Piggy is a decentralized borrowing protocol that offers interest-free, efficiently collateralized loans backed by $BNB. Unlike competing DeFi lenders, Piggy runs liquidations by making use of a Stability Pool mechanism instead of auctions, which allows it to make more efficient use of capital and offer loans with minimum collateral ratios as low as 110%.
Loans on Piggy are drawn in $PUSD, a dollar-pegged stablecoin. Any user (borrower or otherwise), can deposit $PUSD in the Stability Pool to become a Stability Provider and earn $PIGGY rewards while doing so. When participating in the Stability Pool, users will gradually see their $PUSD balances decrease while also seeing their $BNB (and $PIGGY) balances increase. These changes come from Stability Providers receiving pro-rata shares of $BNB when liquidations happen, along with a continuous stream of $PIGGY rewards.
$PIGGY is the secondary token of the protocol, which can be staked to receive a share of protocol fees from loan originations, and $PUSD redemptions. In due time, following the principles of progressive and orderly decentralization, $PIGGY will also be used to participate in the protocol’s governance-minimized decentralized autonomous organization and vote on matters like Upgrades, Treasury policies, and Contributor grants.
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.
ERC1967Upgrade._upgradeToAndCall(address,bytes,bool) (#441-447) ignores return value by Address.functionDelegateCall(newImplementation,data) (#445)
ERC1967Upgrade._upgradeToAndCallSecure(address,bytes,bool) (#454-482) ignores return value by Address.functionDelegateCall(newImplementation,data) (#460)
ERC1967Upgrade._upgradeToAndCallSecure(address,bytes,bool) (#454-482) ignores return value by Address.functionDelegateCall(newImplementation,abi.encodeWithSignature(upgradeTo(address),oldImplementation)) (#468-474)
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (#490-496) ignores return value by Address.functionDelegateCall(IBeacon(newBeacon).implementation(),data) (#494)
Ensure that all the return values of the function calls are used.
Additional information: link
Modifier TransparentUpgradeableProxy.ifAdmin() (#643-649) does not always execute _; or revert
All the paths in a modifier must execute _ or revert.
Additional information: link
Reentrancy in ERC1967Upgrade._upgradeToAndCallSecure(address,bytes,bool) (#454-482):
External calls:
- Address.functionDelegateCall(newImplementation,data) (#460)
- Address.functionDelegateCall(newImplementation,abi.encodeWithSignature(upgradeTo(address),oldImplementation)) (#468-474)
Event emitted after the call(s):
- Upgraded(newImplementation) (#480)
Reentrancy in TransparentUpgradeableProxy.constructor(address,address,bytes) (#635-638):
External calls:
- ERC1967Proxy(_logic,_data) (#635)
- (success,returndata) = target.delegatecall(data) (#270)
- Address.functionDelegateCall(newImplementation,data) (#445)
Event emitted after the call(s):
- AdminChanged(_getAdmin(),newAdmin) (#531)
- _changeAdmin(admin_) (#637)
Apply the check-effects-interactions pattern.
Additional information: link
Proxy._delegate(address) (#22-42) uses assembly
- INLINE ASM (#24-41)
Address.isContract(address) (#129-138) uses assembly
- INLINE ASM (#136)
Address._verifyCallResult(bool,bytes,string) (#274-291) uses assembly
- INLINE ASM (#283-286)
StorageSlot.getAddressSlot(bytes32) (#345-349) uses assembly
- INLINE ASM (#346-348)
StorageSlot.getBooleanSlot(bytes32) (#354-358) uses assembly
- INLINE ASM (#355-357)
StorageSlot.getBytes32Slot(bytes32) (#363-367) uses assembly
- INLINE ASM (#364-366)
StorageSlot.getUint256Slot(bytes32) (#372-376) uses assembly
- INLINE ASM (#373-375)
Do not use evm assembly.
Additional information: link
Different versions of Solidity is used:
- Version used: ['^0.8.0', '^0.8.2']
- ^0.8.0 (#4)
- ^0.8.0 (#89)
- ^0.8.0 (#106)
- ^0.8.0 (#297)
- ^0.8.2 (#382)
- ^0.8.0 (#572)
- ^0.8.0 (#606)
Use one Solidity version.
Additional information: link
Address.functionCall(address,bytes) (#182-184) is never used and should be removed
Address.functionCall(address,bytes,string) (#192-194) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#207-209) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#217-224) is never used and should be removed
Address.functionStaticCall(address,bytes) (#232-234) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#242-248) is never used and should be removed
Address.sendValue(address,uint256) (#156-162) is never used and should be removed
ERC1967Upgrade._getBeacon() (#549-551) is never used and should be removed
ERC1967Upgrade._setBeacon(address) (#556-566) is never used and should be removed
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (#490-496) is never used and should be removed
ERC1967Upgrade._upgradeTo(address) (#431-434) is never used and should be removed
ERC1967Upgrade._upgradeToAndCallSecure(address,bytes,bool) (#454-482) is never used and should be removed
Proxy._implementation() (#48) is never used and should be removed
StorageSlot.getBooleanSlot(bytes32) (#354-358) is never used and should be removed
StorageSlot.getBytes32Slot(bytes32) (#363-367) is never used and should be removed
StorageSlot.getUint256Slot(bytes32) (#372-376) is never used and should be removed
TransparentUpgradeableProxy._admin() (#711-713) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#4) allows old versions
Pragma version^0.8.0 (#89) allows old versions
Pragma version^0.8.0 (#106) allows old versions
Pragma version^0.8.0 (#297) allows old versions
Pragma version^0.8.2 (#382) allows old versions
Pragma version^0.8.0 (#572) allows old versions
Pragma version^0.8.0 (#606) allows old versions
solc-0.8.2 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#156-162):
- (success) = recipient.call{value: amount}() (#160)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#217-224):
- (success,returndata) = target.call{value: value}(data) (#222)
Low level call in Address.functionStaticCall(address,bytes,string) (#242-248):
- (success,returndata) = target.staticcall(data) (#246)
Low level call in Address.functionDelegateCall(address,bytes,string) (#266-272):
- (success,returndata) = target.delegatecall(data) (#270)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
TransparentUpgradeableProxy (#630-723) should inherit from IBeacon (#94-101)
Inherit from the missing interface or contract.
Additional information: link
Unable to find token contract audit
Unable to find audit link on the website
Unable to find token on CoinHunt
Additional information: link
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Token has relatively low CoinGecko rank
Unable to find Youtube account