Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
SwapHandler._createLP(uint256) (#1277-1286) sends eth to arbitrary user
Dangerous calls:
- IRouter(swapRouter).addLiquidityETH{value: address(this).balance}(owner(),erc20Amount_,0,0,erc20.autoLPWallet(),block.timestamp + 10000) (#1278-1285)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in HODLRewardsDistributor.batchProcessClaims(uint256) (#1086-1100):
External calls:
- claimPending(allShareHolders[_lastProccessedIndex]) (#1094)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (#895)
- (success,returndata) = target.call{value: value}(data) (#150)
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
External calls sending eth:
- claimPending(allShareHolders[_lastProccessedIndex]) (#1094)
- (success,returndata) = target.call{value: value}(data) (#150)
State variables written after the call(s):
- _incrementLastProccessed() (#1097)
- _lastProccessedIndex ++ (#1164)
- _lastProccessedIndex = 1 (#1166)
Reentrancy in HODLRewardsDistributor.setShare(address,uint256) (#1014-1026):
External calls:
- claimPending(sharholderAddress_) (#1022)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (#895)
- (success,returndata) = target.call{value: value}(data) (#150)
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
External calls sending eth:
- claimPending(sharholderAddress_) (#1022)
- (success,returndata) = target.call{value: value}(data) (#150)
State variables written after the call(s):
- _updateUserShares(sharholderAddress_,amount_) (#1025)
- user.shares = newAmount_ (#1144)
- user.rewardDebt = user.shares.mul(accPerShare).div(1e36) (#1145)
- _updateUserShares(sharholderAddress_,amount_) (#1025)
- totalRewardsDebt = totalRewardsDebt.sub(user.rewardDebt) (#1143)
- totalRewardsDebt = totalRewardsDebt.add(user.rewardDebt) (#1146)
Apply the check-effects-interactions pattern.
Additional information: link
HODLRewardsDistributor.depositWrappedNativeTokenRewards(uint256) (#1007-1012) ignores return value by IWrappedNativeToken(wbnb).transferFrom(msg.sender,address(this),amount_) (#1010)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
HODLRewardsDistributor._updateUserShares(address,uint256) (#1136-1161) uses a dangerous strict equality:
- user.shares == 0 && indexOfShareHolders[sharholderAddress_] != 0 (#1152)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Different versions of Solidity is used:
- Version used: ['^0.8.0', '^0.8.4']
- ^0.8.4 (#6)
- ^0.8.0 (#22)
- ^0.8.4 (#240)
- ^0.8.4 (#251)
- ^0.8.4 (#298)
- ^0.8.4 (#309)
- ^0.8.4 (#363)
- ^0.8.0 (#377)
- ^0.8.4 (#605)
- ^0.8.0 (#617)
- ^0.8.0 (#644)
- ^0.8.0 (#722)
- ^0.8.0 (#807)
- ^0.8.4 (#906)
- ^0.8.4 (#1172)
- ^0.8.0 (#1303)
- ^0.8.0 (#1333)
- ^0.8.4 (#1689)
Use one Solidity version.
Additional information: link
Reentrancy in BabyMcDollar._customTransfer(address,address,uint256) (#2060-2095):
External calls:
- _transfer(from_,address(swapHundler),currentTax) (#2084)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
- processReserves() (#2088)
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
State variables written after the call(s):
- processReserves() (#2088)
- autoLPReserved = 0 (#1904)
- processReserves() (#2088)
- hodlReserved = 0 (#1905)
- processReserves() (#2088)
- marketingReserved = 0 (#1906)
Reentrancy in BabyMcDollar._customTransfer(address,address,uint256) (#2060-2095):
External calls:
- _transfer(from_,address(swapHundler),currentTax) (#2084)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
- processReserves() (#2088)
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
- _transfer(from_,to_,netTransfer) (#2091)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
State variables written after the call(s):
- _transfer(from_,to_,netTransfer) (#2091)
- _balances[sender] = senderBalance - amount (#1562)
- _balances[recipient] += amount (#1564)
Reentrancy in HODLRewardsDistributor.claimPending(address) (#1066-1084):
External calls:
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
State variables written after the call(s):
- user.claimed = user.claimed.add(pendingAmount) (#1078)
- user.rewardDebt = user.shares.mul(accPerShare).div(1e36) (#1082)
Reentrancy in BabyMcDollar.constructor(string,string,address,address,address,address,address) (#1769-1845):
External calls:
- wbnbPair = IFactory(IRouter(swapRouter_).factory()).createPair(wbnb_,address(this)) (#1785-1787)
- _mint(autoLP_,TOTAL_SUPPLY) (#1824)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
State variables written after the call(s):
- hodlRewardDistributor = new HODLRewardsDistributor(wbnb_,rewardsAddress_,swapRouter_) (#1827)
Reentrancy in BabyMcDollar.constructor(string,string,address,address,address,address,address) (#1769-1845):
External calls:
- wbnbPair = IFactory(IRouter(swapRouter_).factory()).createPair(wbnb_,address(this)) (#1785-1787)
- _mint(autoLP_,TOTAL_SUPPLY) (#1824)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
- hodlRewardDistributor.excludeFromRewards(wbnbPair) (#1831)
- hodlRewardDistributor.excludeFromRewards(swapRouter) (#1832)
- hodlRewardDistributor.excludeFromRewards(autoLPWallet) (#1833)
- hodlRewardDistributor.excludeFromRewards(marketingWallet) (#1834)
- hodlRewardDistributor.excludeFromRewards(address(this)) (#1835)
- hodlRewardDistributor.excludeFromRewards(address(swapHundler)) (#1836)
State variables written after the call(s):
- isDistributorSet = true (#1844)
- whitlisted[address(hodlRewardDistributor)] = Whitlisted(true,true,true) (#1838-1842)
Reentrancy in BabyMcDollar.processReserves() (#1897-1907):
External calls:
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
State variables written after the call(s):
- autoLPReserved = 0 (#1904)
- hodlReserved = 0 (#1905)
- marketingReserved = 0 (#1906)
Reentrancy in BabyMcDollar.transferFrom(address,address,uint256) (#1877-1887):
External calls:
- success = _customTransfer(from_,to_,amount_) (#1884)
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
State variables written after the call(s):
- approve(from_,allowance(from_,_msgSender()).sub(amount_)) (#1885)
- _allowances[owner][spender] = amount (#1641)
Apply the check-effects-interactions pattern.
Additional information: link
SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253) ignores return value by address(erc20.hodlRewardDistributor()).call{value: address(this).balance}() (#1249)
Ensure that the return value of a low-level call is checked or logged.
Additional information: link
SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253) ignores return value by IERC20(owner()).approve(swapRouter,IERC20(owner()).balanceOf(address(this))) (#1222)
SwapHandler._createLP(uint256) (#1277-1286) ignores return value by IRouter(swapRouter).addLiquidityETH{value: address(this).balance}(owner(),erc20Amount_,0,0,erc20.autoLPWallet(),block.timestamp + 10000) (#1278-1285)
Ensure that all the return values of the function calls are used.
Additional information: link
BabyMcDollar.setMaxTx(uint256) (#1764) should emit an event for:
- maxTx = maxTx_ (#1764)
BabyMcDollar.setMaxBalance(uint256) (#1767) should emit an event for:
- maxBalance = maxBalance_ (#1767)
BabyMcDollar.setPeocessingGasLimit(uint256) (#2025-2029) should emit an event for:
- processingGasLimit = maxAmount_ (#2028)
BabyMcDollar.setMinimumShareForRewards(uint256) (#2039-2041) should emit an event for:
- minimumShareForRewards = minimumAmount_ (#2040)
Emit an event for critical parameter changes.
Additional information: link
HODLRewardsDistributor.constructor(address,address,address).wbnb_ (#959) lacks a zero-check on :
- wbnb = wbnb_ (#960)
HODLRewardsDistributor.constructor(address,address,address).rewardsAddress_ (#959) lacks a zero-check on :
- rewardsaddress = rewardsAddress_ (#962)
HODLRewardsDistributor.constructor(address,address,address).swapRouter_ (#959) lacks a zero-check on :
- swapRouter = swapRouter_ (#963)
SwapHandler.constructor(address,address).swapRouter_ (#1206) lacks a zero-check on :
- swapRouter = swapRouter_ (#1209)
SwapHandler.constructor(address,address).wrappedNativeToken_ (#1207) lacks a zero-check on :
- wrappedNativeToken = wrappedNativeToken_ (#1210)
BabyMcDollar.constructor(string,string,address,address,address,address,address).wbnb_ (#1773) lacks a zero-check on :
- wbnb = wbnb_ (#1779)
- wbnbPair = IFactory(IRouter(swapRouter_).factory()).createPair(wbnb_,address(this)) (#1785-1787)
BabyMcDollar.constructor(string,string,address,address,address,address,address).swapRouter_ (#1774) lacks a zero-check on :
- swapRouter = swapRouter_ (#1780)
- wbnbPair = IFactory(IRouter(swapRouter_).factory()).createPair(wbnb_,address(this)) (#1785-1787)
BabyMcDollar.constructor(string,string,address,address,address,address,address).autoLP_ (#1775) lacks a zero-check on :
- autoLPWallet = autoLP_ (#1781)
BabyMcDollar.constructor(string,string,address,address,address,address,address).marketing_ (#1776) lacks a zero-check on :
- marketingWallet = marketing_ (#1782)
Check that the address is not zero.
Additional information: link
Address.functionCallWithValue(address,bytes,uint256,string) (#141-152) has external calls inside a loop: (success,returndata) = target.call{value: value}(data) (#150)
Favor pull over push strategy for external calls.
Additional information: link
Reentrancy in HODLRewardsDistributor.claimPending(address) (#1066-1084):
External calls:
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
State variables written after the call(s):
- totalClaimed = totalClaimed.add(pendingAmount) (#1079)
- totalRewardsDebt = totalRewardsDebt.sub(user.rewardDebt) (#1081)
- totalRewardsDebt = totalRewardsDebt.add(user.rewardDebt) (#1083)
Reentrancy in BabyMcDollar.constructor(string,string,address,address,address,address,address) (#1769-1845):
External calls:
- wbnbPair = IFactory(IRouter(swapRouter_).factory()).createPair(wbnb_,address(this)) (#1785-1787)
State variables written after the call(s):
- isLpPair[wbnbPair] = true (#1789)
- swapHundler = new SwapHandler(swapRouter_,wbnb_) (#1791)
- whitlisted[autoLP_] = Whitlisted(true,true,true) (#1794-1798)
- whitlisted[marketing_] = Whitlisted(true,true,true) (#1800-1804)
- whitlisted[address(this)] = Whitlisted(true,true,true) (#1806-1810)
- whitlisted[address(swapHundler)] = Whitlisted(true,true,true) (#1812-1816)
- whitlisted[swapRouter_] = Whitlisted(true,true,false) (#1818-1822)
Reentrancy in BabyMcDollar.initDistributor(address) (#1847-1868):
External calls:
- hodlRewardDistributor.excludeFromRewards(wbnbPair) (#1854)
- hodlRewardDistributor.excludeFromRewards(swapRouter) (#1855)
- hodlRewardDistributor.excludeFromRewards(autoLPWallet) (#1856)
- hodlRewardDistributor.excludeFromRewards(marketingWallet) (#1857)
- hodlRewardDistributor.excludeFromRewards(address(this)) (#1858)
- hodlRewardDistributor.excludeFromRewards(address(swapHundler)) (#1859)
State variables written after the call(s):
- isDistributorSet = true (#1867)
- whitlisted[distributor_] = Whitlisted(true,true,true) (#1861-1865)
Reentrancy in HODLRewardsDistributor.receive() (#953-958):
External calls:
- _swap(msg.value) (#955)
- IRouter(swapRouter).swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount_}(0,path,address(this),block.timestamp + 1000) (#1125-1130)
State variables written after the call(s):
- _updateGlobalShares(addedBalance) (#957)
- accPerShare = accPerShare.add(amount_.mul(1e36).div(totalShares)) (#1114)
Reentrancy in BabyMcDollar.setReflection(bool) (#2009-2016):
External calls:
- processReserves() (#2014)
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
State variables written after the call(s):
- reflectionEnabled = isEnabled_ (#2015)
Reentrancy in HODLRewardsDistributor.setShare(address,uint256) (#1014-1026):
External calls:
- claimPending(sharholderAddress_) (#1022)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (#895)
- (success,returndata) = target.call{value: value}(data) (#150)
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
External calls sending eth:
- claimPending(sharholderAddress_) (#1022)
- (success,returndata) = target.call{value: value}(data) (#150)
State variables written after the call(s):
- _updateUserShares(sharholderAddress_,amount_) (#1025)
- allShareHolders.push(sharholderAddress_) (#1149)
- allShareHolders[indexOfRemoved] = allShareHolders[allShareHolders.length - 1] (#1155)
- allShareHolders.pop() (#1158)
- _updateUserShares(sharholderAddress_,amount_) (#1025)
- indexOfShareHolders[sharholderAddress_] = allShareHolders.length - 1 (#1150)
- indexOfShareHolders[sharholderAddress_] = 0 (#1156)
- indexOfShareHolders[allShareHolders[indexOfRemoved]] = indexOfRemoved (#1157)
- _updateUserShares(sharholderAddress_,amount_) (#1025)
- totalShares = totalShares.sub(user.shares).add(newAmount_) (#1142)
Reentrancy in SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253):
External calls:
- IERC20(owner()).approve(swapRouter,IERC20(owner()).balanceOf(address(this))) (#1222)
State variables written after the call(s):
- totalAutoLPERC20 += half (#1227)
Reentrancy in SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253):
External calls:
- IERC20(owner()).approve(swapRouter,IERC20(owner()).balanceOf(address(this))) (#1222)
- _swap(half,address(this)) (#1229)
- IRouter(swapRouter).swapExactTokensForETHSupportingFeeOnTransferTokens(amount_,0,path,to_,block.timestamp + 10000) (#1267-1273)
State variables written after the call(s):
- totalAutoLPNative += address(this).balance - balanceBefore (#1230)
Reentrancy in SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253):
External calls:
- IERC20(owner()).approve(swapRouter,IERC20(owner()).balanceOf(address(this))) (#1222)
- _swap(half,address(this)) (#1229)
- IRouter(swapRouter).swapExactTokensForETHSupportingFeeOnTransferTokens(amount_,0,path,to_,block.timestamp + 10000) (#1267-1273)
- _createLP(autoLPAmount_ - half) (#1231)
- IRouter(swapRouter).addLiquidityETH{value: address(this).balance}(owner(),erc20Amount_,0,0,erc20.autoLPWallet(),block.timestamp + 10000) (#1278-1285)
External calls sending eth:
- _createLP(autoLPAmount_ - half) (#1231)
- IRouter(swapRouter).addLiquidityETH{value: address(this).balance}(owner(),erc20Amount_,0,0,erc20.autoLPWallet(),block.timestamp + 10000) (#1278-1285)
State variables written after the call(s):
- totalMarketingInERC20 += marketingAmount_ (#1235)
Reentrancy in SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253):
External calls:
- IERC20(owner()).approve(swapRouter,IERC20(owner()).balanceOf(address(this))) (#1222)
- _swap(half,address(this)) (#1229)
- IRouter(swapRouter).swapExactTokensForETHSupportingFeeOnTransferTokens(amount_,0,path,to_,block.timestamp + 10000) (#1267-1273)
- _createLP(autoLPAmount_ - half) (#1231)
- IRouter(swapRouter).addLiquidityETH{value: address(this).balance}(owner(),erc20Amount_,0,0,erc20.autoLPWallet(),block.timestamp + 10000) (#1278-1285)
- balanceBefore = erc20.marketingWallet().balance (#1236)
- _swap(marketingAmount_,erc20.marketingWallet()) (#1237)
- IRouter(swapRouter).swapExactTokensForETHSupportingFeeOnTransferTokens(amount_,0,path,to_,block.timestamp + 10000) (#1267-1273)
- totalMarketingInNative += erc20.marketingWallet().balance - balanceBefore (#1238)
External calls sending eth:
- _createLP(autoLPAmount_ - half) (#1231)
- IRouter(swapRouter).addLiquidityETH{value: address(this).balance}(owner(),erc20Amount_,0,0,erc20.autoLPWallet(),block.timestamp + 10000) (#1278-1285)
State variables written after the call(s):
- totalToHoldersInERC20 += IERC20(owner()).balanceOf(address(this)) (#1242)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in BabyMcDollar._customTransfer(address,address,uint256) (#2060-2095):
External calls:
- _transfer(from_,address(swapHundler),currentTax) (#2084)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
- processReserves() (#2088)
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
- _transfer(from_,to_,netTransfer) (#2091)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#1566)
- _transfer(from_,to_,netTransfer) (#2091)
Reentrancy in HODLRewardsDistributor.claimPending(address) (#1066-1084):
External calls:
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
Event emitted after the call(s):
- Claimed(sharholderAddress_,pendingAmount) (#1076)
Reentrancy in BabyMcDollar.constructor(string,string,address,address,address,address,address) (#1769-1845):
External calls:
- wbnbPair = IFactory(IRouter(swapRouter_).factory()).createPair(wbnb_,address(this)) (#1785-1787)
- _mint(autoLP_,TOTAL_SUPPLY) (#1824)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#1587)
- _mint(autoLP_,TOTAL_SUPPLY) (#1824)
Reentrancy in HODLRewardsDistributor.receive() (#953-958):
External calls:
- _swap(msg.value) (#955)
- IRouter(swapRouter).swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount_}(0,path,address(this),block.timestamp + 1000) (#1125-1130)
Event emitted after the call(s):
- RewardsAdded(amount_) (#1115)
- _updateGlobalShares(addedBalance) (#957)
Reentrancy in HODLRewardsDistributor.setShare(address,uint256) (#1014-1026):
External calls:
- claimPending(sharholderAddress_) (#1022)
- returndata = address(token).functionCall(data,SafeERC20: low-level call failed) (#895)
- (success,returndata) = target.call{value: value}(data) (#150)
- IERC20(rewardsaddress).safeTransfer(sharholderAddress_,pendingAmount) (#1075)
External calls sending eth:
- claimPending(sharholderAddress_) (#1022)
- (success,returndata) = target.call{value: value}(data) (#150)
Event emitted after the call(s):
- ShareUpdated(sharholderAddress_,newAmount_) (#1160)
- _updateUserShares(sharholderAddress_,amount_) (#1025)
Reentrancy in BabyMcDollar.transferFrom(address,address,uint256) (#1877-1887):
External calls:
- success = _customTransfer(from_,to_,amount_) (#1884)
- swapHundler.swapToNativeWrappedToken(autoLPReserved,hodlReserved,marketingReserved) (#1898-1902)
- hodlRewardDistributor.setShare(wallet,balanceOf(wallet)) (#2123)
- hodlRewardDistributor.batchProcessClaims(processingGasLimit) (#2099-2101)
- hodlRewardDistributor.setShare(wallet,0) (#2123)
- hodlRewardDistributor.batchProcessClaims(gasleft()().mul(80).div(100)) (#2099-2101)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#1642)
- approve(from_,allowance(from_,_msgSender()).sub(amount_)) (#1885)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#45-55) uses assembly
- INLINE ASM (#51-53)
Address.verifyCallResult(bool,bytes,string) (#214-234) uses assembly
- INLINE ASM (#226-229)
Do not use evm assembly.
Additional information: link
HODLRewardsDistributor.claimPending(address) (#1066-1084) has costly operations inside a loop:
- totalClaimed = totalClaimed.add(pendingAmount) (#1079)
HODLRewardsDistributor.claimPending(address) (#1066-1084) has costly operations inside a loop:
- totalRewardsDebt = totalRewardsDebt.sub(user.rewardDebt) (#1081)
HODLRewardsDistributor.claimPending(address) (#1066-1084) has costly operations inside a loop:
- totalRewardsDebt = totalRewardsDebt.add(user.rewardDebt) (#1083)
HODLRewardsDistributor._incrementLastProccessed() (#1163-1167) has costly operations inside a loop:
- _lastProccessedIndex ++ (#1164)
HODLRewardsDistributor._incrementLastProccessed() (#1163-1167) has costly operations inside a loop:
- _lastProccessedIndex = 1 (#1166)
Use a local variable to hold the loop computation result.
Additional information: link
Address.functionCall(address,bytes) (#98-100) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#127-133) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#187-189) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#197-206) is never used and should be removed
Address.functionStaticCall(address,bytes) (#160-162) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#170-179) is never used and should be removed
Address.sendValue(address,uint256) (#73-78) is never used and should be removed
Context._msgData() (#634-636) is never used and should be removed
ERC20._burn(address,uint256) (#1603-1618) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (#847-860) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (#871-882) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (#862-869) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (#831-838) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#564-573) is never used and should be removed
SafeMath.mod(uint256,uint256) (#524-526) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#590-599) is never used and should be removed
SafeMath.sub(uint256,uint256,string) (#541-550) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (#395-401) is never used and should be removed
SafeMath.tryDiv(uint256,uint256) (#437-442) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (#449-454) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (#420-430) is never used and should be removed
SafeMath.trySub(uint256,uint256) (#408-413) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#22) allows old versions
Pragma version^0.8.0 (#377) allows old versions
Pragma version^0.8.0 (#617) allows old versions
Pragma version^0.8.0 (#644) allows old versions
Pragma version^0.8.0 (#722) allows old versions
Pragma version^0.8.0 (#807) allows old versions
Pragma version^0.8.0 (#1303) allows old versions
Pragma version^0.8.0 (#1333) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#73-78):
- (success) = recipient.call{value: amount}() (#76)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#141-152):
- (success,returndata) = target.call{value: value}(data) (#150)
Low level call in Address.functionStaticCall(address,bytes,string) (#170-179):
- (success,returndata) = target.staticcall(data) (#177)
Low level call in Address.functionDelegateCall(address,bytes,string) (#197-206):
- (success,returndata) = target.delegatecall(data) (#204)
Low level call in SwapHandler.swapToNativeWrappedToken(uint256,uint256,uint256) (#1217-1253):
- address(erc20.hodlRewardDistributor()).call{value: address(this).balance}() (#1249)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable IHODLRewardDistributor.excludeFromRewards(address).shareHolderToBeExcluded_ (#280) is too similar to IHODLRewardDistributor.includeInRewards(address).shareHolderToBeIncluded_ (#284)
Variable HODLRewardsDistributor.excludeFromRewards(address).shareHolderToBeExcluded_ (#1032) is too similar to HODLRewardsDistributor.includeInRewards(address).shareHolderToBeIncluded_ (#1051)
Variable BabyMcDollar.TOTAL_SUPPLY (#1712) is too similar to ERC20._totalSupply (#1368)
Prevent variables from having similar names.
Additional information: link
BabyMcDollar.slitherConstructorVariables() (#1699-2126) uses literals with too many digits:
- processingGasLimit = 500000 (#1761)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
renounceOwnership() should be declared external:
- BabyMcDollar.renounceOwnership() (#2034)
- HODLRewardsDistributor.renounceOwnership() (#1106)
- Ownable.renounceOwnership() (#693-695)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#701-704)
- SwapHandler.transferOwnership(address) (#1292-1296)
totalPending() should be declared external:
- HODLRewardsDistributor.totalPending() (#978-980)
batchProcessClaims(uint256) should be declared external:
- HODLRewardsDistributor.batchProcessClaims(uint256) (#1086-1100)
name() should be declared external:
- ERC20.name() (#1390-1392)
symbol() should be declared external:
- ERC20.symbol() (#1398-1400)
decimals() should be declared external:
- BabyMcDollar.decimals() (#1708-1710)
- ERC20.decimals() (#1415-1417)
totalSupply() should be declared external:
- ERC20.totalSupply() (#1422-1424)
transfer(address,uint256) should be declared external:
- BabyMcDollar.transfer(address,uint256) (#1870-1875)
- ERC20.transfer(address,uint256) (#1441-1444)
transferFrom(address,address,uint256) should be declared external:
- BabyMcDollar.transferFrom(address,address,uint256) (#1877-1887)
- ERC20.transferFrom(address,address,uint256) (#1478-1492)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#1506-1509)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#1525-1533)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts