Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 3 | - | 2 | - | 5 |
Fixed | - | - | - | - | 0 |
| Total | 3 | 0 | 2 | 0 | 5 |
not_fixed/high
In the contract `BeNFT` the role `_owner` has authority over the functions shown in the diagram below.  - `Burn(uint256 _amount)`: This function burns a specified amount of tokens from the contract's owner's balance. It can only be called by the owner of the contract. --- In the contract `Ownable` the role `_owner` has authority over the functions shown in the diagram below.  - `lock()`: This function locks the contract for the owner. Only the owner of the contract can call this function. - `unlock()`: This function unlocks the contract for the owner. It can only be called by the owner of the contract. - `includeListed(address account)`: This function includes an account in the `_list` mapping. It can only be called by the owner of the contract. - `excludeListed(address account)`: This function removes an account from the `_list` mapping. It can only be called by the owner of the contract. - `checkBlackList(address account)`: This function checks if an account is in the `_list` mapping. It can only be called by the owner of the contract. Any compromise to the `_owner` account may allow the hacker to take advantage of this authority and update the sensitive settings and execute sensitive functions of the project.
not_fixed/high
All `$BeAI` tokens are sent to the contract deployer when deploying the contract. This is a potential centralization risk as the deployer can distribute `$BeAI` tokens without the consensus of the community.
not_fixed/low
State variables that never change should be declared as `constant` to save gas. ```solidity=482 string private _name = "BeNFT AI"; ``` - `_name` should be declared `constant`. --- ```solidity=483 string private _symbol = "$BeAI"; ``` - `_symbol` should be declared `constant`. --- ```solidity=484 uint8 private _decimals = 9; ``` - `_decimals` should be declared `constant`.
not_fixed/low
The `SafeMath` library is used unnecessarily. With Solidity compiler versions 0.8.0 or newer, arithmetic operations will automatically revert in case of integer overflow or underflow. ```solidity=100 library SafeMath { ``` - An implementation of `SafeMath` library is found. --- ```solidity=478 using SafeMath for uint256; ``` - `SafeMath` library is used for `uint256` type in `BeNFT` contract. ```solidity=545 _approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "Transfer amount exceeds allowance")); ``` - `SafeMath.sub` is called in `transferFrom` function of `BeNFT` contract. *Note: Only a sample of 2 `SafeMath` library usage in this contract (out of 4) are shown above.*
not_fixed/low
The linked variables assigned in the constructor can be declared as `immutable`. Immutable state variables can be assigned during contract creation but will remain constant throughout the lifetime of a deployed contract. A big advantage of immutable variables is that reading them is significantly cheaper than reading from regular state variables since they will not be stored in storage.