Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
ERC20Votes._writeCheckpoint(ERC20Votes.Checkpoint[],function(uint256,uint256) returns(uint256),uint256) (#2234-2248) uses a dangerous strict equality:
- pos > 0 && ckpts[pos - 1].fromBlock == block.number (#2243)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Contract name (OSSDAO on BSC OSSDAO.ORG) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
ERC20Votes._moveVotingPower(address,address,uint256).oldWeight_scope_0 (#2228) is a local variable never initialized
ERC20Votes._moveVotingPower(address,address,uint256).newWeight_scope_1 (#2228) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
ERC20Permit.constructor(string).name (#1944) shadows:
- ERC20.name() (#1612-1614) (function)
- IERC20Metadata.name() (#1537) (function)
Rename the local variables that shadow another component.
Additional information: link
OSSOnBSC.setSinger(address).signer (#2542) lacks a zero-check on :
- _cSigner = signer (#2543)
Check that the address is not zero.
Additional information: link
Variable 'ECDSA.tryRecover(bytes32,bytes).r (#527)' in ECDSA.tryRecover(bytes32,bytes) (#522-551) potentially used before declaration: r = mload(uint256)(signature + 0x20) (#544)
Variable 'ERC20Votes._moveVotingPower(address,address,uint256).newWeight (#2223)' in ERC20Votes._moveVotingPower(address,address,uint256) (#2216-2232) potentially used before declaration: (oldWeight,newWeight) = _writeCheckpoint(_checkpoints[dst],_add,amount) (#2228)
Variable 'ERC20Votes._moveVotingPower(address,address,uint256).oldWeight (#2223)' in ERC20Votes._moveVotingPower(address,address,uint256) (#2216-2232) potentially used before declaration: (oldWeight,newWeight) = _writeCheckpoint(_checkpoints[dst],_add,amount) (#2228)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
ERC20Permit.permit(address,address,uint256,uint256,uint8,bytes32,bytes32) (#1949-1968) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= deadline,ERC20Permit: expired deadline) (#1958)
ERC20Votes.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (#2141-2158) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp <= expiry,ERC20Votes: signature expired) (#2149)
Avoid relying on block.timestamp.
Additional information: link
ECDSA.tryRecover(bytes32,bytes) (#522-551) uses assembly
- INLINE ASM (#532-536)
- INLINE ASM (#543-546)
ECDSA.tryRecover(bytes32,bytes32,bytes32) (#580-592) uses assembly
- INLINE ASM (#587-590)
OSSOnBSC.getChainID() (#2563-2569) uses assembly
- INLINE ASM (#2565-2567)
Do not use evm assembly.
Additional information: link
Different versions of Solidity is used:
- Version used: ['^0.8.0', '^0.8.2']
- ^0.8.0 (#6)
- ^0.8.0 (#34)
- ^0.8.0 (#65)
- ^0.8.0 (#156)
- ^0.8.0 (#400)
- ^0.8.0 (#470)
- ^0.8.0 (#706)
- ^0.8.0 (#812)
- ^0.8.0 (#875)
- ^0.8.0 (#921)
- ^0.8.0 (#967)
- ^0.8.0 (#1017)
- ^0.8.0 (#1044)
- ^0.8.0 (#1269)
- ^0.8.0 (#1362)
- ^0.8.0 (#1440)
- ^0.8.0 (#1525)
- ^0.8.0 (#1555)
- ^0.8.0 (#1913)
- ^0.8.0 (#2002)
- ^0.8.0 (#2264)
- ^0.8.0 (#2461)
- ^0.8.2 (#2504)
Use one Solidity version.
Additional information: link
AccessControl._setRoleAdmin(bytes32,bytes32) (#1233-1237) is never used and should be removed
AccessControl._setupRole(bytes32,address) (#1224-1226) is never used and should be removed
Context._msgData() (#1034-1036) is never used and should be removed
Counters.decrement(Counters.Counter) (#903-909) is never used and should be removed
Counters.reset(Counters.Counter) (#911-913) is never used and should be removed
ECDSA.recover(bytes32,bytes32,bytes32) (#599-607) is never used and should be removed
ECDSA.toEthSignedMessageHash(bytes) (#683-685) is never used and should be removed
ECDSA.toEthSignedMessageHash(bytes32) (#669-673) is never used and should be removed
ERC20Votes._add(uint256,uint256) (#2250-2252) is never used and should be removed
ERC20Votes._subtract(uint256,uint256) (#2254-2256) is never used and should be removed
Math.ceilDiv(uint256,uint256) (#956-959) is never used and should be removed
Math.max(uint256,uint256) (#930-932) is never used and should be removed
Math.min(uint256,uint256) (#937-939) is never used and should be removed
OSSOnBSC.getChainID() (#2563-2569) is never used and should be removed
SafeCast.toInt128(int256) (#304-307) is never used and should be removed
SafeCast.toInt16(int256) (#358-361) is never used and should be removed
SafeCast.toInt256(uint256) (#388-392) is never used and should be removed
SafeCast.toInt32(int256) (#340-343) is never used and should be removed
SafeCast.toInt64(int256) (#322-325) is never used and should be removed
SafeCast.toInt8(int256) (#376-379) is never used and should be removed
SafeCast.toUint128(uint256) (#199-202) is never used and should be removed
SafeCast.toUint16(uint256) (#259-262) is never used and should be removed
SafeCast.toUint256(int256) (#286-289) is never used and should be removed
SafeCast.toUint64(uint256) (#229-232) is never used and should be removed
SafeCast.toUint8(uint256) (#274-277) is never used and should be removed
SafeCast.toUint96(uint256) (#214-217) is never used and should be removed
Strings.toHexString(uint256) (#436-447) is never used and should be removed
Strings.toString(uint256) (#411-431) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#6) allows old versions
Pragma version^0.8.0 (#34) allows old versions
Pragma version^0.8.0 (#65) allows old versions
Pragma version^0.8.0 (#156) allows old versions
Pragma version^0.8.0 (#400) allows old versions
Pragma version^0.8.0 (#470) allows old versions
Pragma version^0.8.0 (#706) allows old versions
Pragma version^0.8.0 (#812) allows old versions
Pragma version^0.8.0 (#875) allows old versions
Pragma version^0.8.0 (#921) allows old versions
Pragma version^0.8.0 (#967) allows old versions
Pragma version^0.8.0 (#1017) allows old versions
Pragma version^0.8.0 (#1044) allows old versions
Pragma version^0.8.0 (#1269) allows old versions
Pragma version^0.8.0 (#1362) allows old versions
Pragma version^0.8.0 (#1440) allows old versions
Pragma version^0.8.0 (#1525) allows old versions
Pragma version^0.8.0 (#1555) allows old versions
Pragma version^0.8.0 (#1913) allows old versions
Pragma version^0.8.0 (#2002) allows old versions
Pragma version^0.8.0 (#2264) allows old versions
Pragma version^0.8.0 (#2461) allows old versions
Pragma version^0.8.2 (#2504) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Variable EIP712._CACHED_DOMAIN_SEPARATOR (#732) is not in mixedCase
Variable EIP712._CACHED_CHAIN_ID (#733) is not in mixedCase
Variable EIP712._CACHED_THIS (#734) is not in mixedCase
Variable EIP712._HASHED_NAME (#736) is not in mixedCase
Variable EIP712._HASHED_VERSION (#737) is not in mixedCase
Variable EIP712._TYPE_HASH (#738) is not in mixedCase
Function IERC20Permit.DOMAIN_SEPARATOR() (#867) is not in mixedCase
Function ERC20Permit.DOMAIN_SEPARATOR() (#1981-1983) is not in mixedCase
Variable ERC20Permit._PERMIT_TYPEHASH (#1936-1937) is not in mixedCase
Event OSSOnBSCbridgeOutLog(address,uint256,uint256,uint256) (#2540) is not in CapWords
Follow the Solidity naming convention.
Additional information: link
OSSOnBSC._totalLocked (#2523) is never used in OSSOnBSC (#2514-2633)
Remove unused state variables.
Additional information: link
OSSOnBSC._totalLocked (#2523) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts