FXG Contract
- Address
- 0x106818f05f208219f45401c57509f14f39a57715
- Blockchain
- BSC
- Contract type
- BEP-20 (Token)
- Bundle
- Expert
- Date
- 2024-06-03 07:43
- Result
- Be cautious
We're doing our best to improve our services, but we can't guarantee 100% accuracy.
Always be careful with your investments, the displayed information are not and cannot be considered financial advices.
Do your own research.
Security Checks
Checks if code is published and verified on a platform like Etherscan.
When code is not verified, it means that author wants to hide smart contract code for some reason.
Verified code is more trustworthy and can be reviewed by our more advanced methods.
Checks if contract is blacklisted on DappRadar.
DappRadar is a platform that lists smart contracts and their statistics.
If contract is blacklisted, it means that it is a scam or has some other issues.
Honeypots are smart contracts that are designed to trick users into losing their funds.
This smart contract is probably a honeypot.
This smart contract is probably a honeypot.
A reentrancy attack can occur when a smart contract sends Ether as a result of a function call.
In Ethereum, the most common way to send Ether triggers fallback functions in the receiver's contract.
If the sending contract's state isn't correctly updated prior to the actual transfer of Ether,
the receiving contract's fallback function can call back into the sending contract before the first
invocation of the function was finished. This can cause the logic in the original function to be
executed multiple times, potentially leading to unintended behavior.
Arithmetic Overflow and Underflow are common vulnerabilities in Solidity. They occur when an arithmetic operation reaches the maximum or minimum size that can be stored in a variable type, causing the value to "wrap around" to the opposite extreme.
Overflow occurs when a value exceeds the maximum limit of a data type. For example, if an unsigned integer (uint) in Solidity is incremented beyond its maximum value of 2^256 - 1, it will overflow and wrap around to 0.Underflow occurs when a value is decreased below the minimum limit of a data type. For an unsigned integer, which cannot be negative, underflow occurs when it is decremented below 0, causing it to wrap around to the maximum possible value.
The increaseAllowance and decreaseAllowance functions in the FXG contract are vulnerable to Arithmetic Overflow and Underflow. If the allowance value reaches the maximum limit or is decreased below zero, it can lead to unexpected behavior and potential vulnerabilities.
The increaseAllowance and decreaseAllowance functions in the FXG contract are vulnerable to Arithmetic Overflow and Underflow. If the allowance value reaches the maximum limit or is decreased below zero, it can lead to unexpected behavior and potential vulnerabilities.
The delegate call feature in Solidity allows one contract to "borrow" functionality from another contract,
executing its code in the context of the calling contract. This feature is powerful but also risky;
if not used carefully, it can lead to vulnerabilities.
In Solidity, the "private" keyword doesnt make data confidential. Despite being unaccessible directly from outside the contract, private data on the Ethereum blockchain is publicly visible as every network node holds a complete blockchain copy. Mistaking private variables as a safe place for confidential information is a common vulnerability. Truly private data in Ethereum can only be achieved by not storing it on the blockchain at all. Always treat data on the blockchain as public, even if its in private variables.
In Solidity, the self-destruct function allows a contract to be deleted from the blockchain and its remaining Ether to be sent to a specific address. However, misuse can lead to vulnerabilities such as loss of funds, unexpected behavior in dependent contracts, potential ownership takeover if an attacker can dictate the recipient address, and even re-deployment attacks where a malicious contract might be deployed at the same address after destruction. Instead of self-destruct, its often safer to use a "pause" or "circuit breaker" pattern that can disable a contracts functionality without removing its state and balance.
The smart contract FXG is vulnerable to a Self Destruct attack because it includes a selfdestruct function in the function updateBurner, allowing the owner to potentially destroy the contract and send remaining Ether to a different address. This can lead to loss of funds and unexpected behavior.
The smart contract FXG is vulnerable to a Self Destruct attack because it includes a selfdestruct function in the function updateBurner, allowing the owner to potentially destroy the contract and send remaining Ether to a different address. This can lead to loss of funds and unexpected behavior.
Access control issues occur when a smart contract does not properly restrict who can execute its functions. Without proper access controls, unauthorized users could perform actions that should be restricted to specific roles, such as administrators or owners, potentially leading to unauthorized asset transfers, changes in contract state, or other malicious activities.
The contract FXG is vulnerable to an Access Control Issue. The 'onlyBurner' modifier is used to restrict access to certain functions, but the 'burner' address can be updated by calling the 'updateBurner' function, which is not restricted to only the burner. This means that anyone can change the burner address and potentially gain unauthorized access to functions restricted to the burner role.
The contract FXG is vulnerable to an Access Control Issue. The 'onlyBurner' modifier is used to restrict access to certain functions, but the 'burner' address can be updated by calling the 'updateBurner' function, which is not restricted to only the burner. This means that anyone can change the burner address and potentially gain unauthorized access to functions restricted to the burner role.
This vulnerability occurs when a contract operation requires more gas than the current block gas limit, making it impossible to execute. Malicious actors can exploit this by intentionally crafting transactions or contract interactions that reach the gas limit, causing legitimate operations to fail. This can effectively deny service to the contract's intended functionalities, locking funds or halting critical operations.
Relying on external contracts can introduce risks and vulnerabilities into a smart contract system. If the external contract is compromised, behaves unpredictably, or is updated in a way that is incompatible with the dependent contract, it can lead to failures or unintended behavior in the dependent contract. This dependency on external code requires trust in the external contract's security and behavior, which might not always be warranted.
Relying on block timestamps for critical contract logic can introduce vulnerabilities because miners have some flexibility in setting these timestamps. If a contract's behavior, such as the outcome of a financial transaction or the terms of a contract, can be altered by changing the timestamp, it may be manipulated by miners to achieve a more favorable outcome, potentially leading to loss or unfair advantages.
The contract is vulnerable to a Timestamp Dependence attack because it uses block.timestamp in the 'burn' function which can be manipulated by miners to alter the behavior of the contract.
The contract is vulnerable to a Timestamp Dependence attack because it uses block.timestamp in the 'burn' function which can be manipulated by miners to alter the behavior of the contract.
Unchecked external calls can lead to unexpected behavior or failures in smart contracts. When a contract calls an external contract but does not properly check the success of this call, it might assume that the operation was successful even when it wasn't. This can lead to vulnerabilities where, for example, a transfer of funds is considered successful even if it didn't happen, potentially leading to financial losses or other critical issues in the contract's logic.
The 'transfer' and 'transferFrom' functions in the FXG contract do not check the return value of the external call to 'token.transfer' which can lead to a Unchecked External Calls vulnerability.
The 'transfer' and 'transferFrom' functions in the FXG contract do not check the return value of the external call to 'token.transfer' which can lead to a Unchecked External Calls vulnerability.
Unchecked user inputs can lead to a wide range of vulnerabilities, including reentrancy, overflow/underflow, and unauthorized actions. It's crucial to validate and sanitize all user inputs to ensure they meet the expected format, type, and range. Failing to do so can compromise the contract's integrity and lead to unintended behavior or exploits.
The 'transferFrom' function in the contract does not properly check the caller's eligibility to transfer tokens. It allows any address to call 'transferFrom' without verifying if the caller is authorized, which can lead to unauthorized token transfers.
The 'transferFrom' function in the contract does not properly check the caller's eligibility to transfer tokens. It allows any address to call 'transferFrom' without verifying if the caller is authorized, which can lead to unauthorized token transfers.
Uninitialized storage variables in smart contracts can lead to serious security vulnerabilities. Storage variables in Solidity are persisted between function calls and transactions. If a storage variable is not explicitly initialized, it may have a default value of zero or point to some unintended storage slot, potentially leading to unpredictable behavior or allowing attackers to manipulate the contract's state in unintended ways.
This vulnerability arises when a contract allows the withdrawal of Ether without proper access control or validation mechanisms in place. An attacker could exploit this to drain funds from the contract by invoking the withdrawal function without authorization, leading to financial losses for legitimate users or the contract owner.
The 'withdrwal' function in the provided smart contract allows the owner to unconditionally withdraw Ether or ERC20 tokens without proper access control or validation mechanisms. This makes it vulnerable to an Unprotected Ether Withdrawal attack.
The 'withdrwal' function in the provided smart contract allows the owner to unconditionally withdraw Ether or ERC20 tokens without proper access control or validation mechanisms. This makes it vulnerable to an Unprotected Ether Withdrawal attack.
Unprotected state variables can be a significant security vulnerability in smart contracts. When state variables are not properly encapsulated or restricted, they may be accessible and modifiable by external contracts or actors, potentially leading to unauthorized changes in the contract's state and behavior. This can result in loss of funds, corruption of data, or unintended contract behavior.
The FXG contract contains multiple state variables that are not properly encapsulated or restricted. For example, the _balances, _allowances, _totalSupply, _name, _symbol, _liquidity, and burner variables are all declared as private but can be accessed directly by external contracts or actors. This makes them vulnerable to unauthorized access and modification, potentially leading to security issues.
The FXG contract contains multiple state variables that are not properly encapsulated or restricted. For example, the _balances, _allowances, _totalSupply, _name, _symbol, _liquidity, and burner variables are all declared as private but can be accessed directly by external contracts or actors. This makes them vulnerable to unauthorized access and modification, potentially leading to security issues.