BNB

In the contract `BNB`, the role `owner` has authority over the  function. Any compromise to the `owner` account may allow a hacker to take advantage of this authority and withdraw all BNB stored in the contract.

It is worth mentioning that no function to update the owner's address was found to be implemented.

Usage of `throw` should be replaced with `revert()`.

The `BNB` contract has some references to `ETH` instead of `BNB` even though it is deployed on the Binance Smart Chain (BSC).

Functions that update state variables should emit relevant events as notifications.

The linked statements do not affect the functionality of the codebase and appear to be either leftovers from test code or older functionality.

A user-defined component is shadowing a built-in symbol.

```solidity=31
  function assert(bool assertion) internal {
```
- Function `assert` is shadowing a built-in symbol.

Solidity frequently releases new compiler versions. Using an old version prevents access to new Solidity security features. We also recommend avoiding complex `pragma` statements.

The pragma statement in use allows old versions and it is not locked:

```solidity=1
pragma solidity ^0.4.8;
```

```solidity=89
  returns (bool success) {
```
- The function `approve` implicitly returns and never writes the return variable `success`.


---
```solidity=97
  function transferFrom(address _from, address _to, uint256 _value) returns (bool success) {
```
- The function `transferFrom` implicitly returns and never writes the return variable `success`.


---
```solidity=110
  function burn(uint256 _value) returns (bool success) {
```
- The function `burn` implicitly returns and never writes the return variable `success`.


---
```solidity=119
  function freeze(uint256 _value) returns (bool success) {
```
- The function `freeze` implicitly returns and never writes the return variable `success`.


---
```solidity=128
  function unfreeze(uint256 _value) returns (bool success) {
```
- The function `unfreeze` implicitly returns and never writes the return variable `success`.

It is not recommended to use Solidity's `transfer()` and `send()` functions for transferring ETH, since some contracts may not be able to receive the funds. Those functions forward only a fixed amount of gas (2300 specifically) and the receiving contracts may run out of gas before finishing the transfer. Also, EVM instructions' gas costs may increase in the future. Thus, some contracts that can receive now may stop working in the future due to the gas limitation.

```solidity=140
  owner.transfer(amount);
```
- `withdrawEther()` uses `transfer()`.

The linked variables assigned in the constructor can be declared as `immutable`. Immutable state variables can be assigned during contract creation but will remain constant throughout the lifetime of a deployed contract. A big advantage of immutable variables is that reading them is significantly cheaper than reading from regular state variables since they will not be stored in storage.