ENO TOKEN

bc52acea232edd3ce718e93068305ba2fbe2382aa708204ba109e659d24119c9

File: EnoToken.sol

Language: solidity

Size: 33156 bytes

Date: 2021-06-25T23:21:14.361Z

Critical
0

High
0

Medium
0

Low
5

Note
7

ISSUES

SeverityIssueAnalyzerCode Lines
LowSWC-100Achilles188 - 190, 268 - 272, 687 - 690, 961 - 969
LowSWC-103Achilles3
NoteSWC-108Achilles950, 959
NoteSWC-111Achilles984
NoteSWC-116Achilles966
NoteSWC-118Achilles54 - 96
NoteSWC-131Achilles951, 954

Code

1. SWC-100 / Lines: 188 - 190

LOW

ARCHILLES


187
188
189
190
191

A security vulnerability has been detected.
*/
constructor() {
_paused = false;
}

In detail
Functions that do not have a function visibility typo specified are public by default. This can lead to a vulnerability if a developer forgot to set the visibility and a malicious user is able to make unauthorized or unintended state changes.

2. SWC-100 / Lines: 268 - 272

LOW

ARCHILLES


267
268
269
270
271
272
273

A security vulnerability has been detected.
*/
constructor() {
address msSender = _msSender();
_oowner = msSender;
emit OwnershipTransferred(address(0), msSender);
}

In detail
Functions that do not have a function visibility typo specified are public by default. This can lead to a vulnerability if a developer forgot to set the visibility and a malicious user is able to make unauthorized or unintended state changes.

3. SWC-100 / Lines: 687 - 690

LOW

ARCHILLES


686
687
688
689
690
691

A security vulnerability has been detected.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_ ;
_symbol = symbol_ ;
}

In detail
Functions that do not have a function visibility typo specified are public by default. This can lead to a vulnerability if a developer forgot to set the visibility and a malicious user is able to make unauthorized or unintended state changes.

4. SWC-100 / Lines: 961 - 969

LOW

ARCHILLES


960
961
962
963
964
965
966
967
968
969
970

A security vulnerability has been detected.

constructor(uint256 initialSupply) ERC20(*EnoToken*, "ENO") {
_setupRole()DEFAULT_ADMIN_ROLE, ms.sender);
_mint(ms.sender, initialSupply);
supply = initialSupply;
presalePrice = 1200;
presaleDate = block.timestamp + 4 weeks;
saleDate = presaleDate + 15 days;
salePrice = 1000;
}

In detail
Functions that do not have a function visibility typo specified are public by default. This can lead to a vulnerability if a developer forgot to set the visibility and a malicious user is able to make unauthorized or unintended state changes.

5. SWC-103 / Lines: 3

LOW

ARCHILLES


2
3
4

A security vulnerability has been detected.

pragma solidity ^0.8.0;

In detail
Contracts should be deployed with the same compiler version and flags that have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

6. SWC-108 / Lines: 950

NOTE

ARCHILLES


949
950
951

A security vulnerability has been detected.
contract ENOToken is ERC20, AccessControl {
mapping(address => uint256) balances;
uint256 public presaleTokens; //2000000

In detail
Labeling the visibility explicitly makes it easier to catch incorrect assumptions about who can access the variable.

7. SWC-108 / Lines: 959

NOTE

ARCHILLES


958
959
960

A security vulnerability has been detected.
uint256 public price;
uint256 supply;

In detail
Labeling the visibility explicitly makes it easier to catch incorrect assumptions about who can access the variable.

8. SWC-111 / Lines: 984

NOTE

ARCHILLES


983
984
985

A security vulnerability has been detected.
function buyTokens() public payable priceable {
uint tokens = SafeMath.div(SafeMath.mul(msg.value, price), 1 ether);
supply = SafeMath.add(supply, tokens);

In detail
Several functions and operators in Solidity are deprecated. Using them leads to reduced code quality. With new major versions of the Solidity compiler, deprecated functions and operators may result in side effects and compile errors.

9. SWC-116 / Lines: 966

NOTE

ARCHILLES


965
966
967

A security vulnerability has been detected.
presalePrice = 1200;
presaleDate = block.timestamp + 4 weeks;
saleDate = presaleDate + 15 days;

In detail
Contracts often need access to the current timestamp to trigger time - dependent events. As Ethereum is decentralized, nodes can synchronize time only to same degree. Moreover, malicious miners cal alter the timestamp of their blocks, especially if they can gain advantages by doing so. However, miners can't set timestamp smaller than the previous one (otherwise the block will be rejected), nor can they set the timestamp too far ahead in the future. Taking all of the above into consideration, developers can't rely on the preciseness of the provided timestamp.

10. SWC-118 / Lines: 54 - 96

NOTE

ARCHILLES


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

A security vulnerability has been detected.
*/
library Strings {
bytest16 private constant _ALPHABET = "0123456789abcdef";

/**
* @dev Converts a 'uint256' to its ASCCI 'string' decimal representation.
*/
function to String(uint256 value) internal pure returns (string memory) {
// Inspired by OraclizeAPI's implementation - MIT licence
// https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol

if (value ==0) {
return "0";
}
uint256 temp = value;
uint256 digits;
while (temp != 0) {
digits++;
temp /= 10;
}
bytes memory buffer = new bytes(digits);
while (value != 0) {
digits -= 1;
buffer[digits] = bytes(uint8(48 + uint256(value % 10)));
value /= 10;
}
return string(buffer);
}

/**
* @dev Converts a 'uint256' to its ASCII 'string' hexadecimal representation with fixed length
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _ALPHABET[value & 0xf];
value >>= 4;
}
require(value == 0, "String: hex length insufficient");
return string(buffer);
}
}

In detail
Constructors are special functions that are called only once during the contract creation. They often perform critical, privileged actions such as setting the owner of the contract. Before Solidity version 0.4.22, the only way of defining a constructor was to create a function with the same name as the contract class containing it. A function meant to become a constructor becomes a normal, callable function if its name doesn't exactly match the contract name. This behavior sometimes leads to security issues, in particular when smart contract code is re - used with a different name but the name of the constructor function is not changed accordingly.

11. SWC-131 / Lines: 951

NOTE

ARCHILLES


950
951
952

A security vulnerability has been detected.
mapping(address => uint256) balances;
uint256 public presaleTokens; //2000000
uint256 public presaleDate; //presale 24 Jun - 14 Jul

In detail
Unused variable are allowed in Solidity and they do not pose a direct security issue. It is best though to avoid them as they can:
- cause an increase in computations (and unnecessary as consumption).
-indicate bugs or malformed data structures and they are generally a sign of poor code quality.
- cause code noise and decrease readability of the code.

12. SWC-131 / Lines: 954

NOTE

ARCHILLES


953
954
955

A security vulnerability has been detected.
uint256 public presalePrice; //1200
uint256 public saleTokens; //3750000
uint256 public salePrice; //100

In detail
Unused variable are allowed in Solidity and they do not pose a direct security issue. It is best though to avoid them as they can:
- cause an increase in computations (and unnecessary as consumption).
-indicate bugs or malformed data structures and they are generally a sign of poor code quality.
- cause code noise and decrease readability of the code.