Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
BNBCAT.addLiquidity(uint256,uint256) (#1026-1039) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in BNBCAT._transfer(address,address,uint256) (#909-962):
External calls:
- swapAndLiquify(contractTokenBalance) (#941)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#941)
- recipient.transfer(amount) (#853)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#944-947)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#957)
- finalAmount = takeFee(sender,recipient,amount) (#949-952)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#1050)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
BNBCAT.swapAndLiquify(uint256) (#978-1004) performs a multiplication on the result of a division:
-tokensForLP = tAmount.div(_totalTaxIfBuying).mul(_liquidityFee).div(2) (#979-982)
Consider ordering multiplication before division.
Additional information: link
BNBCAT.addLiquidity(uint256,uint256) (#1026-1039) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
Ensure that all the return values of the function calls are used.
Additional information: link
BNBCAT.allowance(address,address).owner (#721) shadows:
- Ownable.owner() (#228-230) (function)
BNBCAT._approve(address,address,uint256).owner (#773) shadows:
- Ownable.owner() (#228-230) (function)
Rename the local variables that shadow another component.
Additional information: link
BNBCAT.setTaxes(uint256,uint256,uint256,uint256) (#791-804) should emit an event for:
- _liquidityFee = newLiquidityTax (#797)
- _buyBackFee = newBuyBackTax (#799)
- _totalTaxIfBuying = _liquidityFee.add(_marketingFee).add(_buyBackFee) (#802)
- _totalTaxIfSelling = _totalTaxIfBuying.add(_extraFeeOnSell) (#803)
BNBCAT.setMaxTxAmount(uint256) (#806-808) should emit an event for:
- _maxTxAmount = maxTxAmount (#807)
BNBCAT.setWalletLimit(uint256) (#821-823) should emit an event for:
- _walletMax = newLimit (#822)
BNBCAT.setNumTokensBeforeSwap(uint256) (#825-827) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#826)
Emit an event for critical parameter changes.
Additional information: link
BNBCAT.setMarketingWalletAddress(address).newAddress (#829) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#830)
BNBCAT.setbuyBackWalletAddress(address).newAddress (#833) lacks a zero-check on :
- buyBackWalletAddress = address(newAddress) (#834)
Check that the address is not zero.
Additional information: link
Reentrancy in BNBCAT.changeRouterVersion(address) (#856-878):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#872-873)
State variables written after the call(s):
- uniswapV2Pair = newPairAddress (#876)
- uniswapV2Router = _uniswapV2Router (#877)
Reentrancy in BNBCAT.constructor() (#677-699):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#682-683)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#686)
- _balances[_msgSender()] = _totalSupply (#697)
- _totalTaxIfBuying = _liquidityFee.add(_marketingFee).add(_buyBackFee) (#691)
- _totalTaxIfSelling = _totalTaxIfBuying.add(_extraFeeOnSell) (#692)
- isExcludedFromFee[owner()] = true (#688)
- isExcludedFromFee[address(this)] = true (#689)
- isWalletLimitExempt[owner()] = true (#694)
- isWalletLimitExempt[address(uniswapV2Pair)] = true (#695)
- uniswapV2Router = _uniswapV2Router (#685)
Reentrancy in BNBCAT.swapAndLiquify(uint256) (#978-1004):
External calls:
- swapTokensForEth(tokensForSwap) (#985)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#1001)
- recipient.transfer(amount) (#853)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#1002)
- recipient.transfer(amount) (#853)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- _allowances[owner][spender] = amount (#780)
Reentrancy in BNBCAT.transferFrom(address,address,uint256) (#892-907):
External calls:
- _transfer(sender,recipient,amount) (#897)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
External calls sending eth:
- _transfer(sender,recipient,amount) (#897)
- recipient.transfer(amount) (#853)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#898-905)
- _allowances[owner][spender] = amount (#780)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in BNBCAT._transfer(address,address,uint256) (#909-962):
External calls:
- swapAndLiquify(contractTokenBalance) (#941)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#941)
- recipient.transfer(amount) (#853)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#1051)
- finalAmount = takeFee(sender,recipient,amount) (#949-952)
- Transfer(sender,recipient,finalAmount) (#959)
Reentrancy in BNBCAT.constructor() (#677-699):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#682-683)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#698)
Reentrancy in BNBCAT.swapAndLiquify(uint256) (#978-1004):
External calls:
- swapTokensForEth(tokensForSwap) (#985)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#1001)
- recipient.transfer(amount) (#853)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#1002)
- recipient.transfer(amount) (#853)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#781)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
Reentrancy in BNBCAT.swapTokensForEth(uint256) (#1006-1024):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#1023)
Reentrancy in BNBCAT.transferFrom(address,address,uint256) (#892-907):
External calls:
- _transfer(sender,recipient,amount) (#897)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1015-1021)
External calls sending eth:
- _transfer(sender,recipient,amount) (#897)
- recipient.transfer(amount) (#853)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#781)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#898-905)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#266-274) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#271)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#117-128) uses assembly
- INLINE ASM (#124-126)
Address._functionCallWithValue(address,bytes,uint256,string) (#186-209) uses assembly
- INLINE ASM (#201-204)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#186-209) is never used and should be removed
Address.functionCall(address,bytes) (#144-149) is never used and should be removed
Address.functionCall(address,bytes,string) (#151-157) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#159-171) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#173-184) is never used and should be removed
Address.isContract(address) (#117-128) is never used and should be removed
Address.sendValue(address,uint256) (#130-142) is never used and should be removed
Context._msgData() (#16-19) is never used and should be removed
SafeMath.mod(uint256,uint256) (#102-104) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#106-113) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#130-142):
- (success) = recipient.call{value: amount}() (#137)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#186-209):
- (success,returndata) = target.call{value: weiValue}(data) (#194-196)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#340) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#342) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#372) is not in mixedCase
Function IUniswapV2Router01.WETH() (#416) is not in mixedCase
Parameter BNBCAT.setSwapAndLiquifyEnabled(bool)._enabled (#837) is not in mixedCase
Variable BNBCAT._balances (#634) is not in mixedCase
Variable BNBCAT._liquidityFee (#640) is not in mixedCase
Variable BNBCAT._marketingFee (#641) is not in mixedCase
Variable BNBCAT._buyBackFee (#642) is not in mixedCase
Variable BNBCAT._extraFeeOnSell (#643) is not in mixedCase
Variable BNBCAT._totalTaxIfBuying (#644) is not in mixedCase
Variable BNBCAT._totalTaxIfSelling (#645) is not in mixedCase
Variable BNBCAT._maxTxAmount (#648) is not in mixedCase
Variable BNBCAT._walletMax (#649) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#17)" inContext (#11-20)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in BNBCAT._transfer(address,address,uint256) (#909-962):
External calls:
- swapAndLiquify(contractTokenBalance) (#941)
- recipient.transfer(amount) (#853)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#941)
- recipient.transfer(amount) (#853)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#944-947)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#957)
- finalAmount = takeFee(sender,recipient,amount) (#949-952)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#1050)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#1051)
- finalAmount = takeFee(sender,recipient,amount) (#949-952)
- Transfer(sender,recipient,finalAmount) (#959)
Reentrancy in BNBCAT.swapAndLiquify(uint256) (#978-1004):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#1001)
- recipient.transfer(amount) (#853)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#1002)
- recipient.transfer(amount) (#853)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#1001)
- recipient.transfer(amount) (#853)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#1002)
- recipient.transfer(amount) (#853)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
- _allowances[owner][spender] = amount (#780)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#781)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#1003)
Reentrancy in BNBCAT.transferFrom(address,address,uint256) (#892-907):
External calls:
- _transfer(sender,recipient,amount) (#897)
- recipient.transfer(amount) (#853)
External calls sending eth:
- _transfer(sender,recipient,amount) (#897)
- recipient.transfer(amount) (#853)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1031-1038)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#898-905)
- _allowances[owner][spender] = amount (#780)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#781)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#898-905)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#421) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#422)
Prevent variables from having similar names.
Additional information: link
BNBCAT.slitherConstructorVariables() (#619-1056) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#631-632)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
BNBCAT._decimals (#625) should be constant
BNBCAT._name (#623) should be constant
BNBCAT._symbol (#624) should be constant
BNBCAT._totalSupply (#647) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#237-240)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#242-249)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#251-253)
getTime() should be declared external:
- Ownable.getTime() (#255-257)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#259-264)
unlock() should be declared external:
- Ownable.unlock() (#266-274)
name() should be declared external:
- BNBCAT.name() (#701-703)
symbol() should be declared external:
- BNBCAT.symbol() (#705-707)
decimals() should be declared external:
- BNBCAT.decimals() (#709-711)
totalSupply() should be declared external:
- BNBCAT.totalSupply() (#713-715)
allowance(address,address) should be declared external:
- BNBCAT.allowance(address,address) (#721-728)
increaseAllowance(address,uint256) should be declared external:
- BNBCAT.increaseAllowance(address,uint256) (#730-741)
decreaseAllowance(address,uint256) should be declared external:
- BNBCAT.decreaseAllowance(address,uint256) (#743-757)
minimumTokensBeforeSwapAmount() should be declared external:
- BNBCAT.minimumTokensBeforeSwapAmount() (#759-761)
approve(address,uint256) should be declared external:
- BNBCAT.approve(address,uint256) (#763-770)
setIsExcludedFromFee(address,bool) should be declared external:
- BNBCAT.setIsExcludedFromFee(address,bool) (#784-789)
setSwapAndLiquifyEnabled(bool) should be declared external:
- BNBCAT.setSwapAndLiquifyEnabled(bool) (#837-840)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- BNBCAT.setSwapAndLiquifyByLimitOnly(bool) (#842-844)
getCirculatingSupply() should be declared external:
- BNBCAT.getCirculatingSupply() (#846-848)
changeRouterVersion(address) should be declared external:
- BNBCAT.changeRouterVersion(address) (#856-878)
transfer(address,uint256) should be declared external:
- BNBCAT.transfer(address,uint256) (#883-890)
transferFrom(address,address,uint256) should be declared external:
- BNBCAT.transferFrom(address,address,uint256) (#892-907)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts