Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
BLACKPUSSY.swapBack() (#363-404) sends eth to arbitrary user
Dangerous calls:
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in BLACKPUSSY._transferFrom(address,address,uint256) (#287-316):
External calls:
- swapBack() (#305)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#374-380)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
External calls sending eth:
- swapBack() (#305)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#309)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#312)
- amountReceived = takeFee(sender,recipient,amount) (#311)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#342)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Auth.transferOwnership(address).adr (#122) lacks a zero-check on :
- owner = adr (#123)
BLACKPUSSY.setFeeReceiver(address,address)._marketingFeeReceiver (#457) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#458)
BLACKPUSSY.setFeeReceiver(address,address)._devFeeReceiver (#457) lacks a zero-check on :
- devFeeReceiver = _devFeeReceiver (#459)
Check that the address is not zero.
Additional information: link
BLACKPUSSY.slitherConstructorVariables() (#183-499) performs a multiplication on the result of a division:
-swapThreshold = _totalSupply / 1000 * 2 (#224)
Consider ordering multiplication before division.
Additional information: link
BLACKPUSSY.swapBack() (#363-404) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
Ensure that all the return values of the function calls are used.
Additional information: link
BLACKPUSSY.setFees(uint256,uint256,uint256,uint256) (#433-439) should emit an event for:
- liquidityFee = _liquidityFee (#434)
- marketingFee = _marketingFee (#435)
- devFee = _devFee (#436)
- totalFee = _liquidityFee.add(_marketingFee).add(_devFee) (#437)
- feeDenominator = _feeDenominator (#438)
BLACKPUSSY.setSellMultiplier(uint256) (#454-456) should emit an event for:
- _sellMultiplier = multiplier (#455)
BLACKPUSSY.setTxLimit(uint256) (#462-465) should emit an event for:
- _maxTxAmount = amountBuy (#463)
BLACKPUSSY.setSwapBackSettings(bool,uint256) (#466-469) should emit an event for:
- swapThreshold = _amount (#468)
Emit an event for critical parameter changes.
Additional information: link
Reentrancy in BLACKPUSSY._transferFrom(address,address,uint256) (#287-316):
External calls:
- swapBack() (#305)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#374-380)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
External calls sending eth:
- swapBack() (#305)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
State variables written after the call(s):
- launch() (#307)
- launchedAt = block.number (#424)
Reentrancy in BLACKPUSSY.constructor() (#233-253):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#235)
State variables written after the call(s):
- _allowances[address(this)][address(router)] = type()(uint256).max (#236)
- _balances[_owner] = _totalSupply (#251)
- isFeeExempt[msg.sender] = true (#239)
- isTimelockExempt[msg.sender] = true (#246)
- isTimelockExempt[DEAD] = true (#247)
- isTimelockExempt[address(this)] = true (#248)
- isTxLimitExempt[msg.sender] = true (#241)
- isTxLimitExempt[address(this)] = true (#242)
- isTxLimitExempt[routerAddress] = true (#243)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in BLACKPUSSY._transferFrom(address,address,uint256) (#287-316):
External calls:
- swapBack() (#305)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#374-380)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
External calls sending eth:
- swapBack() (#305)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#343)
- amountReceived = takeFee(sender,recipient,amount) (#311)
- Transfer(sender,recipient,amountReceived) (#314)
Reentrancy in BLACKPUSSY.constructor() (#233-253):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#235)
Event emitted after the call(s):
- Transfer(address(0),_owner,_totalSupply) (#252)
Reentrancy in BLACKPUSSY.swapBack() (#363-404):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#374-380)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
External calls sending eth:
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#394-401)
Event emitted after the call(s):
- AutoLiquify(amountBNBLiquidity,amountToLiquify) (#402)
Apply the check-effects-interactions pattern.
Additional information: link
BLACKPUSSY._transferFrom(address,address,uint256) (#287-316) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(cooldownTimer[recipient] < block.timestamp,Please wait for 1min between two operations) (#302)
Avoid relying on block.timestamp.
Additional information: link
BLACKPUSSY.buyTokens(uint256,address) (#406-417) is never used and should be removed
Remove unused functions.
Additional information: link
BLACKPUSSY._maxTxAmount (#196) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 2) / 100
BLACKPUSSY._maxWalletSize (#197) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 2) / 100
BLACKPUSSY.swapThreshold (#224) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 1000 * 2
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.8.11 (#4) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in BLACKPUSSY.swapBack() (#363-404):
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#388)
- (devSuccess) = address(devFeeReceiver).call{gas: 30000,value: amountBNBdev}() (#390)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable Auth._intAddr (#69) is not in mixedCase
Function IDEXRouter.WETH() (#137) is not in mixedCase
Parameter BLACKPUSSY.tradingStatus(bool)._status (#349) is not in mixedCase
Parameter BLACKPUSSY.setFees(uint256,uint256,uint256,uint256)._liquidityFee (#433) is not in mixedCase
Parameter BLACKPUSSY.setFees(uint256,uint256,uint256,uint256)._marketingFee (#433) is not in mixedCase
Parameter BLACKPUSSY.setFees(uint256,uint256,uint256,uint256)._devFee (#433) is not in mixedCase
Parameter BLACKPUSSY.setFees(uint256,uint256,uint256,uint256)._feeDenominator (#433) is not in mixedCase
Parameter BLACKPUSSY.cooldownEnabled(bool,uint8)._status (#441) is not in mixedCase
Parameter BLACKPUSSY.cooldownEnabled(bool,uint8)._interval (#441) is not in mixedCase
Parameter BLACKPUSSY.setFeeReceiver(address,address)._marketingFeeReceiver (#457) is not in mixedCase
Parameter BLACKPUSSY.setFeeReceiver(address,address)._devFeeReceiver (#457) is not in mixedCase
Parameter BLACKPUSSY.setSwapBackSettings(bool,uint256)._enabled (#466) is not in mixedCase
Parameter BLACKPUSSY.setSwapBackSettings(bool,uint256)._amount (#466) is not in mixedCase
Parameter BLACKPUSSY.blacklistAddress(address,bool)._address (#471) is not in mixedCase
Parameter BLACKPUSSY.blacklistAddress(address,bool)._value (#471) is not in mixedCase
Parameter BLACKPUSSY.transferForeignToken(address)._token (#479) is not in mixedCase
Variable BLACKPUSSY.WBNB (#186) is not in mixedCase
Variable BLACKPUSSY.DEAD (#187) is not in mixedCase
Variable BLACKPUSSY.ZERO (#188) is not in mixedCase
Constant BLACKPUSSY._name (#191) is not in UPPER_CASE_WITH_UNDERSCORES
Constant BLACKPUSSY._symbol (#192) is not in UPPER_CASE_WITH_UNDERSCORES
Constant BLACKPUSSY._decimals (#193) is not in UPPER_CASE_WITH_UNDERSCORES
Variable BLACKPUSSY._totalSupply (#195) is not in mixedCase
Variable BLACKPUSSY._maxTxAmount (#196) is not in mixedCase
Variable BLACKPUSSY._maxWalletSize (#197) is not in mixedCase
Variable BLACKPUSSY._balances (#199) is not in mixedCase
Variable BLACKPUSSY._allowances (#200) is not in mixedCase
Variable BLACKPUSSY._sellMultiplier (#212) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#142) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#143)
Prevent variables from having similar names.
Additional information: link
BLACKPUSSY.slitherConstructorVariables() (#183-499) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#187)
BLACKPUSSY.slitherConstructorVariables() (#183-499) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#188)
BLACKPUSSY.slitherConstructorVariables() (#183-499) uses literals with too many digits:
- _totalSupply = 10000000000 * (10 ** _decimals) (#195)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
BLACKPUSSY.DEAD (#187) should be constant
BLACKPUSSY.WBNB (#186) should be constant
BLACKPUSSY.ZERO (#188) should be constant
BLACKPUSSY._totalSupply (#195) should be constant
BLACKPUSSY.routerAddress (#189) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
authorize(address) should be declared external:
- Auth.authorize(address) (#93-95)
unauthorize(address) should be declared external:
- Auth.unauthorize(address) (#101-103)
transferOwnership(address) should be declared external:
- Auth.transferOwnership(address) (#122-126)
tradingStatus(bool) should be declared external:
- BLACKPUSSY.tradingStatus(bool) (#349-354)
cooldownEnabled(bool,uint8) should be declared external:
- BLACKPUSSY.cooldownEnabled(bool,uint8) (#441-444)
blacklistAddress(address,bool) should be declared external:
- BLACKPUSSY.blacklistAddress(address,bool) (#471-473)
transferForeignToken(address) should be declared external:
- BLACKPUSSY.transferForeignToken(address) (#479-483)
isOverLiquified(uint256,uint256) should be declared external:
- BLACKPUSSY.isOverLiquified(uint256,uint256) (#493-495)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts