Read the findings of the 2022 Web3 Security Report

The contract contains unlocked compiler versions. An unlocked compiler version in the contract's source  code permits the user to compile it at or above a particular version. This, in turn, leads to differences in the generated bytecode between compilations due to differing compiler version numbers. This can lead to ambiguity when debugging as compiler-specific bugs may occur in the codebase that would be difficult to identify over a span of multiple compiler versions rather than a specific one.

Unlocked Compiler Version

Addresses should be checked before assigning to make sure they are not zero addresses.

Lack of Zero Address Validation

`1e27` tokens were sent to the `account` when deploying the contract. 
This could be a centralization risk as the deployer can distribute tokens without obtaining the consensus of the community.

Initial Token Distribution

The linked variable declaration does not have a visibility specifier explicitly set.

Visibility Specifiers Missing

The variables `nftAddress`,`buyNftAddress`, `colWallAddress`, `poolWallAddress` and `version` are unchanged throughout the contract.

Set `constant` to Variables

Functions that affect the status of sensitive variables should be able to emit events as notifications to customers.

Missing Emit Events

The `typeId`,`maxAmount` and `busdTicket` variables are not used in the contract.

Unused  Variables

In the line 331 already requires `_tempQuaType` to be greater than 0. So the `_tempQuaType !=0` condition is always true.

Redundant Code

The return value of the function is not properly handled.

Return Value Not Handled

In the line 343, `_tokenId` is always 0. In fact, the contract already provides the function `getNewTokenId()` to get new token id. So the `getNewTokenId()` should be used.

Get New Token Id

In the aforementioned lines, the `result2` returns the remainder of dividing the `result2` and `10000`. So `mod()` of `SafeMath` could be used to simply the logic.

Simplifying Existing Codes

The variable `_poolFree` should be less than or equal to 100.

Lack of Input Validation

`require` can be used to check for conditions and throw an exception if the condition is not met, in which case the descriptive error message provided by the developer will appear and help to tracking error and debugging.

Lack of Error Message

`public` functions that are never called by the contract could be declared `external`. When the inputs are arrays, `external` functions are more efficient than `public` functions.

Function Visibility Optimization

The variable `owner` is only changed once in the `constructor` function.

Set `immutable` to Variables

According to the current logic, all tokens would be transferred to the `colWallAddress` if `poolFree == 0`.
Otherwise, the `poolFree` percent of tokens should be transferred to the `colWallAddress` and the remaining tokens to the `poolWallAddress`. However，the `poolFree` percent of tokens would be transferred to the `poolWallAddress` and the remaining tokens to the `colWallAddress`.
Precision could be tricky and the remaining tokens are best calculated with subtraction.

Transfer Incorrect Tokens To `poolWallAddress`

The contract `Ownable` is declared but never used.

Unused Contract

Use `require` Instead Of `if`

 It is now well understood that the difficulty or timestamp is not a source of randomness. They can be manipulated if the attacker is also a miner.

Risk For Weak Randomness

The `owner` has the responsibility to notify users about the following capabilities:
- Set the address of the manager through `setManager()`

The `manager` has the responsibility to notify users about the following capabilities:
- transfer tokens to any address through `withOtherERC20()`

Any compromise to the `owner`/`manager` account may allow a hacker to take advantage of this authority.

Centralization Related Risks

The contract is serving as the underlying entity to interact with third-party protocols, including:
- `IERC20.mint()`
- `IERC20.viewTokenID()`

Third Party Dependencies

The comment statement contains a typo in its body, namely `enght`.

Typo

The condition `result2 >= 9700 && result2 <= 9999` can be included in `result2 >= 9501 && result2 <= 9999`.
The condition `result2 >= 992 && result2 <= 999` can be included in `result2 >= 0 && result2 <= 5555`.

Redundant code

There are many hardcode addresses in this codebase.

Hardcode Address

The `totalSaleAmount` appears to be a limit on the number of sales, but there is no function to use it in the contract except to set.

WonderfulDay

Highlights & Alerts

This is just a placeholder

highlight placeholder lorem Ipsum...

highlight lorem

This is a alert demo

Alert demo

Code Audit History

25

0

20

0

5