HatchKings
High Risk
HatchKings is a social slot game whereby players spin daily, collect rare eggs, hatch cute dragons, and scale the leaderboard to pursue the famed title, HatchKing.
2 Issues Detected
1
Lack of Project Information
The project doesn't have an audit report.
2
Centralization Risks
- In the ProductStore contract with the address of 0x51580d29402fcbfa17ae68c5A8B5238A190f7E57, the owner is an EOA with the address 0x9B266B89a0eF8c520A3106bd034bCF02a6e4C62d that can front-run users to perform updatePrice to increase price of products to a large value. This can pull extra funds from users with maximum allowance to the treasury
- In the HatchToken contract with the address of 0x072eF16A59bDc14E25f33Ff4509870660548C107, the owner is an EOA with the address 0x4e9ef871Af13e7e1b16678025Da38dc719DbAAF1 that can call mint to mint HatchTokens to any funds.
- All three listed contracts are UUPS Upgradeable proxies, allowing each of their proxy admin and respective owners to perform arbitrary upgrades. For example, in the HatchToken contract, admin can upgrade contract to include burn functionality to burn user tokens. In the HatchStaking contract, admin can upgrade contract to maliciously pull staked funds of users
- In the HatchToken contract with the address of 0x072eF16A59bDc14E25f33Ff4509870660548C107, the owner is an EOA with the address 0x4e9ef871Af13e7e1b16678025Da38dc719DbAAF1 that can call mint to mint HatchTokens to any funds.
- All three listed contracts are UUPS Upgradeable proxies, allowing each of their proxy admin and respective owners to perform arbitrary upgrades. For example, in the HatchToken contract, admin can upgrade contract to include burn functionality to burn user tokens. In the HatchStaking contract, admin can upgrade contract to maliciously pull staked funds of users
Summary
High Risk
Audit
DappBay Red Alarm
List Time
May, 17, 2025
Chain
BNB Smart Chain