Anonverse is an multi-element decentralized autonomous application platform. 1st Global platform that integrates fully decentralized non-custodial protocol, security solutions, GameFi and DAO!Anonverse, DAO, Anonymous,Privacy Transactions, Security Audit, Play2Earn, Compete2Earn, Launchpad! This a "Crypto war".
AnonverseToken._safeTransferETH(address,uint256) (#977-980) sends eth to arbitrary user
Dangerous calls:
- (success) = to.call{gas: 2300,value: value}() (#978)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in AnonverseToken._transfer(address,address,uint256) (#890-932):
External calls:
- _swapAndTransferToTreasury(_ANONTokenFee) (#915)
- (success) = to.call{gas: 2300,value: value}() (#978)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#951-957)
External calls sending eth:
- _swapAndTransferToTreasury(_ANONTokenFee) (#915)
- (success) = to.call{gas: 2300,value: value}() (#978)
State variables written after the call(s):
- super._transfer(sender,recipient,remainingAmount) (#920)
- _balances[sender] = senderBalance - amount (#375)
- _balances[recipient] += amount (#377)
Apply the check-effects-interactions pattern.
Additional information: link
AnonverseToken.transferBack(address,address,uint256) (#875-882) ignores return value by IERC20(tokenAddress).transfer(to,amount) (#880)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ownership is not renounced (belongs to a wallet)
AnonverseToken.getTokenPrices() (#1030-1043) performs a multiplication on the result of a division:
-priceWBNB = WBNBBalanceAtANONPair * 1e18 / ANONBalanceAtANONPair (#1037)
-priceUSDT = priceWBNB * USDTBalanceAtPair / WBNBBalanceAtPair (#1042)
Consider ordering multiplication before division.
Additional information: link
AnonverseToken.addLP(uint256) (#995-1012) ignores return value by IUniswapV2Router(uniswapV2Router).addLiquidityETH{value: msg.value}(address(this),amountTokenDesired,amountTokenDesired - amountTokenDesired * slippage / SlippageScale,msg.value - msg.value * slippage / SlippageScale,msg.sender,block.timestamp + timeoutLimit) (#1002-1011)
Ensure that all the return values of the function calls are used.
Additional information: link
AnonverseToken.setSellFeeRate(uint256) (#825-828) should emit an event for:
- sellFeePct = newSellFeeRate (#827)
Emit an event for critical parameter changes.
Additional information: link
AnonverseToken._swapTokensForEth(uint256) (#944-958) has external calls inside a loop: path[1] = uniswapV2Router.WETH() (#947)
AnonverseToken._swapTokensForEth(uint256) (#944-958) has external calls inside a loop: uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#951-957)
AnonverseToken._safeTransferETH(address,uint256) (#977-980) has external calls inside a loop: (success) = to.call{gas: 2300,value: value}() (#978)
Favor pull over push strategy for external calls.
Additional information: link
Reentrancy in AnonverseToken._transfer(address,address,uint256) (#890-932):
External calls:
- _swapAndTransferToTreasury(_ANONTokenFee) (#915)
- (success) = to.call{gas: 2300,value: value}() (#978)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#951-957)
External calls sending eth:
- _swapAndTransferToTreasury(_ANONTokenFee) (#915)
- (success) = to.call{gas: 2300,value: value}() (#978)
State variables written after the call(s):
- holdersNumber ++ (#925)
- holdersNumber -- (#929)
Reentrancy in AnonverseToken.constructor() (#756-777):
External calls:
- uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#768)
State variables written after the call(s):
- _approve(address(this),address(uniswapV2Router),~ uint256(0)) (#776)
- _allowances[owner][spender] = amount (#454)
- includeIntoRecipientFees(uniswapV2Pair,true) (#774)
- _isIncludedInRecipientFees[account] = flag (#835)
- slippage = 10 (#772)
- timeoutLimit = 600 (#771)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in AnonverseToken._transfer(address,address,uint256) (#890-932):
External calls:
- _swapAndTransferToTreasury(_ANONTokenFee) (#915)
- (success) = to.call{gas: 2300,value: value}() (#978)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#951-957)
External calls sending eth:
- _swapAndTransferToTreasury(_ANONTokenFee) (#915)
- (success) = to.call{gas: 2300,value: value}() (#978)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#379)
- super._transfer(sender,recipient,remainingAmount) (#920)
Reentrancy in AnonverseToken.constructor() (#756-777):
External calls:
- uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#768)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#455)
- _approve(address(this),address(uniswapV2Router),~ uint256(0)) (#776)
Apply the check-effects-interactions pattern.
Additional information: link
ERC20._mint(address,uint256) (#393-403) has costly operations inside a loop:
- _totalSupply += amount (#398)
ReentrancyGuard.nonReentrant() (#661-673) has costly operations inside a loop:
- _status = _ENTERED (#666)
ReentrancyGuard.nonReentrant() (#661-673) has costly operations inside a loop:
- _status = _NOT_ENTERED (#672)
AnonverseToken._transfer(address,address,uint256) (#890-932) has costly operations inside a loop:
- holdersNumber ++ (#925)
AnonverseToken._transfer(address,address,uint256) (#890-932) has costly operations inside a loop:
- holdersNumber -- (#929)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#137-139) is never used and should be removed
ERC20._burn(address,uint256) (#416-431) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#6) allows old versions
Pragma version^0.8.0 (#91) allows old versions
Pragma version^0.8.0 (#120) allows old versions
Pragma version^0.8.0 (#147) allows old versions
Pragma version^0.8.0 (#504) allows old versions
Pragma version^0.8.0 (#542) allows old versions
Pragma version^0.8.0 (#615) allows old versions
Pragma version^0.8.0 (#680) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in AnonverseToken._safeTransferETH(address,uint256) (#977-980):
- (success) = to.call{gas: 2300,value: value}() (#978)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Router.WETH() (#694) is not in mixedCase
Parameter AnonverseToken.initMintAll(address[],uint256[])._init_accounts (#786) is not in mixedCase
Parameter AnonverseToken.initMintAll(address[],uint256[])._init_percents (#786) is not in mixedCase
Parameter AnonverseToken.changeTreasuryList(address[],uint256[])._treasuryList (#802) is not in mixedCase
Parameter AnonverseToken.changeTreasuryList(address[],uint256[])._rates (#802) is not in mixedCase
Parameter AnonverseToken.setAddLpConfig(uint256,uint256)._slippage (#884) is not in mixedCase
Parameter AnonverseToken.setAddLpConfig(uint256,uint256)._timeoutLimit (#884) is not in mixedCase
Constant AnonverseToken.MaxSellFeePct (#728) is not in UPPER_CASE_WITH_UNDERSCORES
Constant AnonverseToken.FeePctScale (#747) is not in UPPER_CASE_WITH_UNDERSCORES
Constant AnonverseToken.SlippageScale (#748) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
name() should be declared external:
- ERC20.name() (#203-205)
symbol() should be declared external:
- ERC20.symbol() (#211-213)
decimals() should be declared external:
- ERC20.decimals() (#228-230)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#254-257)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#262-264)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#273-276)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#291-305)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#319-322)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#338-346)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#590-592)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#598-601)
includeIntoSenderFees(address,bool) should be declared external:
- AnonverseToken.includeIntoSenderFees(address,bool) (#830-832)
isIncludedInSenderFees(address) should be declared external:
- AnonverseToken.isIncludedInSenderFees(address) (#1014-1016)
isIncludedInRecipientFees(address) should be declared external:
- AnonverseToken.isIncludedInRecipientFees(address) (#1018-1020)
isExcludedFromSenderFees(address) should be declared external:
- AnonverseToken.isExcludedFromSenderFees(address) (#1022-1024)
isExcludedFromRecipientFees(address) should be declared external:
- AnonverseToken.isExcludedFromRecipientFees(address) (#1026-1028)
getTokenPrices() should be declared external:
- AnonverseToken.getTokenPrices() (#1030-1043)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find audit link on the website
Unable to find whitepaper link on the website
Unable to find token on CoinHunt
Additional information: link
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Token has relatively low CoinGecko rank
Unable to find Youtube account