Spore™ is an NFT platform on the Avalanche network and the developer of the hyperdeflationary SPORE currency.
Our products include the first mass-adopted cross-chain bridge from Avalanche to Binance Smart Chain, NFT collections to commemorate special events, a next-generation NFT prediction market (in development), and several yet-to-be-announced services that will stand at the intersection of blockspace and physical events and help transition the planet to decentralized living.
BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207) sends eth to arbitrary user
Dangerous calls:
- address(admin).transfer(address(this).balance) (#195)
BridgeSporeBSC.burn(address,uint256) (#176-190) sends eth to arbitrary user
Dangerous calls:
- address(admin).transfer(address(this).balance) (#178)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
BridgeSporeBSC.mint(address,uint256,uint256) (#209-223) compares to a boolean constant:
-require(bool,string)(processedNonces[otherChainNonce] == false,transfer already processed) (#211)
Remove the equality to the boolean constant.
Additional information: link
SafeMath.sub(uint256,uint256) (#328-330) is never used and should be removed
SafeMath.tryDiv(uint256,uint256) (#285-290) is never used and should be removed
SafeMath.add(uint256,uint256) (#314-316) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (#297-302) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (#389-394) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (#243-249) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#434-439) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#412-417) is never used and should be removed
Context._msgData() (#94-97) is never used and should be removed
SafeMath.mod(uint256,uint256) (#372-374) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (#268-278) is never used and should be removed
SafeMath.trySub(uint256,uint256) (#256-261) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#1) allows old versions
Pragma version^0.8.0 (#78) allows old versions
Pragma version^0.8.0 (#86) allows old versions
solc-0.8.0 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
SporeBSC.updateAdmin(address).newAdmin (#785) lacks a zero-check on :
- admin = newAdmin (#787)
Check that the address is not zero.
Additional information: link
BridgeSporeBSC.changeFees(uint256) (#225-227) should emit an event for:
- fees = newFees (#226)
Emit an event for critical parameter changes.
Additional information: link
Reentrancy in BridgeSporeBSC.mint(address,uint256,uint256) (#209-223):
External calls:
- token.mint(to,amount) (#213)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,otherChainNonce,0,Step.Mint) (#214-222)
Reentrancy in BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207):
External calls:
- token.burn(msg.sender,amount) (#196)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#195)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,percent,Step.BurnAndSwap) (#197-205)
Reentrancy in BridgeSporeBSC.burn(address,uint256) (#176-190):
External calls:
- token.burn(msg.sender,amount) (#179)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#178)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,0,Step.Burn) (#180-188)
Apply the check-effects-interactions pattern.
Additional information: link
SporeBSC (#778-800) should inherit from IToken (#80-83)
Inherit from the missing interface or contract.
Additional information: link
Redundant expression "this (#95)" inContext (#89-98)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in BridgeSporeBSC.burn(address,uint256) (#176-190):
External calls:
- address(admin).transfer(address(this).balance) (#178)
State variables written after the call(s):
- nonce ++ (#189)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,0,Step.Burn) (#180-188)
Reentrancy in BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207):
External calls:
- address(admin).transfer(address(this).balance) (#195)
State variables written after the call(s):
- nonce ++ (#206)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,percent,Step.BurnAndSwap) (#197-205)
Apply the check-effects-interactions pattern.
Additional information: link
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#617-625)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#136-139)
decimals() should be declared external:
- ERC20.decimals() (#554-556)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#658-664)
symbol() should be declared external:
- ERC20.symbol() (#537-539)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (#568-570)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#580-583)
owner() should be declared external:
- Ownable.owner() (#117-119)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#639-642)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#145-149)
name() should be declared external:
- ERC20.name() (#529-531)
totalSupply() should be declared external:
- ERC20.totalSupply() (#561-563)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#599-602)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#588-590)
Use the external attribute for functions never called from the contract.
Additional information: link
ERC20._transfer(address,address,uint256) (#680-695) performs a multiplication on the result of a division:
-_balances[address(this)] += amount.div(100).mul(6) (#691)
ERC20._transfer(address,address,uint256) (#680-695) performs a multiplication on the result of a division:
-burned += amount.div(100).mul(6) (#692)
ERC20._transfer(address,address,uint256) (#680-695) performs a multiplication on the result of a division:
-_balances[recipient] += amount.div(100).mul(94) (#690)
Consider ordering multiplication before division.
Additional information: link
SporeBSC.constructor(string,string).name (#781) shadows:
- ERC20.name() (#529-531) (function)
- IERC20Metadata.name() (#451) (function)
SporeBSC.constructor(string,string).symbol (#781) shadows:
- ERC20.symbol() (#537-539) (function)
- IERC20Metadata.symbol() (#456) (function)
Rename the local variables that shadow another component.
Additional information: link
Reentrancy in BridgeSporeBSC.burn(address,uint256) (#176-190):
External calls:
- token.burn(msg.sender,amount) (#179)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#178)
State variables written after the call(s):
- nonce ++ (#189)
Reentrancy in BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207):
External calls:
- token.burn(msg.sender,amount) (#196)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#195)
State variables written after the call(s):
- nonce ++ (#206)
Apply the check-effects-interactions pattern.
Additional information: link
Token is not listed at Mobula.Finance
Additional information: link
Unable to find audit link on the website
Unable to find whitepaper link on the website
Twitter account link seems to be invalid