BNB Chain - Security Smart Contract Audit

Summary

The Binance Coin (BNB) token, initially issued as an exchange token by Binance, is the native asset of the BNB Beacon Chain and the BNB Smart Chain. BNB was migrated to BNB Beacon Chain in 2019 and became the utility token and native main asset of the Beacon Chain under the BEP-2 token standard. In 2020, BNB was migrated to the BNB Smart Chain and became the utility token and native main asset of the BNB Smart Chain under the BEP-20 token standard, which shares similarities to the ERC-20 standard for fungible tokens.

Project

BNB

Multi-Chain

No active critical issues

Last audited on 2023/02/03

Auditor

1325 audits on Trustblock

Multi-Tags

Issues (8)

	Low	Medium	High	Critical	Total
Not fixed	7	-	1	-	8
Fixed	-	-	-	-	0
Total	7	0	1	0	8

Centralization Risks in BGBPToken

not_fixed/high

In the contract `BGBPToken` the role `_owner` has authority over the functions shown in the diagrams below. Any compromise to the `_owner` account may allow the hacker to take advantage of this authority and modify the owner, manipulate the blacklist, deprecate the token for a new one, etc.
![](https://accelerator-tasks-prod.acc.corp.certik.com/d67a2dedb0be470cb136e95fe67ed223/diagrams/centralization_BGBPToken-BGBPToken-_owner.svg)

![](https://accelerator-tasks-prod.acc.corp.certik.com/d67a2dedb0be470cb136e95fe67ed223/diagrams/centralization_BGBPToken-BlackListableToken-_owner.svg)

![](https://accelerator-tasks-prod.acc.corp.certik.com/d67a2dedb0be470cb136e95fe67ed223/diagrams/centralization_BGBPToken-Ownable-_owner.svg)

Pull-Over-Push Pattern

not_fixed/low


The change of the contract's owner overrides the previously set owner with the new one without guaranteeing the new owner is able to actuate transactions on-chain.

Redundant Code Components

not_fixed/low


The linked statements do not affect the functionality of the codebase and appear to be either leftovers from test code or older functionality.

Shadowing Local Variable

not_fixed/low

A local variable is shadowing another component defined elsewhere.

```solidity=769
 function allowance(address _owner, address _spender) public view returns (uint256 remaining) {
```
- Local variable `_owner` in `BGBPToken.allowance()` shadows the variable `_owner` in `Ownable`.

Solidity Version Not Recommended

not_fixed/low

Solidity frequently releases new compiler versions. Using an old version prevents access to new Solidity security features. We also recommend avoiding complex `pragma` statements.

The pragma statement in use allows old versions:

```solidity=1
pragma solidity 0.5.8;
```

Typos in Comments

not_fixed/low


There are some typos in the comments.

User-Defined Getters

not_fixed/low


The linked functions are equivalent to the compiler-generated getter functions for the respective variables.

Variables That Could Be Declared as Immutable

not_fixed/low


The linked variables assigned in the constructor can be declared as `immutable`. Immutable state variables can be assigned during contract creation but will remain constant throughout the lifetime of a deployed contract. A big advantage of immutable variables is that reading them is significantly cheaper than reading from regular state variables since they will not be stored in storage.

Contract (1)

#	Chain	Address	Scanner
1	Ethereum	0xc9a2c4868f0f96faaa739b59934dc9cb304112ec	Check on Etherscan

BNB Chain - BGBP (refreshed)

Summary

Issues (8)

Contract (1)