Reef aims to be the future blockchain for DeFi, NFTs, and gaming. Our layer 1 blockchain is fast, scalable, has low transaction costs and does no wasteful mining. Reef features next-gen blockchain technology, utilizing Nominated Proof of Stake, extensible EVM, on-chain upgradability, libp2p networking and state of the art cryptography.
ReefToken._writeCheckpoint(address,uint32,uint256,uint256) (#1044-1062) uses a dangerous strict equality:
- nCheckpoints > 0 && checkpoints[delegatee][nCheckpoints - 1].fromBlock == blockNumber (#1054)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
ReefToken.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (#910-951) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now <= expiry,REEF::delegateBySig: signature expired) (#949)
Avoid relying on block.timestamp.
Additional information: link
ReefToken.getChainId() (#1069-1073) uses assembly
- INLINE ASM (#1071)
Address._functionCallWithValue(address,bytes,uint256,string) (#456-477) uses assembly
- INLINE ASM (#469-472)
Address.isContract(address) (#363-372) uses assembly
- INLINE ASM (#370)
Do not use evm assembly.
Additional information: link
ERC20.constructor(string,string).name (#536) shadows:
- ERC20.name() (#545-547) (function)
ERC20.constructor(string,string).symbol (#536) shadows:
- ERC20.symbol() (#553-555) (function)
Rename the local variables that shadow another component.
Additional information: link
Variable ReefToken._delegates (#852) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Pragma version^0.6.0 (#5) allows old versions
Pragma version^0.6.2 (#340) allows old versions
Pragma version^0.6.0 (#100) allows old versions
Pragma version^0.6.0 (#791) allows old versions
Pragma version^0.6.0 (#483) allows old versions
Pragma version^0.6.0 (#31) allows old versions
Pragma version^0.6.0 (#179) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#390-396):
- (success) = recipient.call{value: amount}() (#394)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#456-477):
- (success,returndata) = target.call{value: weiValue}(data) (#460)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#632-636)
burnFrom(address,uint256) should be declared external:
- ERC20Burnable.burnFrom(address,uint256) (#821-826)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#81-84)
mint(address,uint256) should be declared external:
- ReefToken.mint(address,uint256) (#840-843)
decimals() should be declared external:
- ERC20.decimals() (#570-572)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#669-672)
symbol() should be declared external:
- ERC20.symbol() (#553-555)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#596-599)
owner() should be declared external:
- Ownable.owner() (#62-64)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#650-653)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#90-94)
totalSupply() should be declared external:
- ERC20.totalSupply() (#577-579)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#615-618)
burn(uint256) should be declared external:
- ERC20Burnable.burn(uint256) (#806-808)
Use the external attribute for functions never called from the contract.
Additional information: link
Different versions of Solidity are used:
- Version used: ['0.6.12', '^0.6.0', '^0.6.2']
- ^0.6.0 (#5)
- ^0.6.0 (#31)
- ^0.6.0 (#100)
- ^0.6.0 (#179)
- ^0.6.2 (#340)
- ^0.6.0 (#483)
- ^0.6.0 (#791)
- 0.6.12 (#831)
Use one Solidity version.
Additional information: link
SafeMath.mul(uint256,uint256) (#253-265) is never used and should be removed
Address.sendValue(address,uint256) (#390-396) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#441-443) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#331-334) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#451-454) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#295-301) is never used and should be removed
ERC20._setupDecimals(uint8) (#767-769) is never used and should be removed
Context._msgData() (#22-25) is never used and should be removed
SafeMath.mod(uint256,uint256) (#315-317) is never used and should be removed
SafeMath.div(uint256,uint256) (#279-281) is never used and should be removed
Address._functionCallWithValue(address,bytes,uint256,string) (#456-477) is never used and should be removed
Address.isContract(address) (#363-372) is never used and should be removed
Address.functionCall(address,bytes,string) (#426-428) is never used and should be removed
Address.functionCall(address,bytes) (#416-418) is never used and should be removed
Remove unused functions.
Additional information: link
Redundant expression "this (#23)" inContext (#17-26)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Unable to find audit link on the website
Token is not listed at Mobula.Finance
Additional information: link
Twitter account link seems to be invalid