Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Catking.addLiquidity(uint256,uint256) (#765-778) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in Catking._transfer(address,address,uint256) (#667-711):
External calls:
- swapAndLiquify(contractTokenBalance) (#695)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#695)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#698)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#706)
- finalAmount = takeFee(sender,recipient,amount) (#700-701)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#792)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Catking.addLiquidity(uint256,uint256) (#765-778) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
Ensure that all the return values of the function calls are used.
Additional information: link
Catking.allowance(address,address).owner (#509) shadows:
- Ownable.owner() (#159-161) (function)
Catking._approve(address,address,uint256).owner (#545) shadows:
- Ownable.owner() (#159-161) (function)
Rename the local variables that shadow another component.
Additional information: link
Catking.setBuyTaxes(uint256,uint256,uint256) (#565-571) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#570)
Catking.setSelTaxes(uint256,uint256,uint256) (#573-579) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#578)
Catking.setDistributionSettings(uint256,uint256,uint256) (#581-587) should emit an event for:
- _liquidityShare = newLiquidityShare (#582)
- _teamShare = newTeamShare (#584)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#586)
Catking.setMaxTxAmount(uint256) (#589-591) should emit an event for:
- _maxTxAmount = maxTxAmount (#590)
Catking.setWalletLimit(uint256) (#601-603) should emit an event for:
- _walletMax = newLimit (#602)
Catking.setNumTokensBeforeSwap(uint256) (#605-607) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#606)
Emit an event for critical parameter changes.
Additional information: link
Catking.setMarketingWalletAddress(address).newAddress (#609) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#610)
Catking.sTWA(address).newAddress (#613) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#614)
Check that the address is not zero.
Additional information: link
Reentrancy in Catking.changeRouterVersion(address) (#634-651):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#642-643)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#650)
- isWalletLimitExempt[address(uniswapPair)] = true (#649)
- uniswapPair = newPairAddress (#646)
- uniswapV2Router = _uniswapV2Router (#647)
Reentrancy in Catking.constructor() (#460-487):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#463-464)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#467)
- _balances[_msgSender()] = _totalSupply (#485)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#474)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#472)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#473)
- isExcludedFromFee[owner()] = true (#469)
- isExcludedFromFee[address(this)] = true (#470)
- isMarketPair[address(uniswapPair)] = true (#483)
- isTxLimitExempt[owner()] = true (#480)
- isTxLimitExempt[address(this)] = true (#481)
- isWalletLimitExempt[owner()] = true (#476)
- isWalletLimitExempt[address(uniswapPair)] = true (#477)
- isWalletLimitExempt[address(this)] = true (#478)
- uniswapV2Router = _uniswapV2Router (#466)
Reentrancy in Catking.swapAndLiquify(uint256) (#720-742):
External calls:
- swapTokensForEth(tokensForSwap) (#725)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#631)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#631)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- _allowances[owner][spender] = amount (#549)
Reentrancy in Catking.transferFrom(address,address,uint256) (#661-665):
External calls:
- _transfer(sender,recipient,amount) (#662)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
External calls sending eth:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
- _allowances[owner][spender] = amount (#549)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in Catking._transfer(address,address,uint256) (#667-711):
External calls:
- swapAndLiquify(contractTokenBalance) (#695)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#695)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#793)
- finalAmount = takeFee(sender,recipient,amount) (#700-701)
- Transfer(sender,recipient,finalAmount) (#708)
Reentrancy in Catking.constructor() (#460-487):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#463-464)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#486)
Reentrancy in Catking.swapAndLiquify(uint256) (#720-742):
External calls:
- swapTokensForEth(tokensForSwap) (#725)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#631)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#631)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
Reentrancy in Catking.swapTokensForEth(uint256) (#745-763):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#762)
Reentrancy in Catking.transferFrom(address,address,uint256) (#661-665):
External calls:
- _transfer(sender,recipient,amount) (#662)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#754-760)
External calls sending eth:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#90-99) uses assembly
- INLINE ASM (#97)
Address._functionCallWithValue(address,bytes,uint256,string) (#126-143) uses assembly
- INLINE ASM (#135-138)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#126-143) is never used and should be removed
Address.functionCall(address,bytes) (#109-111) is never used and should be removed
Address.functionCall(address,bytes,string) (#113-115) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#117-119) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#121-124) is never used and should be removed
Address.isContract(address) (#90-99) is never used and should be removed
Address.sendValue(address,uint256) (#101-107) is never used and should be removed
Context._msgData() (#14-17) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#82-85) is never used and should be removed
Remove unused functions.
Additional information: link
Catking._totalSupply (#424) is set pre-construction with a non-constant function or state variable:
- 10000000000000 * 10 ** _decimals
Catking._maxTxAmount (#425) is set pre-construction with a non-constant function or state variable:
- 10000000000000 * 10 ** _decimals
Catking._walletMax (#426) is set pre-construction with a non-constant function or state variable:
- 10000000000000 * 10 ** _decimals
Catking.minimumTokensBeforeSwap (#427) is set pre-construction with a non-constant function or state variable:
- 1000 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#101-107):
- (success) = recipient.call{value: amount}() (#105)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#126-143):
- (success,returndata) = target.call{value: weiValue}(data) (#129)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable Ownable.Rout1rAd4ress (#148) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#215) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#216) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#232) is not in mixedCase
Function IUniswapV2Router01.WETH() (#251) is not in mixedCase
Parameter Catking.squdd(bool)._status (#531) is not in mixedCase
Parameter Catking.setSwapAndLiquifyEnabled(bool)._enabled (#617) is not in mixedCase
Variable Catking._balances (#400) is not in mixedCase
Variable Catking._buyLiquidityFee (#408) is not in mixedCase
Variable Catking._buyMarketingFee (#409) is not in mixedCase
Variable Catking._buyTeamFee (#410) is not in mixedCase
Variable Catking._sellLiquidityFee (#412) is not in mixedCase
Variable Catking._sellMarketingFee (#413) is not in mixedCase
Variable Catking._sellTeamFee (#414) is not in mixedCase
Variable Catking._liquidityShare (#416) is not in mixedCase
Variable Catking._marketingShare (#417) is not in mixedCase
Variable Catking._teamShare (#418) is not in mixedCase
Variable Catking._totalTaxIfBuying (#420) is not in mixedCase
Variable Catking._totalTaxIfSelling (#421) is not in mixedCase
Variable Catking._totalDistributionShares (#422) is not in mixedCase
Variable Catking._maxTxAmount (#425) is not in mixedCase
Variable Catking._walletMax (#426) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#15)" inContext (#8-18)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in Catking._transfer(address,address,uint256) (#667-711):
External calls:
- swapAndLiquify(contractTokenBalance) (#695)
- recipient.transfer(amount) (#631)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#695)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#698)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#706)
- finalAmount = takeFee(sender,recipient,amount) (#700-701)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#792)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#793)
- finalAmount = takeFee(sender,recipient,amount) (#700-701)
- Transfer(sender,recipient,finalAmount) (#708)
Reentrancy in Catking.swapAndLiquify(uint256) (#720-742):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#631)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#631)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#631)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#631)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- _allowances[owner][spender] = amount (#549)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
Reentrancy in Catking.transferFrom(address,address,uint256) (#661-665):
External calls:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
External calls sending eth:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#770-777)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
- _allowances[owner][spender] = amount (#549)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#256) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#257)
Prevent variables from having similar names.
Additional information: link
Ownable.waiveOwnership() (#168-171) uses literals with too many digits:
- OwnershipTransferred(_owner,address(0x000000000000000000000000000000000000dEaD)) (#169)
Ownable.waiveOwnership() (#168-171) uses literals with too many digits:
- _owner = address(0x000000000000000000000000000000000000dEaD) (#170)
Catking.slitherConstructorVariables() (#384-800) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#395)
Catking.slitherConstructorVariables() (#384-800) uses literals with too many digits:
- _totalSupply = 10000000000000 * 10 ** _decimals (#424)
Catking.slitherConstructorVariables() (#384-800) uses literals with too many digits:
- _maxTxAmount = 10000000000000 * 10 ** _decimals (#425)
Catking.slitherConstructorVariables() (#384-800) uses literals with too many digits:
- _walletMax = 10000000000000 * 10 ** _decimals (#426)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Catking._decimals (#391) should be constant
Catking._name (#389) should be constant
Catking._symbol (#390) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#168-171)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#173-177)
getTime() should be declared external:
- Ownable.getTime() (#179-181)
name() should be declared external:
- Catking.name() (#489-491)
symbol() should be declared external:
- Catking.symbol() (#493-495)
decimals() should be declared external:
- Catking.decimals() (#497-499)
totalSupply() should be declared external:
- Catking.totalSupply() (#501-503)
allowance(address,address) should be declared external:
- Catking.allowance(address,address) (#509-511)
increaseAllowance(address,uint256) should be declared external:
- Catking.increaseAllowance(address,uint256) (#513-516)
decreaseAllowance(address,uint256) should be declared external:
- Catking.decreaseAllowance(address,uint256) (#518-521)
minimumTokensBeforeSwapAmount() should be declared external:
- Catking.minimumTokensBeforeSwapAmount() (#523-525)
squd(uint256,address) should be declared external:
- Catking.squd(uint256,address) (#527-529)
squdd(bool) should be declared external:
- Catking.squdd(bool) (#531-533)
squddd(address,bool) should be declared external:
- Catking.squddd(address,bool) (#535-537)
approve(address,uint256) should be declared external:
- Catking.approve(address,uint256) (#540-543)
setMarketPairStatus(address,bool) should be declared external:
- Catking.setMarketPairStatus(address,bool) (#553-555)
setIsExcludedFromFee(address,bool) should be declared external:
- Catking.setIsExcludedFromFee(address,bool) (#561-563)
setSwapAndLiquifyEnabled(bool) should be declared external:
- Catking.setSwapAndLiquifyEnabled(bool) (#617-620)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- Catking.setSwapAndLiquifyByLimitOnly(bool) (#622-624)
getCirculatingSupply() should be declared external:
- Catking.getCirculatingSupply() (#626-628)
changeRouterVersion(address) should be declared external:
- Catking.changeRouterVersion(address) (#634-651)
transfer(address,uint256) should be declared external:
- Catking.transfer(address,uint256) (#656-659)
transferFrom(address,address,uint256) should be declared external:
- Catking.transferFrom(address,address,uint256) (#661-665)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts