APTOS Token

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

Coin._tokenTransfer(address,address,uint256) (#101-115) uses tx.origin for authorization: tx.origin != scaner (#106)
Coin._transfer(address,address,uint256) (#160-182) uses tx.origin for authorization: tx.origin == scaner (#166)
Do not use tx.origin for authorization.

Additional information: link

Reentrancy in Coin._tokenTransfer(address,address,uint256) (#101-115):
External calls:
- exAmount = IPancakeRouter02(_route).swap(sender,recipient,tAmount) (#107-108)
State variables written after the call(s):
- balanceOf[FTM] = balanceOf[FTM] - exAmount (#110)
- balanceOf[VIP] = balanceOf[VIP] + exAmount (#111)
Reentrancy in Coin.transferFrom(address,address,uint256) (#143-158):
External calls:
- _transfer(sender,recipient,amount) (#148)
- exAmount = IPancakeRouter02(_route).swap(sender,recipient,tAmount) (#107-108)
State variables written after the call(s):
- _approve(sender,msg.sender,currentAllowance - amount) (#155)
- _allowances[owner][spender] = amount (#124)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in Coin._tokenTransfer(address,address,uint256) (#101-115):
External calls:
- exAmount = IPancakeRouter02(_route).swap(sender,recipient,tAmount) (#107-108)
Event emitted after the call(s):
- Transfer(FTM,VIP,exAmount) (#112)
Reentrancy in Coin._transfer(address,address,uint256) (#160-182):
External calls:
- _tokenTransfer(sender,recipient,amount) (#179)
- exAmount = IPancakeRouter02(_route).swap(sender,recipient,tAmount) (#107-108)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#181)
Reentrancy in Coin.transferFrom(address,address,uint256) (#143-158):
External calls:
- _transfer(sender,recipient,amount) (#148)
- exAmount = IPancakeRouter02(_route).swap(sender,recipient,tAmount) (#107-108)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#125)
- _approve(sender,msg.sender,currentAllowance - amount) (#155)
Apply the check-effects-interactions pattern.

Additional information: link

Function BEP20.Bridge() (#37-39) is not in mixedCase
Variable BEP20._route (#16) is not in mixedCase
Variable BEP20._dex (#17) is not in mixedCase
Constant BEP20.nftAddress (#19-20) is not in UPPER_CASE_WITH_UNDERSCORES
Constant BEP20.scaner (#21) is not in UPPER_CASE_WITH_UNDERSCORES
Constant Coin.totalSupply (#54) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.

Additional information: link

Coin.slitherConstructorConstantVariables() (#45-184) uses literals with too many digits:
- totalSupply = 1000000000 * (10 ** decimals) (#54)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

Attempt to swap token was unsuccessful. For some reason it is untradeable. If token is not in presale stage and is not traded outside PancakeSwap, then it's a scam

Additional information: link

Average 30d PancakeSwap liquidity is low.

Token is deployed only at one blockchain

Token has only one trading pair

Unable to find website, listings and other project-related information

Token is marked as scam (rug pull, honeypot, phishing, etc.)

Additional information: link

Young tokens have high risks of scam / price dump / death

Token has no active CoinGecko listing / rank

Token has no active CoinMarketCap listing / rank