pSTAKE is a Liquid staking protocol that unlocks liquidity for your staked assets. With pSTAKE, you can securely stake your Proof-of-Stake (PoS) assets, participate in protocol improvements and security to earn staking rewards, and receive staked underlying representative tokens (stkASSETs) which can be used to explore additional yield opportunities across DeFi.
At present, pSTAKE supports Binance ($BNB), Cosmos ($ATOM), Persistence ($XPRT) and Ethereum ($ETH) networks’ native tokens, with a view to support more chains and assets in the future.
Contract ownership is not renounced (belongs to a wallet)
Reentrancy in ERC777._burn(address,uint256,bytes,bytes) (@openzeppelin/contracts/token/ERC777/ERC777.sol#389-413):
External calls:
- _callTokensToSend(operator,from,address(0),amount,data,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#399)
- IERC777Sender(implementer).tokensToSend(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#472)
State variables written after the call(s):
- _balances[from] = fromBalance - amount (@openzeppelin/contracts/token/ERC777/ERC777.sol#407)
- _totalSupply -= amount (@openzeppelin/contracts/token/ERC777/ERC777.sol#409)
Reentrancy in ERC777._send(address,address,uint256,bytes,bytes,bool) (@openzeppelin/contracts/token/ERC777/ERC777.sol#362-380):
External calls:
- _callTokensToSend(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#375)
- IERC777Sender(implementer).tokensToSend(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#472)
State variables written after the call(s):
- _move(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#377)
- _balances[from] = fromBalance - amount (@openzeppelin/contracts/token/ERC777/ERC777.sol#428)
- _balances[to] += amount (@openzeppelin/contracts/token/ERC777/ERC777.sol#430)
Reentrancy in StakedBNBToken.constructor(IAddressStore) (contracts/StakedBNBToken.sol#54-59):
External calls:
- ERC777(Staked BNB,stkBNB,new address[](0)) (contracts/StakedBNBToken.sol#55)
- _ERC1820_REGISTRY.setInterfaceImplementer(address(this),keccak256(bytes)(ERC777Token),address(this)) (@openzeppelin/contracts/token/ERC777/ERC777.sol#74)
- _ERC1820_REGISTRY.setInterfaceImplementer(address(this),keccak256(bytes)(ERC20Token),address(this)) (@openzeppelin/contracts/token/ERC777/ERC777.sol#75)
State variables written after the call(s):
- _addressStore = addressStore_ (contracts/StakedBNBToken.sol#58)
- BEP20(msg.sender) (contracts/StakedBNBToken.sol#56)
- _owner = owner (contracts/abstract/BEP20.sol#44)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in ERC777._burn(address,uint256,bytes,bytes) (@openzeppelin/contracts/token/ERC777/ERC777.sol#389-413):
External calls:
- _callTokensToSend(operator,from,address(0),amount,data,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#399)
- IERC777Sender(implementer).tokensToSend(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#472)
Event emitted after the call(s):
- Burned(operator,from,amount,data,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#411)
- Transfer(from,address(0),amount) (@openzeppelin/contracts/token/ERC777/ERC777.sol#412)
Reentrancy in ERC777._mint(address,uint256,bytes,bytes,bool) (@openzeppelin/contracts/token/ERC777/ERC777.sol#330-351):
External calls:
- _callTokensReceived(operator,address(0),account,amount,userData,operatorData,requireReceptionAck) (@openzeppelin/contracts/token/ERC777/ERC777.sol#347)
- IERC777Recipient(implementer).tokensReceived(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#498)
Event emitted after the call(s):
- Minted(operator,account,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#349)
- Transfer(address(0),account,amount) (@openzeppelin/contracts/token/ERC777/ERC777.sol#350)
Reentrancy in ERC777._send(address,address,uint256,bytes,bytes,bool) (@openzeppelin/contracts/token/ERC777/ERC777.sol#362-380):
External calls:
- _callTokensToSend(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#375)
- IERC777Sender(implementer).tokensToSend(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#472)
Event emitted after the call(s):
- Sent(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#432)
- _move(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#377)
- Transfer(from,to,amount) (@openzeppelin/contracts/token/ERC777/ERC777.sol#433)
- _move(operator,from,to,amount,userData,operatorData) (@openzeppelin/contracts/token/ERC777/ERC777.sol#377)
Apply the check-effects-interactions pattern.
Additional information: link
Address.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#201-221) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#213-216)
Do not use evm assembly.
Additional information: link
Different versions of Solidity is used:
- Version used: ['^0.8.0', '^0.8.1', '^0.8.7']
- ^0.8.0 (@openzeppelin/contracts/security/Pausable.sol#4)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#4)
- ^0.8.0 (@openzeppelin/contracts/token/ERC777/ERC777.sol#4)
- ^0.8.0 (@openzeppelin/contracts/token/ERC777/IERC777.sol#4)
- ^0.8.0 (@openzeppelin/contracts/token/ERC777/IERC777Recipient.sol#4)
- ^0.8.0 (@openzeppelin/contracts/token/ERC777/IERC777Sender.sol#4)
- ^0.8.1 (@openzeppelin/contracts/utils/Address.sol#4)
- ^0.8.0 (@openzeppelin/contracts/utils/Context.sol#4)
- ^0.8.0 (@openzeppelin/contracts/utils/introspection/IERC1820Registry.sol#4)
- ^0.8.7 (contracts/StakedBNBToken.sol#3)
- ^0.8.7 (contracts/abstract/BEP20.sol#3)
- ^0.8.7 (contracts/interfaces/IAddressStore.sol#3)
- ^0.8.7 (contracts/interfaces/IBEP20.sol#3)
- ^0.8.7 (contracts/interfaces/IStakedBNBToken.sol#3)
Use one Solidity version.
Additional information: link
Address.functionCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#85-87) is never used and should be removed
Address.functionCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#95-101) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts/utils/Address.sol#114-120) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#128-139) is never used and should be removed
Address.functionDelegateCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#174-176) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#184-193) is never used and should be removed
Address.functionStaticCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#147-149) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#157-166) is never used and should be removed
Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#60-65) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#201-221) is never used and should be removed
Context._msgData() (@openzeppelin/contracts/utils/Context.sol#21-23) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (@openzeppelin/contracts/security/Pausable.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC777/ERC777.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC777/IERC777.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC777/IERC777Recipient.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC777/IERC777Sender.sol#4) allows old versions
Pragma version^0.8.1 (@openzeppelin/contracts/utils/Address.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/Context.sol#4) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/introspection/IERC1820Registry.sol#4) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#60-65):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts/utils/Address.sol#63)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#128-139):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts/utils/Address.sol#137)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#157-166):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts/utils/Address.sol#164)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#184-193):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts/utils/Address.sol#191)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable BEP20._owner (contracts/abstract/BEP20.sol#13) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable ERC777._defaultOperators (@openzeppelin/contracts/token/ERC777/ERC777.sol#48) is too similar to ERC777.constructor(string,string,address[]).defaultOperators_ (@openzeppelin/contracts/token/ERC777/ERC777.sol#63)
Variable StakedBNBToken._addressStore (contracts/StakedBNBToken.sol#28) is too similar to StakedBNBToken.constructor(IAddressStore).addressStore_ (contracts/StakedBNBToken.sol#54)
Prevent variables from having similar names.
Additional information: link
name() should be declared external:
- ERC777.name() (@openzeppelin/contracts/token/ERC777/ERC777.sol#81-83)
symbol() should be declared external:
- ERC777.symbol() (@openzeppelin/contracts/token/ERC777/ERC777.sol#88-90)
decimals() should be declared external:
- ERC777.decimals() (@openzeppelin/contracts/token/ERC777/ERC777.sol#98-100)
granularity() should be declared external:
- ERC777.granularity() (@openzeppelin/contracts/token/ERC777/ERC777.sol#107-109)
send(address,uint256,bytes) should be declared external:
- ERC777.send(address,uint256,bytes) (@openzeppelin/contracts/token/ERC777/ERC777.sol#130-136)
transfer(address,uint256) should be declared external:
- ERC777.transfer(address,uint256) (@openzeppelin/contracts/token/ERC777/ERC777.sol#146-149)
authorizeOperator(address) should be declared external:
- ERC777.authorizeOperator(address) (@openzeppelin/contracts/token/ERC777/ERC777.sol#173-183)
revokeOperator(address) should be declared external:
- ERC777.revokeOperator(address) (@openzeppelin/contracts/token/ERC777/ERC777.sol#188-198)
defaultOperators() should be declared external:
- ERC777.defaultOperators() (@openzeppelin/contracts/token/ERC777/ERC777.sol#203-205)
operatorSend(address,address,uint256,bytes,bytes) should be declared external:
- ERC777.operatorSend(address,address,uint256,bytes,bytes) (@openzeppelin/contracts/token/ERC777/ERC777.sol#212-221)
approve(address,uint256) should be declared external:
- ERC777.approve(address,uint256) (@openzeppelin/contracts/token/ERC777/ERC777.sol#257-261)
transferFrom(address,address,uint256) should be declared external:
- ERC777.transferFrom(address,address,uint256) (@openzeppelin/contracts/token/ERC777/ERC777.sol#275-284)
Use the external attribute for functions never called from the contract.
Additional information: link
BscScan page for the token does not contain additional info: website, socials, description, etc.
Additional information: link
Unable to find KYC or doxxing proof
Unable to verify token contract address on the website
Token is not listed at Mobula.Finance
Additional information: link
Unable to find token on CoinHunt
Additional information: link
Unable to find code repository for the project
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token is relatively young, but twitter if very old (probably it's fake).
Unable to find Blog account (Reddit or Medium)