256[])._addressLock (#1323) is not in mixedCase
Parameter TimeLockedToken.addScheduleLockByAddress(address,uint256[],uint256[])._arrAmount (#1324) is not in mixedCase
Parameter TimeLockedToken.addScheduleLockByAddress(address,uint256[],uint256[])._arrUnlockTime (#1325) is not in mixedCase
Function TimeLockedToken._unLockTimeLockedTokenForAddress(address) (#1375-1380) is not in mixedCase
Parameter TimeLockedToken._unLockTimeLockedTokenForAddress(address)._address (#1375) is not in mixedCase
Variable TimeLockedToken._manager (#1161) is not in mixedCase
Parameter ShopNextToken.transfer(address,uint256)._receiver (#1424) is not in mixedCase
Parameter ShopNextToken.transfer(address,uint256)._amount (#1424) is not in mixedCase
Parameter ShopNextToken.transferFrom(address,address,uint256)._from (#1441) is not in mixedCase
Parameter ShopNextToken.transferFrom(address,address,uint256)._receiver (#1442) is not in mixedCase
Parameter ShopNextToken.transferFrom(address,address,uint256)._amount (#1443) is not in mixedCase
Parameter ShopNextToken.getAvailableBalance(address)._address (#1460) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
ShopNextToken.constructor() (#1422) uses literals with too many digits:
- TimeLockedToken(ShopNext Token,NEXT,1000000000) (#1422)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#80-82)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#88-91)
transferLocker(address) should be declared external:
- VIPLockToken.transferLocker(address) (#145-154)
modifyUnlockAddedTime(uint256) should be declared external:
- VIPLockToken.modifyUnlockAddedTime(uint256) (#156-164)
modifyRelockVIPAddedTime(uint256) should be declared external:
- VIPLockToken.modifyRelockVIPAddedTime(uint256) (#166-177)
getRelockVIPAddedTime() should be declared external:
- VIPLockToken.getRelockVIPAddedTime() (#182-184)
getUnlockAddedTime() should be declared external:
- VIPLockToken.getUnlockAddedTime() (#188-190)
vipLockToken(uint256) should be declared external:
- VIPLockToken.vipLockToken(uint256) (#219-224)
vipLockInfo(address) should be declared external:
- VIPLockToken.vipLockInfo(address) (#259-282)
vipUnlockRequest() should be declared external:
- VIPLockToken.vipUnlockRequest() (#286-303)
totalSupply() should be declared external:
- BEP20.totalSupply() (#646-648)
transferSavingOperator(address) should be declared external:
- SavingToken.transferSavingOperator(address) (#901-910)
savingInfo(address,uint256) should be declared external:
- SavingToken.savingInfo(address,uint256) (#914-920)
savingFeaturePausedMode(bool) should be declared external:
- SavingToken.savingFeaturePausedMode(bool) (#924-931)
getSavingRate(uint8) should be declared external:
- SavingToken.getSavingRate(uint8) (#949-951)
createSaving(uint256,uint8,bool,uint256) should be declared external:
- SavingToken.createSaving(uint256,uint8,bool,uint256) (#973-998)
earlyCloseSaving(uint256) should be declared external:
- SavingToken.earlyCloseSaving(uint256) (#1002-1015)
configureAutoResaving(uint256,bool) should be declared external:
- SavingToken.configureAutoResaving(uint256,bool) (#1017-1026)
getNextScheduleUnlock(address) should be declared external:
- TimeLockedToken.getNextScheduleUnlock(address) (#1263-1284)
getScheduleLock(address,uint256) should be declared external:
- TimeLockedToken.getScheduleLock(address,uint256) (#1308-1317)
transferManager(address) should be declared external:
- TimeLockedToken.transferManager(address) (#1385-1387)
enableTransfers(bool) should be declared external:
- ShopNextToken.enableTransfers(bool) (#1503-1507)
Use the external attribute for functions never called from the contract.
Additional information: link
SavingToken.processSaving(uint256[],address[]) (#1031-1069) has external calls inside a loop: done = BEP20(address(this)).transfer(accounts[i],interest) (#1064)
Favor pull over push strategy for external calls.
Additional information: link
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Telegram account link seems to be invalid
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account