Spore Token Logo

SPORE Token

About SPORE

Listings

Token 13 months
CoinGecko 14 months
CoinMarketCap 12 months

Spore™ is an NFT platform on the Avalanche network and the developer of the hyperdeflationary SPORE currency.

Our products include the first mass-adopted cross-chain bridge from Avalanche to Binance Smart Chain, NFT collections to commemorate special events, a next-generation NFT prediction market (in development), and several yet-to-be-announced services that will stand at the intersection of blockspace and physical events and help transition the planet to decentralized living.

Laser Scorebeta Last Audit: 27 April 2022

report
Code:

BridgeSporeBSC.burn(address,uint256) (#176-190) sends eth to arbitrary user
Dangerous calls:
- address(admin).transfer(address(this).balance) (#178)
BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207) sends eth to arbitrary user
Dangerous calls:
- address(admin).transfer(address(this).balance) (#195)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

ERC20._transfer(address,address,uint256) (#680-695) performs a multiplication on the result of a division:
-_balances[recipient] += amount.div(100).mul(94) (#690)
ERC20._transfer(address,address,uint256) (#680-695) performs a multiplication on the result of a division:
-_balances[address(this)] += amount.div(100).mul(6) (#691)
ERC20._transfer(address,address,uint256) (#680-695) performs a multiplication on the result of a division:
-burned += amount.div(100).mul(6) (#692)
Consider ordering multiplication before division.

Additional information: link

BridgeSporeBSC.changeFees(uint256) (#225-227) should emit an event for:
- fees = newFees (#226)
Emit an event for critical parameter changes.

Additional information: link

Context._msgData() (#94-97) is never used and should be removed
SafeMath.add(uint256,uint256) (#314-316) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#412-417) is never used and should be removed
SafeMath.mod(uint256,uint256) (#372-374) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#434-439) is never used and should be removed
SafeMath.sub(uint256,uint256) (#328-330) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (#389-394) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (#243-249) is never used and should be removed
SafeMath.tryDiv(uint256,uint256) (#285-290) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (#297-302) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (#268-278) is never used and should be removed
SafeMath.trySub(uint256,uint256) (#256-261) is never used and should be removed
Remove unused functions.

Additional information: link

Pragma version^0.8.0 (#1) allows old versions
Pragma version^0.8.0 (#78) allows old versions
Pragma version^0.8.0 (#86) allows old versions
solc-0.8.0 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

SporeBSC (#778-800) should inherit from IToken (#80-83)
Inherit from the missing interface or contract.

Additional information: link

Redundant expression "this (#95)" inContext (#89-98)
Remove redundant statements if they congest code but offer no value.

Additional information: link

SporeBSC.constructor(string,string).name (#781) shadows:
- ERC20.name() (#529-531) (function)
- IERC20Metadata.name() (#451) (function)
SporeBSC.constructor(string,string).symbol (#781) shadows:
- ERC20.symbol() (#537-539) (function)
- IERC20Metadata.symbol() (#456) (function)
Rename the local variables that shadow another component.

Additional information: link

SporeBSC.updateAdmin(address).newAdmin (#785) lacks a zero-check on :
- admin = newAdmin (#787)
Check that the address is not zero.

Additional information: link

Reentrancy in BridgeSporeBSC.burn(address,uint256) (#176-190):
External calls:
- token.burn(msg.sender,amount) (#179)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#178)
State variables written after the call(s):
- nonce ++ (#189)
Reentrancy in BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207):
External calls:
- token.burn(msg.sender,amount) (#196)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#195)
State variables written after the call(s):
- nonce ++ (#206)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in BridgeSporeBSC.burn(address,uint256) (#176-190):
External calls:
- token.burn(msg.sender,amount) (#179)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#178)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,0,Step.Burn) (#180-188)
Reentrancy in BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207):
External calls:
- token.burn(msg.sender,amount) (#196)
External calls sending eth:
- address(admin).transfer(address(this).balance) (#195)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,percent,Step.BurnAndSwap) (#197-205)
Reentrancy in BridgeSporeBSC.mint(address,uint256,uint256) (#209-223):
External calls:
- token.mint(to,amount) (#213)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,otherChainNonce,0,Step.Mint) (#214-222)
Apply the check-effects-interactions pattern.

Additional information: link

BridgeSporeBSC.mint(address,uint256,uint256) (#209-223) compares to a boolean constant:
-require(bool,string)(processedNonces[otherChainNonce] == false,transfer already processed) (#211)
Remove the equality to the boolean constant.

Additional information: link

owner() should be declared external:
- Ownable.owner() (#117-119)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#136-139)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#145-149)
name() should be declared external:
- ERC20.name() (#529-531)
symbol() should be declared external:
- ERC20.symbol() (#537-539)
decimals() should be declared external:
- ERC20.decimals() (#554-556)
totalSupply() should be declared external:
- ERC20.totalSupply() (#561-563)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (#568-570)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#580-583)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#588-590)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#599-602)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#617-625)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#639-642)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#658-664)
Use the external attribute for functions never called from the contract.

Additional information: link

Reentrancy in BridgeSporeBSC.burn(address,uint256) (#176-190):
External calls:
- address(admin).transfer(address(this).balance) (#178)
State variables written after the call(s):
- nonce ++ (#189)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,0,Step.Burn) (#180-188)
Reentrancy in BridgeSporeBSC.burnAndSwap(address,uint256,uint256) (#192-207):
External calls:
- address(admin).transfer(address(this).balance) (#195)
State variables written after the call(s):
- nonce ++ (#206)
Event emitted after the call(s):
- Transfer(msg.sender,to,amount,block.timestamp,nonce,percent,Step.BurnAndSwap) (#197-205)
Apply the check-effects-interactions pattern.

Additional information: link

Holders:
No disclosed threats


Last post in Twitter was more than 30 days ago

Search:


Unable to find audit link on the website


Unable to find whitepaper link on the website

No disclosed threats

Anti-Scam Checks

Price for SPORE

News for SPORE