Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Contract ownership is not renounced (belongs to a wallet)
ERC721._checkOnERC721Received(address,address,uint256,bytes) (#904-925) ignores return value by IERC721Receiver(to).onERC721Received(_msgSender(),from,tokenId,data) (#911-921)
Ensure that all the return values of the function calls are used.
Additional information: link
PanguBox.checkOwner(string).owner (#1118) shadows:
- Owner.owner (#970) (state variable)
PanguBox.open(string,string,string,uint8,bytes32,bytes32).owner (#1196) shadows:
- Owner.owner (#970) (state variable)
Rename the local variables that shadow another component.
Additional information: link
PanguBox.setManager(address) (#1071-1073) should emit an event for:
- managerAddress = _manager (#1072)
Emit an event for critical parameter changes.
Additional information: link
PanguBox.changeBeginTime(uint256) (#1036-1038) should emit an event for:
- beginTime = _beginTime (#1037)
Emit an event for critical parameter changes.
Additional information: link
Owner.changeOwner(address).newOwner (#998) lacks a zero-check on :
- owner = newOwner (#1000)
PanguBox.constructor(address,address,uint256)._managerAddress (#1017) lacks a zero-check on :
- managerAddress = _managerAddress (#1021)
PanguBox.constructor(address,address,uint256)._shopAddress (#1017) lacks a zero-check on :
- shop = _shopAddress (#1022)
PanguBox.changeShop(address)._shop (#1050) lacks a zero-check on :
- shop = _shop (#1051)
PanguBox.changeCard(address)._card (#1057) lacks a zero-check on :
- card = _card (#1058)
PanguBox.setManager(address)._manager (#1071) lacks a zero-check on :
- managerAddress = _manager (#1072)
Check that the address is not zero.
Additional information: link
Variable 'ERC721._checkOnERC721Received(address,address,uint256,bytes).retval (#911)' in ERC721._checkOnERC721Received(address,address,uint256,bytes) (#904-925) potentially used before declaration: retval == IERC721Receiver.onERC721Received.selector (#912)
Variable 'ERC721._checkOnERC721Received(address,address,uint256,bytes).reason (#913)' in ERC721._checkOnERC721Received(address,address,uint256,bytes) (#904-925) potentially used before declaration: reason.length == 0 (#914)
Variable 'ERC721._checkOnERC721Received(address,address,uint256,bytes).reason (#913)' in ERC721._checkOnERC721Received(address,address,uint256,bytes) (#904-925) potentially used before declaration: revert(uint256,uint256)(32 + reason,mload(uint256)(reason)) (#918)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
PanguBox.getSecond() (#1040-1042) uses timestamp for comparisons
Dangerous comparisons:
- beginTime >= block.timestamp (#1041)
PanguBox.open(string,string,string,uint8,bytes32,bytes32) (#1190-1212) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= beginTime && beginTime > 0,No start) (#1192)
Avoid relying on block.timestamp.
Additional information: link
Address.verifyCallResult(bool,bytes,string) (#423-443) uses assembly
- INLINE ASM (#435-438)
ERC721._checkOnERC721Received(address,address,uint256,bytes) (#904-925) uses assembly
- INLINE ASM (#917-919)
PanguBox._bytesToAddress(bytes) (#1141-1149) uses assembly
- INLINE ASM (#1146-1148)
Do not use evm assembly.
Additional information: link
Address.functionCall(address,bytes) (#307-309) is never used and should be removed
Address.functionCall(address,bytes,string) (#317-323) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#336-342) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#350-361) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#396-398) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#406-415) is never used and should be removed
Address.functionStaticCall(address,bytes) (#369-371) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#379-388) is never used and should be removed
Address.sendValue(address,uint256) (#282-287) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (#423-443) is never used and should be removed
Context._msgData() (#461-463) is never used and should be removed
ERC721._safeMint(address,uint256) (#764-766) is never used and should be removed
ERC721._safeMint(address,uint256,bytes) (#772-782) is never used and should be removed
Strings.toHexString(uint256) (#500-511) is never used and should be removed
Strings.toHexString(uint256,uint256) (#516-526) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#1) allows old versions
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#282-287):
- (success) = recipient.call{value: amount}() (#285)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#350-361):
- (success,returndata) = target.call{value: value}(data) (#359)
Low level call in Address.functionStaticCall(address,bytes,string) (#379-388):
- (success,returndata) = target.staticcall(data) (#386)
Low level call in Address.functionDelegateCall(address,bytes,string) (#406-415):
- (success,returndata) = target.delegatecall(data) (#413)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Parameter PanguBox.changeBeginTime(uint256)._beginTime (#1036) is not in mixedCase
Parameter PanguBox.changeShop(address)._shop (#1050) is not in mixedCase
Parameter PanguBox.changeCard(address)._card (#1057) is not in mixedCase
Parameter PanguBox.setManager(address)._manager (#1071) is not in mixedCase
Parameter PanguBox.buyMint(address,uint256,uint256,uint256)._to (#1087) is not in mixedCase
Parameter PanguBox.buyMint(address,uint256,uint256,uint256)._type (#1087) is not in mixedCase
Parameter PanguBox.strConcat(string,string,string)._a (#1150) is not in mixedCase
Parameter PanguBox.strConcat(string,string,string)._b (#1150) is not in mixedCase
Parameter PanguBox.strConcat(string,string,string)._c (#1150) is not in mixedCase
Parameter PanguBox.parseInt(string,uint256)._a (#1163) is not in mixedCase
Parameter PanguBox.parseInt(string,uint256)._b (#1163) is not in mixedCase
Parameter PanguBox.parseInt(string)._a (#1187) is not in mixedCase
Parameter PanguBox.open(string,string,string,uint8,bytes32,bytes32)._packageId (#1190) is not in mixedCase
Parameter PanguBox.open(string,string,string,uint8,bytes32,bytes32)._key (#1190) is not in mixedCase
Parameter PanguBox.open(string,string,string,uint8,bytes32,bytes32)._owner (#1190) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
PanguBox.slitherConstructorVariables() (#1016-1214) uses literals with too many digits:
- tokenId1 = 800000 (#1025)
PanguBox.slitherConstructorVariables() (#1016-1214) uses literals with too many digits:
- tokenId = 600000 (#1026)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
balanceOf(address) should be declared external:
- ERC721.balanceOf(address) (#578-581)
name() should be declared external:
- ERC721.name() (#595-597)
symbol() should be declared external:
- ERC721.symbol() (#602-604)
tokenURI(uint256) should be declared external:
- ERC721.tokenURI(uint256) (#609-614)
approve(address,uint256) should be declared external:
- ERC721.approve(address,uint256) (#628-638)
setApprovalForAll(address,bool) should be declared external:
- ERC721.setApprovalForAll(address,bool) (#652-654)
transferFrom(address,address,uint256) should be declared external:
- ERC721.transferFrom(address,address,uint256) (#666-675)
safeTransferFrom(address,address,uint256) should be declared external:
- ERC721.safeTransferFrom(address,address,uint256) (#680-686)
changeOwner(address) should be declared external:
- Owner.changeOwner(address) (#998-1001)
changeBeginTime(uint256) should be declared external:
- PanguBox.changeBeginTime(uint256) (#1036-1038)
changeShop(address) should be declared external:
- PanguBox.changeShop(address) (#1050-1052)
changeCard(address) should be declared external:
- PanguBox.changeCard(address) (#1057-1059)
setManager(address) should be declared external:
- PanguBox.setManager(address) (#1071-1073)
open(string,string,string,uint8,bytes32,bytes32) should be declared external:
- PanguBox.open(string,string,string,uint8,bytes32,bytes32) (#1190-1212)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts