Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
BNCHToken.withdrawLP(uint256) (#917-920) ignores return value by IPancakePair(uniswapV2Pair).transfer(owner(),amount) (#919)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Reentrancy in BNCHToken._transfer(address,address,uint256) (#994-1019):
External calls:
- swapAndLiquify(waitAddLiquidity) (#1014)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
External calls sending eth:
- swapAndLiquify(waitAddLiquidity) (#1014)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
State variables written after the call(s):
- _tokenTransfer(from,to,amount) (#1018)
- _tOwned[sender] = _tOwned[sender].sub(tAmount) (#830)
- _tOwned[recipient] = _tOwned[recipient].add(tAmount) (#831)
- _tOwned[address(this)] = _tOwned[address(this)].add(tFee) (#949)
- _tOwned[address(this)] = _tOwned[address(this)].add(tLiquidity) (#937)
- _tOwned[sender] = _tOwned[sender].sub(tAmount) (#821)
- _tOwned[recipient] = _tOwned[recipient].add(tTransferAmount) (#822)
- _tokenTransfer(from,to,amount) (#1018)
- waitAddLiquidity = waitAddLiquidity.add(tLiquidity) (#936)
Reentrancy in BNCHToken.withdrawTxFee(uint256) (#911-915):
External calls:
- transfer(owner(),amount) (#913)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
External calls sending eth:
- transfer(owner(),amount) (#913)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
State variables written after the call(s):
- _taxFee = _taxFee.sub(amount) (#914)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ownership is not renounced (belongs to a wallet)
BNCHToken.addLiquidity(uint256,uint256) (#791-804) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
Ensure that all the return values of the function calls are used.
Additional information: link
Function IPancakeRouter01.WETH() (#480) is not in mixedCase
Function IPancakePair.DOMAIN_SEPARATOR() (#628) is not in mixedCase
Function IPancakePair.PERMIT_TYPEHASH() (#629) is not in mixedCase
Function IPancakePair.MINIMUM_LIQUIDITY() (#646) is not in mixedCase
Parameter BNCHToken.isContract(address)._address (#774) is not in mixedCase
Parameter BNCHToken.setContractLimit(bool)._contractLimit (#780) is not in mixedCase
Parameter BNCHToken.setWhite(address,bool)._account (#784) is not in mixedCase
Parameter BNCHToken.setWhite(address,bool)._white (#784) is not in mixedCase
Parameter BNCHToken.setSwapAndLiquifyEnabled(bool)._enabled (#898) is not in mixedCase
Parameter BNCHToken.setTakeFee(bool)._takeFee (#907) is not in mixedCase
Parameter BNCHToken.calculateTaxFee(uint256)._amount (#953) is not in mixedCase
Parameter BNCHToken.calculateLiquidityFee(uint256)._amount (#959) is not in mixedCase
Parameter BNCHToken.calculateBurnFee(uint256)._amount (#965) is not in mixedCase
Variable BNCHToken._taxFee (#685) is not in mixedCase
Variable BNCHToken._burnFee (#692) is not in mixedCase
Variable BNCHToken._liquidityFee (#695) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#230)" inContext (#224-233)
Remove redundant statements if they congest code but offer no value.
Additional information: link
BNCHToken.allowance(address,address).owner (#770) shadows:
- Ownable.owner() (#405-407) (function)
BNCHToken._approve(address,address,uint256).owner (#982) shadows:
- Ownable.owner() (#405-407) (function)
Rename the local variables that shadow another component.
Additional information: link
BNCHToken.setTaxFeePercent(uint256) (#886-888) should emit an event for:
- _taxFee = taxFee (#887)
BNCHToken.setLiquidityFeePercent(uint256) (#890-892) should emit an event for:
- _liquidityFee = liquidityFee (#891)
BNCHToken.setBurnFeePercent(uint256) (#894-896) should emit an event for:
- _burnFee = burnFee (#895)
BNCHToken.setNumTokensSellToAddToLiquidity(uint256) (#903-905) should emit an event for:
- numTokensSellToAddToLiquidity = num (#904)
BNCHToken.withdrawTxFee(uint256) (#911-915) should emit an event for:
- _taxFee = _taxFee.sub(amount) (#914)
Emit an event for critical parameter changes.
Additional information: link
Reentrancy in BNCHToken._transfer(address,address,uint256) (#994-1019):
External calls:
- swapAndLiquify(waitAddLiquidity) (#1014)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
External calls sending eth:
- swapAndLiquify(waitAddLiquidity) (#1014)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
State variables written after the call(s):
- _tokenTransfer(from,to,amount) (#1018)
- _liquidityFee = 0 (#979)
- _tokenTransfer(from,to,amount) (#1018)
- _previousLiquidityFee = _liquidityFee (#976)
- _tokenTransfer(from,to,amount) (#1018)
- _previousTaxFee = _taxFee (#975)
- _tokenTransfer(from,to,amount) (#1018)
- _tBurnTotal = _tBurnTotal.add(tBurn) (#943)
- _tokenTransfer(from,to,amount) (#1018)
- _tFeeTotal = _tFeeTotal.add(tFee) (#948)
- _tokenTransfer(from,to,amount) (#1018)
- _tLiquidityTotal = _tLiquidityTotal.add(tLiquidity) (#935)
- _tokenTransfer(from,to,amount) (#1018)
- _tTotal = _tTotal.sub(tBurn) (#942)
- _tokenTransfer(from,to,amount) (#1018)
- _taxFee = 0 (#978)
Reentrancy in BNCHToken.constructor() (#726-743):
External calls:
- uniswapV2Pair = IPancakeFactory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#732-733)
State variables written after the call(s):
- _isExcluded[owner()] = true (#737)
- _isExcluded[address(this)] = true (#738)
- _isSwapInclude[address(_uniswapV2Router)] = true (#739)
- _isSwapInclude[uniswapV2Pair] = true (#740)
- uniswapV2Router = _uniswapV2Router (#736)
Reentrancy in BNCHToken.swapAndLiquify(uint256) (#1021-1047):
External calls:
- swapTokensForEth(half) (#1034)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
- addLiquidity(otherHalf,ethAmount) (#1040)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
External calls sending eth:
- addLiquidity(otherHalf,ethAmount) (#1040)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
State variables written after the call(s):
- addLiquidity(otherHalf,ethAmount) (#1040)
- _allowances[owner][spender] = amount (#986)
- waitAddLiquidity = waitAddLiquidity.sub(addLiquidityTokenAmount) (#1044)
Reentrancy in BNCHToken.transferFrom(address,address,uint256) (#846-850):
External calls:
- _transfer(sender,recipient,amount) (#847)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
External calls sending eth:
- _transfer(sender,recipient,amount) (#847)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#848)
- _allowances[owner][spender] = amount (#986)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in BNCHToken._transfer(address,address,uint256) (#994-1019):
External calls:
- swapAndLiquify(waitAddLiquidity) (#1014)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
External calls sending eth:
- swapAndLiquify(waitAddLiquidity) (#1014)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
Event emitted after the call(s):
- Transfer(sender,address(this),tFee) (#950)
- _tokenTransfer(from,to,amount) (#1018)
- Transfer(sender,address(0),tBurn) (#944)
- _tokenTransfer(from,to,amount) (#1018)
- Transfer(sender,address(this),tLiquidity) (#938)
- _tokenTransfer(from,to,amount) (#1018)
- Transfer(sender,recipient,tAmount) (#836)
- _tokenTransfer(from,to,amount) (#1018)
- Transfer(sender,recipient,tTransferAmount) (#826)
- _tokenTransfer(from,to,amount) (#1018)
Reentrancy in BNCHToken.constructor() (#726-743):
External calls:
- uniswapV2Pair = IPancakeFactory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#732-733)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_tTotal) (#742)
Reentrancy in BNCHToken.swapAndLiquify(uint256) (#1021-1047):
External calls:
- swapTokensForEth(half) (#1034)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
- addLiquidity(otherHalf,ethAmount) (#1040)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
External calls sending eth:
- addLiquidity(otherHalf,ethAmount) (#1040)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#987)
- addLiquidity(otherHalf,ethAmount) (#1040)
- SwapAndLiquify(half,ethAmount,otherHalf) (#1046)
Reentrancy in BNCHToken.transferFrom(address,address,uint256) (#846-850):
External calls:
- _transfer(sender,recipient,amount) (#847)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1058-1064)
External calls sending eth:
- _transfer(sender,recipient,amount) (#847)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#796-803)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#987)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#848)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#452-457) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now > _lockTime,Contract is locked until 7 days) (#454)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#257-266) uses assembly
- INLINE ASM (#264)
Address._functionCallWithValue(address,bytes,uint256,string) (#350-371) uses assembly
- INLINE ASM (#363-366)
BNCHToken.isContract(address) (#774-778) uses assembly
- INLINE ASM (#776)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#350-371) is never used and should be removed
Address.functionCall(address,bytes) (#310-312) is never used and should be removed
Address.functionCall(address,bytes,string) (#320-322) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#335-337) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#345-348) is never used and should be removed
Address.isContract(address) (#257-266) is never used and should be removed
Address.sendValue(address,uint256) (#284-290) is never used and should be removed
Context._msgData() (#229-232) is never used and should be removed
SafeMath.mod(uint256,uint256) (#135-137) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#151-154) is never used and should be removed
Remove unused functions.
Additional information: link
BNCHToken._previousTaxFee (#687) is set pre-construction with a non-constant function or state variable:
- _taxFee
BNCHToken._previousLiquidityFee (#696) is set pre-construction with a non-constant function or state variable:
- _liquidityFee
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#284-290):
- (success) = recipient.call{value: amount}() (#288)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#350-371):
- (success,returndata) = target.call{value: weiValue}(data) (#354)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#485) is too similar to IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#486)
Prevent variables from having similar names.
Additional information: link
BNCHToken.slitherConstructorVariables() (#664-1069) uses literals with too many digits:
- _tTotal = 21000000 * 10 ** 18 (#677)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
BNCHToken.MAX (#676) is never used in BNCHToken (#664-1069)
Remove unused state variables.
Additional information: link
BNCHToken._decimals (#682) should be constant
BNCHToken._name (#680) should be constant
BNCHToken._symbol (#681) should be constant
BNCHToken.waitWithdrawTaxFee (#689) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#424-427)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#433-437)
geUnlockTime() should be declared external:
- Ownable.geUnlockTime() (#439-441)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#444-449)
unlock() should be declared external:
- Ownable.unlock() (#452-457)
name() should be declared external:
- BNCHToken.name() (#745-747)
symbol() should be declared external:
- BNCHToken.symbol() (#749-751)
decimals() should be declared external:
- BNCHToken.decimals() (#753-755)
totalSupply() should be declared external:
- BNCHToken.totalSupply() (#757-759)
allowance(address,address) should be declared external:
- BNCHToken.allowance(address,address) (#770-772)
setContractLimit(bool) should be declared external:
- BNCHToken.setContractLimit(bool) (#780-782)
setWhite(address,bool) should be declared external:
- BNCHToken.setWhite(address,bool) (#784-789)
approve(address,uint256) should be declared external:
- BNCHToken.approve(address,uint256) (#841-844)
transferFrom(address,address,uint256) should be declared external:
- BNCHToken.transferFrom(address,address,uint256) (#846-850)
increaseAllowance(address,uint256) should be declared external:
- BNCHToken.increaseAllowance(address,uint256) (#852-855)
decreaseAllowance(address,uint256) should be declared external:
- BNCHToken.decreaseAllowance(address,uint256) (#857-860)
isExcludedFromReward(address) should be declared external:
- BNCHToken.isExcludedFromReward(address) (#862-864)
totalFees() should be declared external:
- BNCHToken.totalFees() (#866-868)
totalBurns() should be declared external:
- BNCHToken.totalBurns() (#870-872)
totalLiquidities() should be declared external:
- BNCHToken.totalLiquidities() (#874-876)
exclude(address,bool) should be declared external:
- BNCHToken.exclude(address,bool) (#878-880)
swapInclude(address,bool) should be declared external:
- BNCHToken.swapInclude(address,bool) (#882-884)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Token has a considerable age, but we're still unable to find its website
Token has a considerable age, but social accounts / website are missing or have few users
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Young tokens have high risks of price dump / death
Unable to find Telegram and Twitter accounts