Roseon Finance is a mobile yield aggregator that manages your crypto + NFT portfolio and optimizes yield across DeFi and CeFi networks.
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
LGEWhitelisted._applyLGEWhitelist(address,address,uint256) (#798-827) uses a dangerous strict equality:
- _lgeTimestamp == 0 && sender != _lgePairAddress && recipient == _lgePairAddress && amount > 0 (#805)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Contract ownership is not renounced (belongs to a wallet)
Redundant expression "this (#24)" inContext (#18-27)
Remove redundant statements if they congest code but offer no value.
Additional information: link
RoseonToken.constructor() (#1021) uses literals with too many digits:
- LockCoin(Roseon token,ROSN,100000000 * 10 ** 18) (#1021)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
BEP20.allowance(address,address).owner (#439) shadows:
- Ownable.owner() (#64-66) (function)
BEP20._approve(address,address,uint256).owner (#610) shadows:
- Ownable.owner() (#64-66) (function)
LockCoin.constructor(string,string,uint256).symbol (#839) shadows:
- BEP20.symbol() (#388-390) (function)
- IBEP20Metadata.symbol() (#203) (function)
LockCoin.constructor(string,string,uint256).name (#838) shadows:
- BEP20.name() (#380-382) (function)
- IBEP20Metadata.name() (#198) (function)
LockCoin.constructor(string,string,uint256).totalSupply (#840) shadows:
- BEP20.totalSupply() (#412-414) (function)
- IBEP20.totalSupply() (#112) (function)
Rename the local variables that shadow another component.
Additional information: link
LGEWhitelisted.createLGEWhitelist(address,uint256[],uint256[]).pairAddress (#698) lacks a zero-check on :
- _lgePairAddress = pairAddress (#704)
Check that the address is not zero.
Additional information: link
LGEWhitelisted.getLGEWhitelistRound() (#759-791) uses timestamp for comparisons
Dangerous comparisons:
- _lgeTimestamp > 0 (#771)
- block.timestamp <= wlCloseTimestampLast (#778)
LockCoin._unLock(address) (#904-925) uses timestamp for comparisons
Dangerous comparisons:
- timeLockByAddress.nextIndexTimeLock < timeLockByAddress.arrTimeLock.length && block.timestamp >= timeLockByAddress.arrTimeLock[timeLockByAddress.nextIndexTimeLock].unlockTime (#911-912)
LGEWhitelisted._applyLGEWhitelist(address,address,uint256) (#798-827) uses timestamp for comparisons
Dangerous comparisons:
- _lgeTimestamp == 0 && sender != _lgePairAddress && recipient == _lgePairAddress && amount > 0 (#805)
- wlRoundNumber > 0 (#813)
Avoid relying on block.timestamp.
Additional information: link
BEP20._burn(address,uint256) (#583-594) is never used and should be removed
Pausable._pause() (#284-287) is never used and should be removed
Pausable._unpause() (#296-299) is never used and should be removed
Context._msgData() (#23-26) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#833) allows old versions
Pragma version^0.8.0 (#215) allows old versions
Pragma version^0.8.0 (#645) allows old versions
Pragma version^0.8.0 (#324) allows old versions
Pragma version^0.8.0 (#103) allows old versions
Pragma version^0.8.0 (#187) allows old versions
Pragma version^0.8.0 (#33) allows old versions
Pragma version^0.8.0 (#6) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Parameter LockCoin.overwriteScheduleLock(address,uint256[],uint256[])._addressLock (#958) is not in mixedCase
Parameter LockCoin.addScheduleLockByAddress(address,uint256[],uint256[])._arrUnlockTime (#983) is not in mixedCase
Parameter RoseonToken.transferFrom(address,address,uint256)._amount (#1032) is not in mixedCase
Parameter RoseonToken.getAvailableBalance(address)._lockedAddress (#1039) is not in mixedCase
Parameter LockCoin.overwriteScheduleLock(address,uint256[],uint256[])._arrAmount (#959) is not in mixedCase
Parameter LockCoin.getLockedAmount(address)._addressLock (#930) is not in mixedCase
Variable LockCoin._locker (#850) is not in mixedCase
Parameter RoseonToken.transfer(address,uint256)._receiver (#1023) is not in mixedCase
Parameter RoseonToken.transferFrom(address,address,uint256)._from (#1030) is not in mixedCase
Parameter LockCoin.addScheduleLockByAddress(address,uint256[],uint256[])._arrAmount (#982) is not in mixedCase
Parameter LockCoin.addScheduleLockByAddress(address,uint256[],uint256[])._addressLock (#981) is not in mixedCase
Parameter LockCoin.getScheduleLock(address,uint256)._index (#970) is not in mixedCase
Parameter RoseonToken.transferFrom(address,address,uint256)._receiver (#1031) is not in mixedCase
Variable LGEWhitelisted._lgeWhitelistRounds (#655) is not in mixedCase
Parameter RoseonToken.transfer(address,uint256)._amount (#1023) is not in mixedCase
Variable LGEWhitelisted._lgeTimestamp (#657) is not in mixedCase
Parameter LockCoin.getNextScheduleUnlock(address)._addressLock (#937) is not in mixedCase
Variable LGEWhitelisted._lgePairAddress (#658) is not in mixedCase
Parameter LockCoin.getScheduleLock(address,uint256)._addressLock (#970) is not in mixedCase
Parameter LockCoin.overwriteScheduleLock(address,uint256[],uint256[])._arrUnlockTime (#960) is not in mixedCase
Variable LGEWhitelisted._whitelister (#660) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
symbol() should be declared external:
- BEP20.symbol() (#388-390)
getNextScheduleUnlock(address) should be declared external:
- LockCoin.getNextScheduleUnlock(address) (#937-952)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#83-86)
pause() should be declared external:
- Pausable.pause() (#304-308)
approve(address,uint256) should be declared external:
- BEP20.approve(address,uint256) (#450-453)
name() should be declared external:
- BEP20.name() (#380-382)
overwriteScheduleLock(address,uint256[],uint256[]) should be declared external:
- LockCoin.overwriteScheduleLock(address,uint256[],uint256[]) (#957-965)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#92-96)
unlockRoseon() should be declared external:
- LockCoin.unlockRoseon() (#990-992)
unpause() should be declared external:
- Pausable.unpause() (#313-317)
allowance(address,address) should be declared external:
- BEP20.allowance(address,address) (#439-441)
totalSupply() should be declared external:
- BEP20.totalSupply() (#412-414)
decimals() should be declared external:
- BEP20.decimals() (#405-407)
addScheduleLockByAddress(address,uint256[],uint256[]) should be declared external:
- LockCoin.addScheduleLockByAddress(address,uint256[],uint256[]) (#980-988)
increaseAllowance(address,uint256) should be declared external:
- BEP20.increaseAllowance(address,uint256) (#494-497)
decreaseAllowance(address,uint256) should be declared external:
- BEP20.decreaseAllowance(address,uint256) (#513-519)
getScheduleLock(address,uint256) should be declared external:
- LockCoin.getScheduleLock(address,uint256) (#970-975)
Use the external attribute for functions never called from the contract.
Additional information: link