Rivalz Network is an AI-driven DePin RollApp for Personal Data Provenance. It provides a data source of verifiable personal, credential and behavioral data with embedded privacy and IP-rights. It is the first Player-to-AI network built on Dymension and powered by Celestia Labs.
Low | Medium | High | Critical | Total | |
---|---|---|---|---|---|
Not fixed | 1 | - | 2 | - | 3 |
Fixed | - | - | - | - | 0 |
Total | 1 | 0 | 2 | 0 | 3 |
not_fixed/high
The `RivalzToken` contract inherits from `Ownable.sol`, the `_owner` has authority over the following functions: - `renounceOwnership`: Leaves the contract without owner. - `transferOwnership`: Transfers ownership of the contract to a new account (`newOwner`). Any compromise of the `_owner` account could allow an attacker to exploit this authority, potentially removing the current owner or transferring ownership to a malicious account.
not_fixed/high
All of the `RIZ` tokens are sent to the contract deployer. This is a centralization risk because the deployer can distribute tokens without obtaining the consensus of the community. Any compromise to the deployer's account may allow a hacker to steal and sell tokens on the market, resulting in severe damage to the project.
not_fixed/low
The compiler for Solidity 0.8.20 switches the default target EVM version to [Shanghai](https://blog.soliditylang.org/2023/05/10/solidity-0.8.20-release-announcement/#important-note), which includes the new `PUSH0` opcode. The compiler for Solidity [0.8.20+](https://github.com/ethereum/solidity/releases) did not remove the `PUSH0` opcode. This opcode may not yet be supported on all chains, leading to failed deployments. To work around this issue, use an earlier [EVM](https://docs.soliditylang.org/en/v0.8.20/using-the-compiler.html?ref=zaryabs.com#setting-the-evm-version-to-target) [version](https://book.getfoundry.sh/reference/config/solidity-compiler#evm_version).
# | File Name |
---|---|
1 | Riz.sol |