Xion is the next generation of payment portals. Bringing cross chain decentralised payments, loyalty and financial rewards to a global commerce industry.
Problem: high transaction/gas fees, lack of loyalty programs, locked sales revenue and merchant underwriting processes.
Solution: 0% transaction fees(micro transactions), 100% cashback rewards, loyalty programs, own access to funds and instant time to market.
It is the first ever cross-chain decentralized e-commerce and finance ecosystem that allows users to intuitively earn passive income, trading fees and cashback on their purchases.
This coupled with our all-star team with 30+ years of marketing experience, positions Xion to disrupt the payment system industry and become a true leader in the space.
Think ‘Stripe’ for web3.
Backed by industry leading experts: CertiK, GD10, Lupa X, Metrix Capital, SkyVision Capital, DarkPool liquidity, Twin Apex, Tokenova and more!
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
XGTTokenOutpost.changeHomeBridge(address)._newHomeBridge (#996) lacks a zero-check on :
- homeBridge = _newHomeBridge (#997)
Check that the address is not zero.
Additional information: link
XGTTokenOutpost (#937-1081) should inherit from IXGTTokenBridge (#914-924)
Inherit from the missing interface or contract.
Additional information: link
Reentrancy in XGTTokenOutpost.incomingTransfer(address,uint256,uint256) (#1005-1019):
External calls:
- require(bool,string)(messageBridge.messageSender() == homeBridge,XGT-NOT-HOME-BRIDGE-CONTRACT) (#1011-1014)
State variables written after the call(s):
- _mint(_user,_amount) (#1017)
- _balances[account] = _balances[account].add(amount) (#555)
- _mint(_user,_amount) (#1017)
- _totalSupply = _totalSupply.add(amount) (#554)
- incomingTransferExecuted[_nonce] = true (#1016)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in XGTTokenOutpost.incomingTransfer(address,uint256,uint256) (#1005-1019):
External calls:
- require(bool,string)(messageBridge.messageSender() == homeBridge,XGT-NOT-HOME-BRIDGE-CONTRACT) (#1011-1014)
Event emitted after the call(s):
- IncomingTransfer(_user,_amount,_nonce) (#1018)
- Transfer(address(0),account,amount) (#556)
- _mint(_user,_amount) (#1017)
Reentrancy in XGTTokenOutpost.outgoingTransfer(uint256,address) (#1029-1051):
External calls:
- messageBridge.requireToPassMessage(homeBridge,data,crossChainCallGas) (#1044)
Event emitted after the call(s):
- OutgoingTransfer(msg.sender,_recipient,_amount,outgoingTransferNonce) (#1045-1050)
Apply the check-effects-interactions pattern.
Additional information: link
Different versions of Solidity are used:
- Version used: ['0.7.6', '>=0.6.0<0.8.0', '^0.7.0']
- ^0.7.0 (#4)
- >=0.6.0<0.8.0 (#220)
- ^0.7.0 (#246)
- ^0.7.0 (#325)
- ^0.7.0 (#632)
- ^0.7.0 (#675)
- ^0.7.0 (#744)
- ^0.7.0 (#808)
- 0.7.6 (#898)
- 0.7.6 (#912)
- 0.7.6 (#928)
Use one Solidity version.
Additional information: link
SafeMath.mul(uint256,uint256) (#117-122) is never used and should be removed
SafeMath.tryDiv(uint256,uint256) (#61-64) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (#71-74) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (#25-29) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#211-214) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#191-194) is never used and should be removed
ERC20._setupDecimals(uint8) (#608-610) is never used and should be removed
Context._msgData() (#237-240) is never used and should be removed
SafeMath.mod(uint256,uint256) (#153-156) is never used and should be removed
SafeMath.div(uint256,uint256) (#136-139) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (#46-54) is never used and should be removed
SafeMath.trySub(uint256,uint256) (#36-39) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.7.0 (#744) allows old versions
Pragma version^0.7.0 (#325) allows old versions
Pragma version^0.7.0 (#4) allows old versions
Pragma version^0.7.0 (#632) allows old versions
Pragma version^0.7.0 (#675) allows old versions
Pragma version>=0.6.0<0.8.0 (#220) is too complex
Pragma version^0.7.0 (#808) allows old versions
Pragma version^0.7.0 (#246) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Parameter XGTTokenOutpost.incomingTransfer(address,uint256,uint256)._nonce (#1008) is not in mixedCase
Parameter XGTTokenOutpost.changeHomeBridge(address)._newHomeBridge (#996) is not in mixedCase
Parameter XGTTokenOutpost.outgoingTransfer(uint256,address)._recipient (#1029) is not in mixedCase
Parameter XGTTokenOutpost.outgoingTransfer(uint256)._amount (#1021) is not in mixedCase
Parameter XGTTokenOutpost.incomingTransfer(address,uint256,uint256)._user (#1006) is not in mixedCase
Parameter XGTTokenOutpost.incomingTransfer(address,uint256,uint256)._amount (#1007) is not in mixedCase
Parameter XGTTokenOutpost.changeMessageBridge(address)._newMessageBridge (#991) is not in mixedCase
Parameter XGTTokenOutpost.setCrossChainGas(uint256)._gasAmount (#1001) is not in mixedCase
Parameter XGTTokenOutpost.outgoingTransfer(uint256,address)._amount (#1029) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#238)" inContext (#232-241)
Remove redundant statements if they congest code but offer no value.
Additional information: link
XGTTokenOutpost.slitherConstructorVariables() (#937-1081) uses literals with too many digits:
- crossChainCallGas = 300000 (#943)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
burnFrom(address,uint256) should be declared external:
- ERC20Burnable.burnFrom(address,uint256) (#664-669)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#725-728)
decimals() should be declared external:
- ERC20.decimals() (#410-412)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#510-513)
symbol() should be declared external:
- ERC20.symbol() (#393-395)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (#424-426)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#491-494)
name() should be declared external:
- ERC20.name() (#385-387)
totalSupply() should be declared external:
- ERC20.totalSupply() (#417-419)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#455-458)
burn(uint256) should be declared external:
- ERC20Burnable.burn(uint256) (#649-651)
Use the external attribute for functions never called from the contract.
Additional information: link
Contract ownership is semi-renounced (passed to a contract)
Unable to find Youtube account