CARESV2 [CareCoin V2] Token
About CARESV2
Listings
Website
CareCoin is a SAFU Certified Cryptocurrency project that is built on the Binance Smart Chain whose primary goal is to make a major impact in the world by making donations to various humanitarian and socio-economic causes that our holders get to choose while allowing the average person to leverage their strength in community numbers to make a positive impact in the world. CareCoin was inspired by two friends who wanted to make a huge impact in the world while creating real value for investors.
Social
Laser Scorebeta Last Audit: 2 October 2022
CareCoinV2.claimStuckTokens(address) (#527-536) ignores return value by ERC20token.transfer(msg.sender,balance) (#535)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
CareCoinV2.sendBNB(address,uint256) (#542-547) sends eth to arbitrary user
Dangerous calls:
- (success) = recipient.call{value: amount}() (#545)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in CareCoinV2._transfer(address,address,uint256) (#689-837):
External calls:
- swapAndLiquify(liquidityTokens + accumulatedWToWTax) (#751)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#849-854)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
External calls sending eth:
- swapAndLiquify(liquidityTokens + accumulatedWToWTax) (#751)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
State variables written after the call(s):
- accumulatedWToWTax = 0 (#752)
Reentrancy in CareCoinV2._transfer(address,address,uint256) (#689-837):
External calls:
- swapAndLiquify(liquidityTokens + accumulatedWToWTax) (#751)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#849-854)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(contractTokenBalance,0,path,address(this),block.timestamp) (#764-769)
- sendBNB(address(marketingWallet),marketingBNB) (#775)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(projectWallet),projectBNB) (#780)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(charityWallet),charityBNB) (#785)
- (success) = recipient.call{value: amount}() (#545)
External calls sending eth:
- swapAndLiquify(liquidityTokens + accumulatedWToWTax) (#751)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
- sendBNB(address(marketingWallet),marketingBNB) (#775)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(projectWallet),projectBNB) (#780)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(charityWallet),charityBNB) (#785)
- (success) = recipient.call{value: amount}() (#545)
State variables written after the call(s):
- super._transfer(from,address(this),fees) (#821)
- _balances[sender] = senderBalance - amount (#165)
- _balances[recipient] += amount (#167)
- super._transfer(from,to,amount) (#835)
- _balances[sender] = senderBalance - amount (#165)
- _balances[recipient] += amount (#167)
- accumulatedWToWTax += (amount * walletToWalletFee) / 100 (#814)
- swapping = false (#789)
Apply the check-effects-interactions pattern.
Additional information: link
Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains
Contract ownership is not renounced (belongs to a wallet)
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
ERC20._burn(address,uint256) (#186-201) is never used and should be removed
Context._msgData() (#32-35) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in CareCoinV2.sendBNB(address,uint256) (#542-547):
- (success) = recipient.call{value: amount}() (#545)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Redundant expression "this (#33)" inContext (#27-36)
Remove redundant statements if they congest code but offer no value.
Additional information: link
CareCoinV2.DEAD (#454) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
CareCoinV2.swapAndLiquify(uint256) (#839-868) ignores return value by uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
Ensure that all the return values of the function calls are used.
Additional information: link
CareCoinV2.setSwapTokensAtAmount(uint256) (#675-678) should emit an event for:
- swapTokensAtAmount = newAmount (#677)
Emit an event for critical parameter changes.
Additional information: link
CareCoinV2._transfer(address,address,uint256) (#689-837) compares to a boolean constant:
-_isExcludedFromMaxWalletLimit[from] == false && _isExcludedFromMaxWalletLimit[to] == false && to != uniswapV2Pair (#826-828)
CareCoinV2._transfer(address,address,uint256) (#689-837) compares to a boolean constant:
-antibotEnabled && launchedAt > 0 && _isExcludedFromFees[from] == false && _isExcludedFromFees[to] == false (#702-704)
Remove the equality to the boolean constant.
Additional information: link
solc-0.8.16 is not recommended for deployment
Pragma version0.8.16 (#3) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
CareCoinV2.setSwapTokensAtAmount(uint256) (#675-678) uses literals with too many digits:
- require(bool,string)(newAmount > totalSupply() / 100000,SwapTokensAtAmount must be greater than 0.001% of total supply) (#676)
CareCoinV2.slitherConstructorVariables() (#427-870) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#454)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#119-135)
isExcludedFromFees(address) should be declared external:
- CareCoinV2.isExcludedFromFees(address) (#564-566)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#58-61)
decimals() should be declared external:
- ERC20.decimals() (#93-95)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#142-150)
symbol() should be declared external:
- ERC20.symbol() (#89-91)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#105-108)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#137-140)
name() should be declared external:
- ERC20.name() (#85-87)
isExcludedFromMaxWalletLimit(address) should be declared external:
- CareCoinV2.isExcludedFromMaxWalletLimit(address) (#655-657)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#114-117)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#110-112)
Use the external attribute for functions never called from the contract.
Additional information: link
CareCoinV2.updateSellFees(uint256,uint256,uint256,uint256) (#595-620) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)((launchedAt > 0 && launchedAt + 1209600 < block.timestamp) || _liquidityFeeOnSell + _marketingFeeOnSell + _projectFeeOnSell + _charityFeeOnSell <= _totalFeesOnSell,SAFU: Owner can not increase taxes in the first 14 days from listing) (#604-608)
CareCoinV2.setAntibotStatus(bool) (#680-687) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp < launchedAt + 2764800 || ! _antibotEnabled,Cannot enable antibot 32 day after launch) (#681-685)
CareCoinV2._transfer(address,address,uint256) (#689-837) uses timestamp for comparisons
Dangerous comparisons:
- antibotEnabled && launchedAt > 0 && _isExcludedFromFees[from] == false && _isExcludedFromFees[to] == false (#702-704)
- launchedAt + 2764800 > block.timestamp (#706)
- require(bool,string)(block.timestamp - lastTransactionTime[from] >= 5,You need to wait 5 seconds before selling during antibot) (#711-714)
- launchedAt == 0 && uniswapV2Pair == to (#723)
- launchedAt + 86400 > block.timestamp && from == uniswapV2Pair (#800)
CareCoinV2.updateBuyFees(uint256,uint256,uint256,uint256) (#568-593) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)((launchedAt > 0 && launchedAt + 1209600 < block.timestamp) || _liquidityFeeOnBuy + _marketingFeeOnBuy + _projectFeeOnBuy + _charityFeeOnBuy <= _totalFeesOnBuy,SAFU: Owner can not increase taxes in the first 14 days from listing) (#577-581)
Avoid relying on block.timestamp.
Additional information: link
Reentrancy in CareCoinV2.swapAndLiquify(uint256) (#839-868):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#849-854)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
External calls sending eth:
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
Event emitted after the call(s):
- SwapAndLiquify(half,newBalance,otherHalf) (#867)
Reentrancy in CareCoinV2._transfer(address,address,uint256) (#689-837):
External calls:
- swapAndLiquify(liquidityTokens + accumulatedWToWTax) (#751)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#849-854)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(contractTokenBalance,0,path,address(this),block.timestamp) (#764-769)
- sendBNB(address(marketingWallet),marketingBNB) (#775)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(projectWallet),projectBNB) (#780)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(charityWallet),charityBNB) (#785)
- (success) = recipient.call{value: amount}() (#545)
External calls sending eth:
- swapAndLiquify(liquidityTokens + accumulatedWToWTax) (#751)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#858-865)
- sendBNB(address(marketingWallet),marketingBNB) (#775)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(projectWallet),projectBNB) (#780)
- (success) = recipient.call{value: amount}() (#545)
- sendBNB(address(charityWallet),charityBNB) (#785)
- (success) = recipient.call{value: amount}() (#545)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#169)
- super._transfer(from,address(this),fees) (#821)
- Transfer(sender,recipient,amount) (#169)
- super._transfer(from,to,amount) (#835)
Apply the check-effects-interactions pattern.
Additional information: link
Parameter CareCoinV2.changeCharityWallet(address)._charityWallet (#642) is not in mixedCase
Parameter CareCoinV2.setAntibotStatus(bool)._antibotEnabled (#680) is not in mixedCase
Parameter CareCoinV2.updateBuyFees(uint256,uint256,uint256,uint256)._liquidityFeeOnBuy (#569) is not in mixedCase
Parameter CareCoinV2.updateSellFees(uint256,uint256,uint256,uint256)._charityFeeOnSell (#599) is not in mixedCase
Parameter CareCoinV2.updateSellFees(uint256,uint256,uint256,uint256)._projectFeeOnSell (#598) is not in mixedCase
Parameter CareCoinV2.updateBuyFees(uint256,uint256,uint256,uint256)._marketingFeeOnBuy (#570) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#257) is not in mixedCase
Variable CareCoinV2.DEAD (#454) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#274) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#256) is not in mixedCase
Parameter CareCoinV2.changeMarketingWallet(address)._marketingWallet (#628) is not in mixedCase
Parameter CareCoinV2.updateBuyFees(uint256,uint256,uint256,uint256)._projectFeeOnBuy (#571) is not in mixedCase
Function CareCoinV2.setMaxWalletRate_Denominator1000(uint256) (#663-667) is not in mixedCase
Parameter CareCoinV2.setMaxWalletRate_Denominator1000(uint256)._val (#663) is not in mixedCase
Parameter CareCoinV2.changeProjectWallet(address)._projectWallet (#635) is not in mixedCase
Parameter CareCoinV2.updateSellFees(uint256,uint256,uint256,uint256)._marketingFeeOnSell (#597) is not in mixedCase
Parameter CareCoinV2.updateWalletToWalletFee(uint256)._walletToWalletFee (#622) is not in mixedCase
Function IUniswapV2Router01.WETH() (#294) is not in mixedCase
Parameter CareCoinV2.updateBuyFees(uint256,uint256,uint256,uint256)._charityFeeOnBuy (#572) is not in mixedCase
Parameter CareCoinV2.updateSellFees(uint256,uint256,uint256,uint256)._liquidityFeeOnSell (#596) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#299) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#300)
Prevent variables from having similar names.
Additional information: link
Contract has 7% buy tax and 13% sell tax.
Taxes are suspiciously high (over 10%) and contract ownership is not renounced. Token has a high risk of becoming a honeypot.
Number of Binance Smart Chain (BSC) token holders is low.
Token is deployed only at one blockchain
Token has only one trading pair
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Price for CARESV2
LASER DESK beta
Unable to find Discord account