Velhalla is a crypto-metaverse experience in a new way, an NFT world you can control, influence, earn, and more.
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Contract name (VELHALLA.io) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
TransparentUpgradeableProxy.constructor(address,address).admin (#168) shadows:
- TransparentUpgradeableProxy.admin() (#206-208) (function)
TransparentUpgradeableProxy.constructor(address,address).implementation (#168) shadows:
- TransparentUpgradeableProxy.implementation() (#219-221) (function)
Rename the local variables that shadow another component.
Additional information: link
TransparentUpgradeableProxy.upgradeToAndCall(address,bytes).newImplementation (#252) lacks a zero-check on :
- (success) = newImplementation.delegatecall(data) (#255)
Check that the address is not zero.
Additional information: link
Modifier TransparentUpgradeableProxy.ifAdmin() (#189-195) does not always execute _; or revert
All the paths in a modifier must execute _ or revert.
Additional information: link
Proxy._delegate(address) (#19-39) uses assembly
- INLINE ASM (#21-38)
UpgradeableProxy._implementation() (#108-114) uses assembly
- INLINE ASM (#111-113)
UpgradeableProxy._setImplementation(address) (#129-139) uses assembly
- INLINE ASM (#136-138)
TransparentUpgradeableProxy._admin() (#262-268) uses assembly
- INLINE ASM (#265-267)
TransparentUpgradeableProxy._setAdmin(address) (#273-281) uses assembly
- INLINE ASM (#278-280)
Do not use evm assembly.
Additional information: link
Proxy._implementation() (#45) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in TransparentUpgradeableProxy.upgradeToAndCall(address,bytes) (#252-257):
- (success) = newImplementation.delegatecall(data) (#255)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Unable to find token contract audit
Unable to find audit link on the website
Unable to find token on CoinHunt
Additional information: link
Unable to find code repository for the project
Young tokens have high risks of price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death