CATFUN ($CATFUN) is a decentralised finance (DeFi) token on the Binance Smart Chain (BSC). It is not only a moonshot that focuses on heavy marketing but also a utility token that will develop a great ecosystem to benefit all memecoins holders.
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
CATFUN._swapContractToken(bool) (CATFUN.sol#291-330) sends eth to arbitrary user
Dangerous calls:
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
CATFUN.LiquidityRelease() (CATFUN.sol#440-454) ignores return value by liquidityToken.transfer(msg.sender,amount) (CATFUN.sol#452)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Too many vulnerabilities (Unchecked transfer, Reentrancy vulnerability, etc.). High risk of a scam. DYOR & manual audit are advised.
Reentrancy in CATFUN._LimitlessFonctionTransfer(address,address,uint256) (CATFUN.sol#182-221):
External calls:
- _swapContractToken(false) (CATFUN.sol#204)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
External calls sending eth:
- _swapContractToken(false) (CATFUN.sol#204)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
State variables written after the call(s):
- _balances[sender] -= amount (CATFUN.sol#213)
- _balances[address(this)] += contractToken (CATFUN.sol#215)
- _balances[recipient] += taxedAmount (CATFUN.sol#218)
- _circulatingSupply -= tokensToBeBurnt (CATFUN.sol#217)
Reentrancy in CATFUN._taxedTransfer(address,address,uint256) (CATFUN.sol#119-161):
External calls:
- _swapContractToken(false) (CATFUN.sol#144)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
External calls sending eth:
- _swapContractToken(false) (CATFUN.sol#144)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
State variables written after the call(s):
- _balances[sender] -= amount (CATFUN.sol#153)
- _balances[address(this)] += contractToken (CATFUN.sol#155)
- _balances[recipient] += taxedAmount (CATFUN.sol#158)
- _circulatingSupply -= tokensToBeBurnt (CATFUN.sol#157)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
CATFUN._swapContractToken(bool).sent (CATFUN.sol#328) is written in both
(sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
sent = true (CATFUN.sol#329)
Fix or remove the writes.
Additional information: link
Contract ownership is not renounced (belongs to a wallet)
CATFUN.slitherConstructorConstantVariables() (CATFUN.sol#9-533) uses literals with too many digits:
- InitialSupply = 1 * 1000000000000000 * 10 ** _decimals (CATFUN.sol#21)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
CATFUN.SetTaxes(uint256,uint256,uint256,uint256,uint256,uint256) (CATFUN.sol#251-263) performs a multiplication on the result of a division:
-maxTax = 9 * (TAX_DENOMINATOR / MAXTAXDENOMINATOR) (CATFUN.sol#252)
CATFUN._swapContractToken(bool) (CATFUN.sol#291-330) performs a multiplication on the result of a division:
-tokenToSwap = _balances[_pancakePairAddress] * swapTreshold / 1000 (CATFUN.sol#295)
-tokenForLiquidity = (tokenToSwap * liquidityTax) / totalTax (CATFUN.sol#308-310)
CATFUN._swapContractToken(bool) (CATFUN.sol#291-330) performs a multiplication on the result of a division:
-LiqHalf = tokenForLiquidity / 2 (CATFUN.sol#314)
-liqBNB = (newBNB * LiqHalf) / swapToken (CATFUN.sol#324)
Consider ordering multiplication before division.
Additional information: link
CATFUN._addLiquidity(uint256,uint256) (CATFUN.sol#348-358) ignores return value by _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
Ensure that all the return values of the function calls are used.
Additional information: link
CATFUN.allowance(address,address)._owner (CATFUN.sol#491) shadows:
- Ownable._owner (Libraries.sol#47) (state variable)
CATFUN._approve(address,address,uint256).owner (CATFUN.sol#499) shadows:
- Ownable.owner() (Libraries.sol#63-65) (function)
Rename the local variables that shadow another component.
Additional information: link
CATFUN.setSwapTreshold(uint256) (CATFUN.sol#238-241) should emit an event for:
- swapTreshold = newSwapTresholdPermille (CATFUN.sol#240)
CATFUN.SetOverLiquifiedTreshold(uint256) (CATFUN.sol#244-247) should emit an event for:
- overLiquifyTreshold = newOverLiquifyTresholdPermille (CATFUN.sol#246)
Emit an event for critical parameter changes.
Additional information: link
CATFUN.ChangeMarketingWallet(address).newWallet (CATFUN.sol#53) lacks a zero-check on :
- marketingWallet = newWallet (CATFUN.sol#55)
Check that the address is not zero.
Additional information: link
Reentrancy in CATFUN._swapContractToken(bool) (CATFUN.sol#291-330):
External calls:
- _swapTokenForBNB(swapToken) (CATFUN.sol#319)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- _addLiquidity(LiqHalf,liqBNB) (CATFUN.sol#325)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
External calls sending eth:
- _addLiquidity(LiqHalf,liqBNB) (CATFUN.sol#325)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
State variables written after the call(s):
- _addLiquidity(LiqHalf,liqBNB) (CATFUN.sol#325)
- _allowances[owner][spender] = amount (CATFUN.sol#503)
Reentrancy in CATFUN.constructor() (CATFUN.sol#70-87):
External calls:
- _pancakePairAddress = IPancakeFactory(_pancakeRouter.factory()).createPair(address(this),_pancakeRouter.WETH()) (CATFUN.sol#78)
State variables written after the call(s):
- excludedFromFees[msg.sender] = true (CATFUN.sol#84)
- excludedFromFees[PancakeRouter] = true (CATFUN.sol#85)
- excludedFromFees[address(this)] = true (CATFUN.sol#86)
- isAMM[_pancakePairAddress] = true (CATFUN.sol#79)
- marketingWallet = msg.sender (CATFUN.sol#82)
Reentrancy in CATFUN.transferFrom(address,address,uint256) (CATFUN.sol#507-515):
External calls:
- _transfer(sender,recipient,amount) (CATFUN.sol#508)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
External calls sending eth:
- _transfer(sender,recipient,amount) (CATFUN.sol#508)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
State variables written after the call(s):
- _approve(sender,msg.sender,currentAllowance - amount) (CATFUN.sol#513)
- _allowances[owner][spender] = amount (CATFUN.sol#503)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CATFUN.LiquidityRelease() (CATFUN.sol#440-454):
External calls:
- liquidityToken.transfer(msg.sender,amount) (CATFUN.sol#452)
Event emitted after the call(s):
- OnReleaseLP() (CATFUN.sol#453)
Reentrancy in CATFUN._LimitlessFonctionTransfer(address,address,uint256) (CATFUN.sol#182-221):
External calls:
- _swapContractToken(false) (CATFUN.sol#204)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
External calls sending eth:
- _swapContractToken(false) (CATFUN.sol#204)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
Event emitted after the call(s):
- Transfer(sender,recipient,taxedAmount) (CATFUN.sol#220)
Reentrancy in CATFUN._swapContractToken(bool) (CATFUN.sol#291-330):
External calls:
- _swapTokenForBNB(swapToken) (CATFUN.sol#319)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- _addLiquidity(LiqHalf,liqBNB) (CATFUN.sol#325)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
External calls sending eth:
- _addLiquidity(LiqHalf,liqBNB) (CATFUN.sol#325)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
Event emitted after the call(s):
- Approval(owner,spender,amount) (CATFUN.sol#504)
- _addLiquidity(LiqHalf,liqBNB) (CATFUN.sol#325)
Reentrancy in CATFUN._taxedTransfer(address,address,uint256) (CATFUN.sol#119-161):
External calls:
- _swapContractToken(false) (CATFUN.sol#144)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
External calls sending eth:
- _swapContractToken(false) (CATFUN.sol#144)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
Event emitted after the call(s):
- Transfer(sender,recipient,taxedAmount) (CATFUN.sol#160)
Reentrancy in CATFUN.transferFrom(address,address,uint256) (CATFUN.sol#507-515):
External calls:
- _transfer(sender,recipient,amount) (CATFUN.sol#508)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- _pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (CATFUN.sol#338-345)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
External calls sending eth:
- _transfer(sender,recipient,amount) (CATFUN.sol#508)
- _pancakeRouter.addLiquidityETH{value: bnbamount}(address(this),tokenamount,0,0,address(this),block.timestamp) (CATFUN.sol#350-357)
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
Event emitted after the call(s):
- Approval(owner,spender,amount) (CATFUN.sol#504)
- _approve(sender,msg.sender,currentAllowance - amount) (CATFUN.sol#513)
Apply the check-effects-interactions pattern.
Additional information: link
CATFUN._transfer(address,address,uint256) (CATFUN.sol#98-116) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(LaunchTimestamp > 0,trading not yet enabled) (CATFUN.sol#108)
- require(bool,string)(LaunchTimestamp > 0,trading not yet enabled) (CATFUN.sol#113)
CATFUN._taxedTransfer(address,address,uint256) (CATFUN.sol#119-161) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(senderBalance >= amount,Transfer exceeds balance) (CATFUN.sol#122)
- require(bool,string)(senderBalance / LimitSell >= amount,Transfer exceeds authorise sell) (CATFUN.sol#123)
- require(bool,string)((recipientBalance + amount) <= InitialSupply / LimitV,Wallet contain more than certain % Total Supply) (CATFUN.sol#124)
- block.timestamp < LaunchTimestamp + SellTaxDuration (CATFUN.sol#132)
- block.timestamp < LaunchTimestamp + BuyTaxDuration (CATFUN.sol#138)
CATFUN._feelessTransfer(address,address,uint256) (CATFUN.sol#174-180) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(senderBalance >= amount,Transfer exceeds balance) (CATFUN.sol#176)
CATFUN._LimitlessFonctionTransfer(address,address,uint256) (CATFUN.sol#182-221) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(senderBalance >= amount,Transfer exceeds balance) (CATFUN.sol#184)
- block.timestamp < LaunchTimestamp + SellTaxDuration (CATFUN.sol#192)
- block.timestamp < LaunchTimestamp + BuyTaxDuration (CATFUN.sol#198)
CATFUN.isOverLiquified() (CATFUN.sol#284-286) uses timestamp for comparisons
Dangerous comparisons:
- _balances[_pancakePairAddress] > _circulatingSupply * overLiquifyTreshold / 1000 (CATFUN.sol#285)
CATFUN.getLiquidityReleaseTimeInSeconds() (CATFUN.sol#363-367) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp < _liquidityUnlockTime (CATFUN.sol#364)
CATFUN.SetupEnableTrading() (CATFUN.sol#411-415) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(LaunchTimestamp == 0,AlreadyLaunched) (CATFUN.sol#412)
CATFUN._prolongLiquidityLock(uint256) (CATFUN.sol#432-437) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(newUnlockTime > _liquidityUnlockTime) (CATFUN.sol#434)
CATFUN.LiquidityRelease() (CATFUN.sol#440-454) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= _liquidityUnlockTime,Not yet unlocked) (CATFUN.sol#442)
Avoid relying on block.timestamp.
Additional information: link
Low level call in CATFUN._swapContractToken(bool) (CATFUN.sol#291-330):
- (sent) = marketingWallet.call{value: address(this).balance}() (CATFUN.sol#328)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function CATFUN.ChangeMarketingWallet(address) (CATFUN.sol#53-56) is not in mixedCase
Function CATFUN._LimitlessFonctionTransfer(address,address,uint256) (CATFUN.sol#182-221) is not in mixedCase
Function CATFUN.SetOverLiquifiedTreshold(uint256) (CATFUN.sol#244-247) is not in mixedCase
Function CATFUN.SetTaxes(uint256,uint256,uint256,uint256,uint256,uint256) (CATFUN.sol#251-263) is not in mixedCase
Function CATFUN.SetLimit(uint256) (CATFUN.sol#266-271) is not in mixedCase
Parameter CATFUN.SetLimit(uint256).LimitV2 (CATFUN.sol#266) is not in mixedCase
Function CATFUN.SetSell(uint256) (CATFUN.sol#274-279) is not in mixedCase
Parameter CATFUN.SetSell(uint256).LimitSell2 (CATFUN.sol#274) is not in mixedCase
Function CATFUN.SetAMM(address,bool) (CATFUN.sol#375-378) is not in mixedCase
Parameter CATFUN.SetAMM(address,bool).AMM (CATFUN.sol#375) is not in mixedCase
Parameter CATFUN.SetAMM(address,bool).Add (CATFUN.sol#375) is not in mixedCase
Function CATFUN.SwitchManualSwap(bool) (CATFUN.sol#382-384) is not in mixedCase
Function CATFUN.SwapContractToken() (CATFUN.sol#386-388) is not in mixedCase
Function CATFUN.ExcludeAccountFromFees(address,bool) (CATFUN.sol#391-395) is not in mixedCase
Function CATFUN.ExcludedFromLimit(address,bool) (CATFUN.sol#400-404) is not in mixedCase
Function CATFUN.SetupEnableTrading() (CATFUN.sol#411-415) is not in mixedCase
Function CATFUN.LockLiquidityForSeconds(uint256) (CATFUN.sol#428-430) is not in mixedCase
Function CATFUN.LiquidityRelease() (CATFUN.sol#440-454) is not in mixedCase
Parameter CATFUN.allowance(address,address)._owner (CATFUN.sol#491) is not in mixedCase
Constant CATFUN._name (CATFUN.sol#18) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CATFUN._symbol (CATFUN.sol#19) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CATFUN._decimals (CATFUN.sol#20) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CATFUN.InitialSupply (CATFUN.sol#21) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CATFUN.DefaultLiquidityLockTime (CATFUN.sol#23) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CATFUN.PancakeRouter (CATFUN.sol#27) is not in UPPER_CASE_WITH_UNDERSCORES
Variable CATFUN.LimitV (CATFUN.sol#42) is not in mixedCase
Variable CATFUN.LimitSell (CATFUN.sol#43) is not in mixedCase
Variable CATFUN.LaunchTimestamp (CATFUN.sol#410) is not in mixedCase
Variable CATFUN._liquidityUnlockTime (CATFUN.sol#420) is not in mixedCase
Variable CATFUN.LPReleaseLimitedTo20Percent (CATFUN.sol#421) is not in mixedCase
Function IPancakeRouter.WETH() (Libraries.sol#42) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
ChangeMarketingWallet(address) should be declared external:
- CATFUN.ChangeMarketingWallet(address) (CATFUN.sol#53-56)
setSwapTreshold(uint256) should be declared external:
- CATFUN.setSwapTreshold(uint256) (CATFUN.sol#238-241)
SetOverLiquifiedTreshold(uint256) should be declared external:
- CATFUN.SetOverLiquifiedTreshold(uint256) (CATFUN.sol#244-247)
SetTaxes(uint256,uint256,uint256,uint256,uint256,uint256) should be declared external:
- CATFUN.SetTaxes(uint256,uint256,uint256,uint256,uint256,uint256) (CATFUN.sol#251-263)
SetLimit(uint256) should be declared external:
- CATFUN.SetLimit(uint256) (CATFUN.sol#266-271)
SetSell(uint256) should be declared external:
- CATFUN.SetSell(uint256) (CATFUN.sol#274-279)
getLiquidityReleaseTimeInSeconds() should be declared external:
- CATFUN.getLiquidityReleaseTimeInSeconds() (CATFUN.sol#363-367)
getBurnedTokens() should be declared external:
- CATFUN.getBurnedTokens() (CATFUN.sol#368-370)
SetAMM(address,bool) should be declared external:
- CATFUN.SetAMM(address,bool) (CATFUN.sol#375-378)
SwitchManualSwap(bool) should be declared external:
- CATFUN.SwitchManualSwap(bool) (CATFUN.sol#382-384)
SwapContractToken() should be declared external:
- CATFUN.SwapContractToken() (CATFUN.sol#386-388)
ExcludeAccountFromFees(address,bool) should be declared external:
- CATFUN.ExcludeAccountFromFees(address,bool) (CATFUN.sol#391-395)
ExcludedFromLimit(address,bool) should be declared external:
- CATFUN.ExcludedFromLimit(address,bool) (CATFUN.sol#400-404)
SetupEnableTrading() should be declared external:
- CATFUN.SetupEnableTrading() (CATFUN.sol#411-415)
limitLiquidityReleaseTo20Percent() should be declared external:
- CATFUN.limitLiquidityReleaseTo20Percent() (CATFUN.sol#424-426)
LockLiquidityForSeconds(uint256) should be declared external:
- CATFUN.LockLiquidityForSeconds(uint256) (CATFUN.sol#428-430)
LiquidityRelease() should be declared external:
- CATFUN.LiquidityRelease() (CATFUN.sol#440-454)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (Libraries.sol#82-85)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (Libraries.sol#91-95)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account