https://t.me/beastking_cn 兽王中文社区
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
DividendHelper.withdraw() (BeastKing.sol#30-33) sends eth to arbitrary user
Dangerous calls:
- address(_ca).call{value: address(this).balance}() (BeastKing.sol#32)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in BeastKing._transfer(address,address,uint256) (BeastKing.sol#282-313):
External calls:
- swapTaxForBNB(MIN_TAX_FOR_SWAPPING) (BeastKing.sol#296)
- IPancakePair(LP_PAIR).swap(0,amountOut,address(_dividendHelper),new bytes(0)) (BeastKing.sol#251)
- _dividendHelper.withdraw() (BeastKing.sol#252)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
External calls sending eth:
- swapTaxForBNB(MIN_TAX_FOR_SWAPPING) (BeastKing.sol#296)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
State variables written after the call(s):
- _balances[recipient] = _balances[recipient].add(amount) (BeastKing.sol#307)
Reentrancy in BeastKing._transfer(address,address,uint256) (BeastKing.sol#282-313):
External calls:
- swapTaxForBNB(MIN_TAX_FOR_SWAPPING) (BeastKing.sol#296)
- IPancakePair(LP_PAIR).swap(0,amountOut,address(_dividendHelper),new bytes(0)) (BeastKing.sol#251)
- _dividendHelper.withdraw() (BeastKing.sol#252)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
- distributeDividends() (BeastKing.sol#310)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
External calls sending eth:
- swapTaxForBNB(MIN_TAX_FOR_SWAPPING) (BeastKing.sol#296)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
- distributeDividends() (BeastKing.sol#310)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
State variables written after the call(s):
- distributeDividends() (BeastKing.sol#310)
- _totalDividend -= distributed (BeastKing.sol#229)
- _changeDividendPermission(sender) (BeastKing.sol#311)
- timeForNextDividend[holder] = block.timestamp + DIVIDEND_PERIOD (BeastKing.sol#273)
- timeForNextDividend[holder] = 0 (BeastKing.sol#278)
- _changeDividendPermission(recipient) (BeastKing.sol#312)
- timeForNextDividend[holder] = block.timestamp + DIVIDEND_PERIOD (BeastKing.sol#273)
- timeForNextDividend[holder] = 0 (BeastKing.sol#278)
Reentrancy in BeastKing.distributeDividends() (BeastKing.sol#197-230):
External calls:
- distributed += _processDividend(holder,tokenAmount,_totalDividend) (BeastKing.sol#215)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
State variables written after the call(s):
- _totalDividend -= distributed (BeastKing.sol#229)
- currentDividendIndex += 1 (BeastKing.sol#218)
- currentDividendIndex = 0 (BeastKing.sol#220)
- currentDividendIndex += 1 (BeastKing.sol#224)
- currentDividendIndex = 0 (BeastKing.sol#226)
Reentrancy in BeastKing.manualClaimDividend() (BeastKing.sol#191-195):
External calls:
- claimed = _processDividend(msg.sender,tokenAmountForDividend(),_totalDividend) (BeastKing.sol#193)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
State variables written after the call(s):
- _totalDividend -= claimed (BeastKing.sol#194)
Reentrancy in BeastKing.swapTaxForBNB(uint256) (BeastKing.sol#240-262):
External calls:
- IPancakePair(LP_PAIR).swap(0,amountOut,address(_dividendHelper),new bytes(0)) (BeastKing.sol#251)
- _dividendHelper.withdraw() (BeastKing.sol#252)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
External calls sending eth:
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
State variables written after the call(s):
- _totalDividend = address(this).balance (BeastKing.sol#261)
Apply the check-effects-interactions pattern.
Additional information: link
BeastKing._transfer(address,address,uint256) (BeastKing.sol#282-313) uses a dangerous strict equality:
- _limitBuyUntil == 0 && recipient == LP_PAIR (BeastKing.sol#303)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Context._msgData() (Context.sol#21-23) is never used and should be removed
EnumerableSet._values(EnumerableSet.Set) (EnumerableSet.sol#142-144) is never used and should be removed
EnumerableSet.add(EnumerableSet.Bytes32Set,bytes32) (EnumerableSet.sol#158-160) is never used and should be removed
EnumerableSet.add(EnumerableSet.UintSet,uint256) (EnumerableSet.sol#297-299) is never used and should be removed
EnumerableSet.at(EnumerableSet.Bytes32Set,uint256) (EnumerableSet.sol#196-198) is never used and should be removed
EnumerableSet.at(EnumerableSet.UintSet,uint256) (EnumerableSet.sol#335-337) is never used and should be removed
EnumerableSet.contains(EnumerableSet.Bytes32Set,bytes32) (EnumerableSet.sol#175-177) is never used and should be removed
EnumerableSet.contains(EnumerableSet.UintSet,uint256) (EnumerableSet.sol#314-316) is never used and should be removed
EnumerableSet.length(EnumerableSet.Bytes32Set) (EnumerableSet.sol#182-184) is never used and should be removed
EnumerableSet.length(EnumerableSet.UintSet) (EnumerableSet.sol#321-323) is never used and should be removed
EnumerableSet.remove(EnumerableSet.Bytes32Set,bytes32) (EnumerableSet.sol#168-170) is never used and should be removed
EnumerableSet.remove(EnumerableSet.UintSet,uint256) (EnumerableSet.sol#307-309) is never used and should be removed
EnumerableSet.values(EnumerableSet.AddressSet) (EnumerableSet.sol#274-283) is never used and should be removed
EnumerableSet.values(EnumerableSet.Bytes32Set) (EnumerableSet.sol#208-210) is never used and should be removed
EnumerableSet.values(EnumerableSet.UintSet) (EnumerableSet.sol#347-356) is never used and should be removed
SafeMath.div(uint256,uint256) (SafeMath.sol#135-137) is never used and should be removed
SafeMath.div(uint256,uint256,string) (SafeMath.sol#191-200) is never used and should be removed
SafeMath.mod(uint256,uint256) (SafeMath.sol#151-153) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (SafeMath.sol#217-226) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (SafeMath.sol#22-28) is never used and should be removed
SafeMath.tryDiv(uint256,uint256) (SafeMath.sol#64-69) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (SafeMath.sol#76-81) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (SafeMath.sol#47-57) is never used and should be removed
SafeMath.trySub(uint256,uint256) (SafeMath.sol#35-40) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (BeastKing.sol#3) allows old versions
Pragma version^0.8.0 (Context.sol#4) allows old versions
Pragma version^0.8.0 (EnumerableSet.sol#4) allows old versions
Pragma version^0.8.0 (SafeMath.sol#4) allows old versions
solc-0.8.0 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
DividendHelper.withdraw() (BeastKing.sol#30-33) ignores return value by address(_ca).call{value: address(this).balance}() (BeastKing.sol#32)
BeastKing.swapTaxForBNB(uint256) (BeastKing.sol#240-262) ignores return value by address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
BeastKing.swapTaxForBNB(uint256) (BeastKing.sol#240-262) ignores return value by address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
Ensure that the return value of a low-level call is checked or logged.
Additional information: link
BeastKing._changeDividendPermission(address) (BeastKing.sol#266-280) ignores return value by _holders.add(holder) (BeastKing.sol#272)
BeastKing._changeDividendPermission(address) (BeastKing.sol#266-280) ignores return value by _holders.remove(holder) (BeastKing.sol#277)
Ensure that all the return values of the function calls are used.
Additional information: link
BeastKing.setGasForDividend(uint256) (BeastKing.sol#152-155) should emit an event for:
- gasForDividend = newValue (BeastKing.sol#154)
BeastKing.setGasForSingleDividend(uint256) (BeastKing.sol#157-160) should emit an event for:
- gasForSingleDividend = newValue (BeastKing.sol#159)
Emit an event for critical parameter changes.
Additional information: link
BeastKing._processDividend(address,uint256,uint256) (BeastKing.sol#178-189) has external calls inside a loop: (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
Favor pull over push strategy for external calls.
Additional information: link
Reentrancy in BeastKing.transferFrom(address,address,uint256) (BeastKing.sol#131-135):
External calls:
- _transfer(sender,recipient,amount) (BeastKing.sol#132)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
- IPancakePair(LP_PAIR).swap(0,amountOut,address(_dividendHelper),new bytes(0)) (BeastKing.sol#251)
- _dividendHelper.withdraw() (BeastKing.sol#252)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
External calls sending eth:
- _transfer(sender,recipient,amount) (BeastKing.sol#132)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,Beast King: transfer amount exceeds allowance)) (BeastKing.sol#133)
- _allowances[owner][spender] = amount (BeastKing.sol#319)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in BeastKing._transfer(address,address,uint256) (BeastKing.sol#282-313):
External calls:
- swapTaxForBNB(MIN_TAX_FOR_SWAPPING) (BeastKing.sol#296)
- IPancakePair(LP_PAIR).swap(0,amountOut,address(_dividendHelper),new bytes(0)) (BeastKing.sol#251)
- _dividendHelper.withdraw() (BeastKing.sol#252)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
External calls sending eth:
- swapTaxForBNB(MIN_TAX_FOR_SWAPPING) (BeastKing.sol#296)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (BeastKing.sol#308)
Reentrancy in BeastKing.transferFrom(address,address,uint256) (BeastKing.sol#131-135):
External calls:
- _transfer(sender,recipient,amount) (BeastKing.sol#132)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
- IPancakePair(LP_PAIR).swap(0,amountOut,address(_dividendHelper),new bytes(0)) (BeastKing.sol#251)
- _dividendHelper.withdraw() (BeastKing.sol#252)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
External calls sending eth:
- _transfer(sender,recipient,amount) (BeastKing.sol#132)
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
Event emitted after the call(s):
- Approval(owner,spender,amount) (BeastKing.sol#320)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,Beast King: transfer amount exceeds allowance)) (BeastKing.sol#133)
Apply the check-effects-interactions pattern.
Additional information: link
BeastKing.manualClaimDividend() (BeastKing.sol#191-195) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= timeForNextDividend[msg.sender],Beast King: cannot claim now) (BeastKing.sol#192)
BeastKing.distributeDividends() (BeastKing.sol#197-230) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp >= timeForNextDividend[holder] (BeastKing.sol#214)
BeastKing._transfer(address,address,uint256) (BeastKing.sol#282-313) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp < _limitBuyUntil (BeastKing.sol#298)
- _limitBuyUntil == 0 && recipient == LP_PAIR (BeastKing.sol#303)
Avoid relying on block.timestamp.
Additional information: link
EnumerableSet.values(EnumerableSet.AddressSet) (EnumerableSet.sol#274-283) uses assembly
- INLINE ASM (EnumerableSet.sol#278-280)
EnumerableSet.values(EnumerableSet.UintSet) (EnumerableSet.sol#347-356) uses assembly
- INLINE ASM (EnumerableSet.sol#351-353)
Do not use evm assembly.
Additional information: link
BeastKing.nonReentrant() (BeastKing.sol#171-176) has costly operations inside a loop:
- _lock = true (BeastKing.sol#173)
BeastKing.nonReentrant() (BeastKing.sol#171-176) has costly operations inside a loop:
- _lock = false (BeastKing.sol#175)
BeastKing.distributeDividends() (BeastKing.sol#197-230) has costly operations inside a loop:
- currentDividendIndex += 1 (BeastKing.sol#218)
BeastKing.distributeDividends() (BeastKing.sol#197-230) has costly operations inside a loop:
- currentDividendIndex = 0 (BeastKing.sol#220)
BeastKing.distributeDividends() (BeastKing.sol#197-230) has costly operations inside a loop:
- currentDividendIndex += 1 (BeastKing.sol#224)
BeastKing.distributeDividends() (BeastKing.sol#197-230) has costly operations inside a loop:
- currentDividendIndex = 0 (BeastKing.sol#226)
Use a local variable to hold the loop computation result.
Additional information: link
Low level call in DividendHelper.withdraw() (BeastKing.sol#30-33):
- address(_ca).call{value: address(this).balance}() (BeastKing.sol#32)
Low level call in BeastKing._processDividend(address,uint256,uint256) (BeastKing.sol#178-189):
- (success) = address(holder).call{gas: gasForSingleDividend,value: dividend}() (BeastKing.sol#184)
Low level call in BeastKing.swapTaxForBNB(uint256) (BeastKing.sol#240-262):
- address(MARKETING_WALLET).call{value: marketingFee}() (BeastKing.sol#258)
- address(BUYBACK_WALLET).call{value: buybackFee}() (BeastKing.sol#259)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
BeastKing.constructor() (BeastKing.sol#79-91) uses literals with too many digits:
- gasForDividend = 400000 (BeastKing.sol#85)
BeastKing.setGasForDividend(uint256) (BeastKing.sol#152-155) uses literals with too many digits:
- require(bool,string)(newValue >= 200000 && newValue <= 600000,Beast King: gas limit for dividend must be between 200000 and 600000) (BeastKing.sol#153)
BeastKing.slitherConstructorConstantVariables() (BeastKing.sol#39-322) uses literals with too many digits:
- DEAD_WALLET = 0x000000000000000000000000000000000000dEaD (BeastKing.sol#58)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
increaseAllowance(address,uint256) should be declared external:
- BeastKing.increaseAllowance(address,uint256) (BeastKing.sol#137-140)
decreaseAllowance(address,uint256) should be declared external:
- BeastKing.decreaseAllowance(address,uint256) (BeastKing.sol#142-145)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Twitter account
Telegram account has relatively few subscribers
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account