WingStep is a Web3-based fitness and health tracking mobile app with integrated NFT gaming and social media elements, where users can earn rewards by walking, jogging, gym and other activities.
Variable 'ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool).slot (#448)' in ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool) (#437-455) potentially used before declaration: require(bool,string)(slot == _IMPLEMENTATION_SLOT,ERC1967Upgrade: unsupported proxiableUUID) (#449)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
Reentrancy in TransparentUpgradeableProxy.constructor(address,address,bytes) (#701-708):
External calls:
- ERC1967Proxy(_logic,_data) (#705)
- Address.functionDelegateCall(newImplementation,data) (#428)
- (success,returndata) = target.delegatecall(data) (#281)
Event emitted after the call(s):
- AdminChanged(_getAdmin(),newAdmin) (#490)
- _changeAdmin(admin_) (#707)
Apply the check-effects-interactions pattern.
Additional information: link
StorageSlot.getAddressSlot(bytes32) (#55-59) uses assembly
- INLINE ASM (#56-58)
StorageSlot.getBooleanSlot(bytes32) (#64-68) uses assembly
- INLINE ASM (#65-67)
StorageSlot.getBytes32Slot(bytes32) (#73-77) uses assembly
- INLINE ASM (#74-76)
StorageSlot.getUint256Slot(bytes32) (#82-86) uses assembly
- INLINE ASM (#83-85)
Address.verifyCallResult(bool,bytes,string) (#291-311) uses assembly
- INLINE ASM (#303-306)
Proxy._delegate(address) (#566-589) uses assembly
- INLINE ASM (#567-588)
Do not use evm assembly.
Additional information: link
Different versions of Solidity is used:
- Version used: ['0.8.10', '^0.8.0', '^0.8.1', '^0.8.2']
- ^0.8.0 (#7)
- ^0.8.1 (#94)
- ^0.8.0 (#319)
- ^0.8.0 (#342)
- ^0.8.2 (#361)
- ^0.8.0 (#548)
- ^0.8.0 (#637)
- 0.8.10 (#672)
Use one Solidity version.
Additional information: link
TransparentUpgradeableProxy (#696-786) should inherit from IBeacon (#347-354)
Inherit from the missing interface or contract.
Additional information: link
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool).slot (#448) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
ERC1967Upgrade._upgradeToAndCall(address,bytes,bool) (#421-430) ignores return value by Address.functionDelegateCall(newImplementation,data) (#428)
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool) (#437-455) ignores return value by IERC1822Proxiable(newImplementation).proxiableUUID() (#448-452)
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (#530-540) ignores return value by Address.functionDelegateCall(IBeacon(newBeacon).implementation(),data) (#538)
Ensure that all the return values of the function calls are used.
Additional information: link
Modifier TransparentUpgradeableProxy.ifAdmin() (#713-719) does not always execute _; or revert
All the paths in a modifier must execute _ or revert.
Additional information: link
Address.functionCall(address,bytes) (#175-177) is never used and should be removed
Address.functionCall(address,bytes,string) (#185-191) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#204-210) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#218-229) is never used and should be removed
Address.functionStaticCall(address,bytes) (#237-239) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#247-256) is never used and should be removed
Address.sendValue(address,uint256) (#150-155) is never used and should be removed
ERC1967Upgrade._getBeacon() (#508-510) is never used and should be removed
ERC1967Upgrade._setBeacon(address) (#515-522) is never used and should be removed
ERC1967Upgrade._upgradeBeaconToAndCall(address,bytes,bool) (#530-540) is never used and should be removed
ERC1967Upgrade._upgradeToAndCallUUPS(address,bytes,bool) (#437-455) is never used and should be removed
Proxy._implementation() (#595) is never used and should be removed
StorageSlot.getBooleanSlot(bytes32) (#64-68) is never used and should be removed
StorageSlot.getBytes32Slot(bytes32) (#73-77) is never used and should be removed
StorageSlot.getUint256Slot(bytes32) (#82-86) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#7) allows old versions
Pragma version^0.8.1 (#94) allows old versions
Pragma version^0.8.0 (#319) allows old versions
Pragma version^0.8.0 (#342) allows old versions
Pragma version^0.8.2 (#361) allows old versions
Pragma version^0.8.0 (#548) allows old versions
Pragma version^0.8.0 (#637) allows old versions
Pragma version0.8.10 (#672) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.10 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#150-155):
- (success) = recipient.call{value: amount}() (#153)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#218-229):
- (success,returndata) = target.call{value: value}(data) (#227)
Low level call in Address.functionStaticCall(address,bytes,string) (#247-256):
- (success,returndata) = target.staticcall(data) (#254)
Low level call in Address.functionDelegateCall(address,bytes,string) (#274-283):
- (success,returndata) = target.delegatecall(data) (#281)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank