BMCC [BINANCE MULTI-CHAIN CAPITAL] Token

BMCC.sendETHToFee(uint256) (#327-330) sends eth to arbitrary user
Dangerous calls:
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in BMCC._transfer(address,address,uint256) (#272-311):
External calls:
- swapTokensForEth(contractTokenBalance) (#296)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#318-324)
External calls sending eth:
- sendETHToFee(address(this).balance) (#300)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _rOwned[address(this)] = _rOwned[address(this)].add(rTeam) (#388)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (#342)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (#343)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _rTotal = _rTotal.sub(rFee) (#392)
Reentrancy in BMCC.openTrading() (#398-408):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#403)
- uniswapV2Router.addLiquidityETH{value: address(this).balance}(address(this),balanceOf(address(this)),0,0,owner(),block.timestamp) (#404)
- IERC20(uniswapV2Pair).approve(address(uniswapV2Router),type()(uint256).max) (#405)
External calls sending eth:
- uniswapV2Router.addLiquidityETH{value: address(this).balance}(address(this),balanceOf(address(this)),0,0,owner(),block.timestamp) (#404)
State variables written after the call(s):
- tradingOpen = true (#406)
Apply the check-effects-interactions pattern.

Additional information: link

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Contract name (BINANCE MULTI-CHAIN CAPITAL) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.

Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.

BMCC.openTrading() (#398-408) ignores return value by uniswapV2Router.addLiquidityETH{value: address(this).balance}(address(this),balanceOf(address(this)),0,0,owner(),block.timestamp) (#404)
BMCC.openTrading() (#398-408) ignores return value by IERC20(uniswapV2Pair).approve(address(uniswapV2Router),type()(uint256).max) (#405)
Ensure that all the return values of the function calls are used.

Additional information: link

BMCC.allowance(address,address).owner (#231) shadows:
- Ownable.owner() (#105-107) (function)
BMCC._approve(address,address,uint256).owner (#265) shadows:
- Ownable.owner() (#105-107) (function)
Rename the local variables that shadow another component.

Additional information: link

Ownable.constructor().msgSender (#100) lacks a zero-check on :
- _owner = msgSender (#101)
BMCC.constructor(address,address).FeeAddress (#195) lacks a zero-check on :
- _FeeAddress = FeeAddress (#196)
BMCC.constructor(address,address).marketingWalletAddress (#195) lacks a zero-check on :
- _marketingWalletAddress = marketingWalletAddress (#197)
BMCC.setMarketingWallet(address).marketingWalletAddress (#410) lacks a zero-check on :
- _marketingWalletAddress = marketingWalletAddress (#413)
Check that the address is not zero.

Additional information: link

Reentrancy in BMCC._transfer(address,address,uint256) (#272-311):
External calls:
- swapTokensForEth(contractTokenBalance) (#296)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#318-324)
External calls sending eth:
- sendETHToFee(address(this).balance) (#300)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _previousTaxFee = _taxFee (#254)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _previousteamFee = _teamFee (#255)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _tFeeTotal = _tFeeTotal.add(tFee) (#393)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _taxFee = _previousTaxFee (#261)
- _taxFee = 0 (#256)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _teamFee = _previousteamFee (#262)
- _teamFee = 0 (#257)
Reentrancy in BMCC.openTrading() (#398-408):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#403)
- uniswapV2Router.addLiquidityETH{value: address(this).balance}(address(this),balanceOf(address(this)),0,0,owner(),block.timestamp) (#404)
- IERC20(uniswapV2Pair).approve(address(uniswapV2Router),type()(uint256).max) (#405)
External calls sending eth:
- uniswapV2Router.addLiquidityETH{value: address(this).balance}(address(this),balanceOf(address(this)),0,0,owner(),block.timestamp) (#404)
State variables written after the call(s):
- walletLimitDuration = block.timestamp + (3600) (#407)
Reentrancy in BMCC.transferFrom(address,address,uint256) (#240-244):
External calls:
- _transfer(sender,recipient,amount) (#241)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#318-324)
External calls sending eth:
- _transfer(sender,recipient,amount) (#241)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#242)
- _allowances[owner][spender] = amount (#268)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in BMCC._transfer(address,address,uint256) (#272-311):
External calls:
- swapTokensForEth(contractTokenBalance) (#296)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#318-324)
External calls sending eth:
- sendETHToFee(address(this).balance) (#300)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
Event emitted after the call(s):
- Transfer(sender,recipient,tTransferAmount) (#347)
- _tokenTransfer(from,to,amount,takeFee) (#310)
Reentrancy in BMCC.transferFrom(address,address,uint256) (#240-244):
External calls:
- _transfer(sender,recipient,amount) (#241)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#318-324)
External calls sending eth:
- _transfer(sender,recipient,amount) (#241)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#269)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#242)
Apply the check-effects-interactions pattern.

Additional information: link

BMCC._transfer(address,address,uint256) (#272-311) uses timestamp for comparisons
Dangerous comparisons:
- walletLimitDuration > block.timestamp (#284)
Avoid relying on block.timestamp.

Additional information: link

SafeMath.mod(uint256,uint256) (#82-84) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#86-89) is never used and should be removed
Remove unused functions.

Additional information: link

BMCC._previousTaxFee (#168) is set pre-construction with a non-constant function or state variable:
- _taxFee
BMCC._previousteamFee (#169) is set pre-construction with a non-constant function or state variable:
- _teamFee
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Function IUniswapV2Router02.WETH() (#136) is not in mixedCase
Constant BMCC._tTotal (#156) is not in UPPER_CASE_WITH_UNDERSCORES
Constant BMCC._name (#161) is not in UPPER_CASE_WITH_UNDERSCORES
Constant BMCC._symbol (#162) is not in UPPER_CASE_WITH_UNDERSCORES
Constant BMCC._decimals (#165) is not in UPPER_CASE_WITH_UNDERSCORES
Variable BMCC._FeeAddress (#170) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Reentrancy in BMCC._transfer(address,address,uint256) (#272-311):
External calls:
- sendETHToFee(address(this).balance) (#300)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _previousTaxFee = _taxFee (#254)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _previousteamFee = _teamFee (#255)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _rOwned[address(this)] = _rOwned[address(this)].add(rTeam) (#388)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (#342)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (#343)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _rTotal = _rTotal.sub(rFee) (#392)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _tFeeTotal = _tFeeTotal.add(tFee) (#393)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _taxFee = _previousTaxFee (#261)
- _taxFee = 0 (#256)
- _tokenTransfer(from,to,amount,takeFee) (#310)
- _teamFee = _previousteamFee (#262)
- _teamFee = 0 (#257)
Event emitted after the call(s):
- Transfer(sender,recipient,tTransferAmount) (#347)
- _tokenTransfer(from,to,amount,takeFee) (#310)
Reentrancy in BMCC.transferFrom(address,address,uint256) (#240-244):
External calls:
- _transfer(sender,recipient,amount) (#241)
- _FeeAddress.transfer(amount.div(2)) (#328)
- _marketingWalletAddress.transfer(amount.div(2)) (#329)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#242)
- _allowances[owner][spender] = amount (#268)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#269)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#242)
Apply the check-effects-interactions pattern.

Additional information: link

Variable BMCC._getValues(uint256).rTransferAmount (#353) is too similar to BMCC._transferStandard(address,address,uint256).tTransferAmount (#341)
Variable BMCC._transferStandard(address,address,uint256).rTransferAmount (#341) is too similar to BMCC._getTValues(uint256,uint256,uint256).tTransferAmount (#360)
Variable BMCC._getValues(uint256).rTransferAmount (#353) is too similar to BMCC._getValues(uint256).tTransferAmount (#351)
Variable BMCC._getRValues(uint256,uint256,uint256,uint256).rTransferAmount (#380) is too similar to BMCC._getValues(uint256).tTransferAmount (#351)
Variable BMCC._getValues(uint256).rTransferAmount (#353) is too similar to BMCC._getTValues(uint256,uint256,uint256).tTransferAmount (#360)
Variable BMCC._transferStandard(address,address,uint256).rTransferAmount (#341) is too similar to BMCC._transferStandard(address,address,uint256).tTransferAmount (#341)
Variable BMCC._transferStandard(address,address,uint256).rTransferAmount (#341) is too similar to BMCC._getValues(uint256).tTransferAmount (#351)
Variable BMCC._getRValues(uint256,uint256,uint256,uint256).rTransferAmount (#380) is too similar to BMCC._transferStandard(address,address,uint256).tTransferAmount (#341)
Variable BMCC._getRValues(uint256,uint256,uint256,uint256).rTransferAmount (#380) is too similar to BMCC._getTValues(uint256,uint256,uint256).tTransferAmount (#360)
Prevent variables from having similar names.

Additional information: link

Ownable._previousOwner (#95) is never used in BMCC (#148-480)
BMCC._tOwned (#151) is never used in BMCC (#148-480)
Remove unused state variables.

Additional information: link

Ownable._previousOwner (#95) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#114-117)
name() should be declared external:
- BMCC.name() (#206-208)
symbol() should be declared external:
- BMCC.symbol() (#210-212)
decimals() should be declared external:
- BMCC.decimals() (#214-216)
totalSupply() should be declared external:
- BMCC.totalSupply() (#218-220)
transfer(address,uint256) should be declared external:
- BMCC.transfer(address,uint256) (#226-229)
allowance(address,address) should be declared external:
- BMCC.allowance(address,address) (#231-233)
approve(address,uint256) should be declared external:
- BMCC.approve(address,uint256) (#235-238)
transferFrom(address,address,uint256) should be declared external:
- BMCC.transferFrom(address,address,uint256) (#240-244)
setBots(address[]) should be declared external:
- BMCC.setBots(address[]) (#444-450)
delBot(address) should be declared external:
- BMCC.delBot(address) (#452-454)
isBot(address) should be declared external:
- BMCC.isBot(address) (#456-458)
thisBalance() should be declared external:
- BMCC.thisBalance() (#472-474)
amountInPool() should be declared external:
- BMCC.amountInPool() (#476-478)
Use the external attribute for functions never called from the contract.

Additional information: link

Popular Tokens

About BMCC

Listings

Age

Website

Description

Social

Contract

Laser Scorebeta Last Audit: 8 February 2022

Anti-Scam

Links

Contract

Trading

Socials

Transparency

Age

Price for BMCC

News for BMCC

Popular Tokens

BMCC [BINANCE MULTI-CHAIN CAPITAL] Token

About BMCC

Listings

Age

Website

Description

Social

Contract

Laser Scorebeta Last Audit: 8 February 2022

Anti-Scam

Links

Contract

[Slither] Functions that send Ether to arbitrary destinations critical

[Slither] Reentrancy vulnerabilities critical

[LSR] Audit is untrusted major

[LSR] Dangerous combinations (1) major

[LSR] Non-alphanumeric name minor

[LSR] Widespread name minor

[Slither] Unused return minor

[Slither] Local variable shadowing minor

[Slither] Missing zero address validation minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Block timestamp minor

[Slither] Dead-code minor

[Slither] Function Initializing State minor

[Slither] Conformance to Solidity naming conventions minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Variable names too similar minor

[Slither] Unused state variable minor

[Slither] State variables that could be declared constant minor

[Slither] Public function that could be declared external minor

Trading

[LSR] Extremely low volume critical

[LSR] No trading critical

[honeypot.is] Moderate taxes major

[LSR] Few chains major

[LSR] Few trading pairs major

[LSR] Unknown liquidity minor

[LSR] Unknown swaps minor

Socials

[LSR] Twitter is not active major

[LSR] Youtube is not found minor

[LSR] Discord is not found minor

Transparency

[LSR] No CoinHunt listing minor

Age

[LSR] Token age <= 180 days major

[LSR] CoinGecko age <= 90 days major

[LSR] CoinMarketCap age <= 90 days major

[LSR] Domain age <= 360 days minor

[LSR] Twitter age <= 360 days minor

[LSR] Low CoinMarketCap rank minor

Price for BMCC

News for BMCC