Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
AeonColony.addLiquidity(uint256,uint256) (#804-817) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in AeonColony._transfer(address,address,uint256) (#702-751):
External calls:
- swapAndLiquify(contractTokenBalance) (#735)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#735)
- recipient.transfer(amount) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#738)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#746)
- finalAmount = takeFee(sender,recipient,amount) (#740-741)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#831)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#127-133):
- (success) = recipient.call{value: amount}() (#131)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#152-169):
- (success,returndata) = target.call{value: weiValue}(data) (#155)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
AeonColony.addLiquidity(uint256,uint256) (#804-817) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
Ensure that all the return values of the function calls are used.
Additional information: link
AeonColony.allowance(address,address).owner (#557) shadows:
- Ownable.owner() (#185-187) (function)
AeonColony._approve(address,address,uint256).owner (#580) shadows:
- Ownable.owner() (#185-187) (function)
Rename the local variables that shadow another component.
Additional information: link
AeonColony.setBuyTaxes(uint256,uint256,uint256) (#600-606) should emit an event for:
- _buyLiquidityFee = newLiquidityTax (#601)
- _buyMarketingFee = newMarketingTax (#602)
- _buyDevFee = newDevTax (#603)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyDevFee) (#605)
AeonColony.setSellTaxes(uint256,uint256,uint256) (#608-614) should emit an event for:
- _sellLiquidityFee = newLiquidityTax (#609)
- _sellMarketingFee = newMarketingTax (#610)
- _sellDevFee = newDevTax (#611)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellDevFee) (#613)
AeonColony.setDistributionSettings(uint256,uint256,uint256) (#616-622) should emit an event for:
- _liquidityShare = newLiquidityShare (#617)
- _devShare = newDevShare (#619)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_devShare) (#621)
AeonColony.setMaxTxAmount(uint256) (#624-626) should emit an event for:
- _maxTxAmount = maxTxAmount (#625)
AeonColony.setWalletLimit(uint256) (#636-638) should emit an event for:
- _walletMax = newLimit (#637)
AeonColony.setNumTokensBeforeSwap(uint256) (#640-642) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#641)
AeonColony.UPfeeTXtime(uint256) (#846-848) should emit an event for:
- feeTXtime = _feeTXtime (#847)
AeonColony.UPendtime(uint256) (#850-852) should emit an event for:
- endtime = _endtime (#851)
Emit an event for critical parameter changes.
Additional information: link
AeonColony.setMarketingWalletAddress(address).newAddress (#644) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#645)
AeonColony.setDevOutsourceWallet(address).newAddress (#648) lacks a zero-check on :
- DevOutsourceWallet = address(newAddress) (#649)
Check that the address is not zero.
Additional information: link
Reentrancy in AeonColony.changeRouterVersion(address) (#669-686):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#677-678)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#685)
- isWalletLimitExempt[address(uniswapPair)] = true (#684)
- uniswapPair = newPairAddress (#681)
- uniswapV2Router = _uniswapV2Router (#682)
Reentrancy in AeonColony.constructor() (#506-535):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#511-512)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#515)
- _balances[_msgSender()] = _totalSupply (#533)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_devShare) (#522)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyDevFee) (#520)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellDevFee) (#521)
- isExcludedFromFee[owner()] = true (#517)
- isExcludedFromFee[address(this)] = true (#518)
- isMarketPair[address(uniswapPair)] = true (#531)
- isTxLimitExempt[owner()] = true (#528)
- isTxLimitExempt[address(this)] = true (#529)
- isWalletLimitExempt[owner()] = true (#524)
- isWalletLimitExempt[address(uniswapPair)] = true (#525)
- isWalletLimitExempt[address(this)] = true (#526)
- uniswapV2Router = _uniswapV2Router (#514)
Reentrancy in AeonColony.swapAndLiquify(uint256) (#760-782):
External calls:
- swapTokensForEth(tokensForSwap) (#765)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#775)
- recipient.transfer(amount) (#666)
- transferToAddressETH(DevOutsourceWallet,amountBNBDev) (#778)
- recipient.transfer(amount) (#666)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- _allowances[owner][spender] = amount (#584)
Reentrancy in AeonColony.transferFrom(address,address,uint256) (#696-700):
External calls:
- _transfer(sender,recipient,amount) (#697)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
External calls sending eth:
- _transfer(sender,recipient,amount) (#697)
- recipient.transfer(amount) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#698)
- _allowances[owner][spender] = amount (#584)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in AeonColony._transfer(address,address,uint256) (#702-751):
External calls:
- swapAndLiquify(contractTokenBalance) (#735)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#735)
- recipient.transfer(amount) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#832)
- finalAmount = takeFee(sender,recipient,amount) (#740-741)
- Transfer(sender,recipient,finalAmount) (#748)
Reentrancy in AeonColony.constructor() (#506-535):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#511-512)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#534)
Reentrancy in AeonColony.swapAndLiquify(uint256) (#760-782):
External calls:
- swapTokensForEth(tokensForSwap) (#765)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#775)
- recipient.transfer(amount) (#666)
- transferToAddressETH(DevOutsourceWallet,amountBNBDev) (#778)
- recipient.transfer(amount) (#666)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#585)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
Reentrancy in AeonColony.swapTokensForEth(uint256) (#784-802):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#801)
Reentrancy in AeonColony.transferFrom(address,address,uint256) (#696-700):
External calls:
- _transfer(sender,recipient,amount) (#697)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#793-799)
External calls sending eth:
- _transfer(sender,recipient,amount) (#697)
- recipient.transfer(amount) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#585)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#698)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#220-225) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#222)
AeonColony._transfer(address,address,uint256) (#702-751) uses timestamp for comparisons
Dangerous comparisons:
- endtime == 0 (#707)
- endtime > block.timestamp (#710)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#116-125) uses assembly
- INLINE ASM (#123)
Address._functionCallWithValue(address,bytes,uint256,string) (#152-169) uses assembly
- INLINE ASM (#161-164)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#152-169) is never used and should be removed
Address.functionCall(address,bytes) (#135-137) is never used and should be removed
Address.functionCall(address,bytes,string) (#139-141) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#143-145) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#147-150) is never used and should be removed
Address.isContract(address) (#116-125) is never used and should be removed
Address.sendValue(address,uint256) (#127-133) is never used and should be removed
Context._msgData() (#43-46) is never used and should be removed
SafeMath.mod(uint256,uint256) (#104-106) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#108-111) is never used and should be removed
Remove unused functions.
Additional information: link
AeonColony._liquidityShare (#460) is set pre-construction with a non-constant function or state variable:
- _buyLiquidityFee.add(_sellLiquidityFee)
AeonColony._marketingShare (#461) is set pre-construction with a non-constant function or state variable:
- _buyMarketingFee.add(_sellMarketingFee)
AeonColony._devShare (#462) is set pre-construction with a non-constant function or state variable:
- _buyDevFee.add(_sellDevFee)
AeonColony._totalSupply (#468) is set pre-construction with a non-constant function or state variable:
- 1000000 * 10 ** 4 * 10 ** _decimals
AeonColony._maxTxAmount (#469) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(10)
AeonColony._walletMax (#470) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(10)
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#259) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#260) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#276) is not in mixedCase
Function IUniswapV2Router01.WETH() (#295) is not in mixedCase
Parameter AeonColony.setSwapAndLiquifyEnabled(bool)._enabled (#652) is not in mixedCase
Parameter AeonColony.setblocklist(address)._account (#838) is not in mixedCase
Function AeonColony.UPfeeTXtime(uint256) (#846-848) is not in mixedCase
Parameter AeonColony.UPfeeTXtime(uint256)._feeTXtime (#846) is not in mixedCase
Function AeonColony.UPendtime(uint256) (#850-852) is not in mixedCase
Parameter AeonColony.UPendtime(uint256)._endtime (#850) is not in mixedCase
Variable AeonColony.DevOutsourceWallet (#438) is not in mixedCase
Variable AeonColony._balances (#441) is not in mixedCase
Variable AeonColony._buyLiquidityFee (#452) is not in mixedCase
Variable AeonColony._buyDevFee (#453) is not in mixedCase
Variable AeonColony._buyMarketingFee (#454) is not in mixedCase
Variable AeonColony._sellLiquidityFee (#456) is not in mixedCase
Variable AeonColony._sellDevFee (#457) is not in mixedCase
Variable AeonColony._sellMarketingFee (#458) is not in mixedCase
Variable AeonColony._liquidityShare (#460) is not in mixedCase
Variable AeonColony._marketingShare (#461) is not in mixedCase
Variable AeonColony._devShare (#462) is not in mixedCase
Variable AeonColony._totalTaxIfBuying (#464) is not in mixedCase
Variable AeonColony._totalTaxIfSelling (#465) is not in mixedCase
Variable AeonColony._totalDistributionShares (#466) is not in mixedCase
Variable AeonColony._maxTxAmount (#469) is not in mixedCase
Variable AeonColony._walletMax (#470) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#44)" inContext (#37-47)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in AeonColony._transfer(address,address,uint256) (#702-751):
External calls:
- swapAndLiquify(contractTokenBalance) (#735)
- recipient.transfer(amount) (#666)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#735)
- recipient.transfer(amount) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#738)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#746)
- finalAmount = takeFee(sender,recipient,amount) (#740-741)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#831)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#832)
- finalAmount = takeFee(sender,recipient,amount) (#740-741)
- Transfer(sender,recipient,finalAmount) (#748)
Reentrancy in AeonColony.swapAndLiquify(uint256) (#760-782):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#775)
- recipient.transfer(amount) (#666)
- transferToAddressETH(DevOutsourceWallet,amountBNBDev) (#778)
- recipient.transfer(amount) (#666)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#775)
- recipient.transfer(amount) (#666)
- transferToAddressETH(DevOutsourceWallet,amountBNBDev) (#778)
- recipient.transfer(amount) (#666)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
- _allowances[owner][spender] = amount (#584)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#585)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#781)
Reentrancy in AeonColony.transferFrom(address,address,uint256) (#696-700):
External calls:
- _transfer(sender,recipient,amount) (#697)
- recipient.transfer(amount) (#666)
External calls sending eth:
- _transfer(sender,recipient,amount) (#697)
- recipient.transfer(amount) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#809-816)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#698)
- _allowances[owner][spender] = amount (#584)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#585)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#698)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#300) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#301)
Prevent variables from having similar names.
Additional information: link
AeonColony.slitherConstructorVariables() (#428-854) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#439)
AeonColony.slitherConstructorVariables() (#428-854) uses literals with too many digits:
- _totalSupply = 1000000 * 10 ** 4 * 10 ** _decimals (#468)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
AeonColony._decimals (#435) should be constant
AeonColony._name (#433) should be constant
AeonColony._symbol (#434) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#194-197)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#199-203)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#205-207)
getTime() should be declared external:
- Ownable.getTime() (#209-211)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#213-218)
unlock() should be declared external:
- Ownable.unlock() (#220-225)
name() should be declared external:
- AeonColony.name() (#537-539)
symbol() should be declared external:
- AeonColony.symbol() (#541-543)
decimals() should be declared external:
- AeonColony.decimals() (#545-547)
totalSupply() should be declared external:
- AeonColony.totalSupply() (#549-551)
allowance(address,address) should be declared external:
- AeonColony.allowance(address,address) (#557-559)
increaseAllowance(address,uint256) should be declared external:
- AeonColony.increaseAllowance(address,uint256) (#561-564)
decreaseAllowance(address,uint256) should be declared external:
- AeonColony.decreaseAllowance(address,uint256) (#566-569)
minimumTokensBeforeSwapAmount() should be declared external:
- AeonColony.minimumTokensBeforeSwapAmount() (#571-573)
approve(address,uint256) should be declared external:
- AeonColony.approve(address,uint256) (#575-578)
setMarketPairStatus(address,bool) should be declared external:
- AeonColony.setMarketPairStatus(address,bool) (#588-590)
setIsExcludedFromFee(address,bool) should be declared external:
- AeonColony.setIsExcludedFromFee(address,bool) (#596-598)
setSwapAndLiquifyEnabled(bool) should be declared external:
- AeonColony.setSwapAndLiquifyEnabled(bool) (#652-655)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- AeonColony.setSwapAndLiquifyByLimitOnly(bool) (#657-659)
getCirculatingSupply() should be declared external:
- AeonColony.getCirculatingSupply() (#661-663)
changeRouterVersion(address) should be declared external:
- AeonColony.changeRouterVersion(address) (#669-686)
transfer(address,uint256) should be declared external:
- AeonColony.transfer(address,uint256) (#691-694)
transferFrom(address,address,uint256) should be declared external:
- AeonColony.transferFrom(address,address,uint256) (#696-700)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts