UnitedCrowd - Asset Tokenization as a Service
By modelling financial products on the blockchain, UnitedCrowd offers innovative solutions for raising and investing capital. These blockchain-based solutions have decisive advantages for investors and companies alike: The costs of raising capital decrease significantly, intermediaries are reduced, investment options can be offered worldwide and international investors can be acquired. Payments and processes are transparent, automated and secure. Access restrictions are reduced and new markets can be opened up. Investors benefit from access to fractional ownership and are no longer dependent on middlemen to build and manage their portfolios.
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
removeLock(address) should be declared external:
- UCToken.removeLock(address) (contracts/UCToken.sol#139-148)
Use the external attribute for functions never called from the contract.
Additional information: link
AccessControlEnumerable._setupRole(bytes32,address) (@openzeppelin/contracts/access/AccessControlEnumerable.sol#83-86) ignores return value by _roleMembers[role].add(account) (@openzeppelin/contracts/access/AccessControlEnumerable.sol#85)
Ensure that all the return values of the function calls are used.
Additional information: link
UCToken.isLocked(address) (contracts/UCToken.sol#135-137) uses timestamp for comparisons
Dangerous comparisons:
- _locks[beneficiary] > block.timestamp (contracts/UCToken.sol#136)
Avoid relying on block.timestamp.
Additional information: link
console._sendLogPayload(bytes) (hardhat/console.sol#7-14) uses assembly
- INLINE ASM (hardhat/console.sol#10-13)
Do not use evm assembly.
Additional information: link
Different versions of Solidity is used:
- Version used: ['>=0.4.22<0.9.0', '>=0.8.0<0.9.0', '^0.8.0']
- ^0.8.0 (@openzeppelin/contracts/access/AccessControl.sol#3)
- ^0.8.0 (@openzeppelin/contracts/access/AccessControlEnumerable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/security/Pausable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/ERC20.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/ERC20Pausable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/Context.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/Strings.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/introspection/ERC165.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/introspection/IERC165.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#3)
- >=0.8.0<0.9.0 (contracts/UCToken.sol#2)
- >=0.4.22<0.9.0 (hardhat/console.sol#2)
Use one Solidity version.
Additional information: link
console.logUint(uint256) (hardhat/console.sol#24-26) is never used and should be removed
Remove unused functions.
Additional information: link
solc-0.8.3 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Contract console (hardhat/console.sol#4-1532) is not in CapWords
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (@openzeppelin/contracts/utils/Context.sol#21)" inContext (@openzeppelin/contracts/utils/Context.sol#15-24)
Remove redundant statements if they congest code but offer no value.
Additional information: link
console.slitherConstructorConstantVariables() (hardhat/console.sol#4-1532) uses literals with too many digits:
- CONSOLE_ADDRESS = address(0x000000000000000000636F6e736F6c652e6c6f67) (hardhat/console.sol#5)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
BscScan page for the token does not contain additional info: website, socials, description, etc.
Additional information: link
Unable to find token contract audit
Unable to find audit link on the website
Unable to find whitepaper link on the website
Unable to find Telegram link on the website
Unable to find token on CoinHunt
Additional information: link
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has a considerable age, but social accounts / website are missing or have few users
Young tokens have high risks of price dump / death
Token has relatively low CoinGecko rank
Twitter account link seems to be invalid
Unable to find Discord account