Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
CBCDAO.addLiquidity(uint256,uint256) (#1770-1785) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
CBCDAO.Sweep(address) (#1840-1843) sends eth to arbitrary user
Dangerous calls:
- address(_to).transfer(balance) (#1842)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in CBCDAO._transfer(address,address,uint256) (#1575-1679):
External calls:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
External calls sending eth:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
State variables written after the call(s):
- swapping = false (#1618)
Reentrancy in CBCDAO._transfer(address,address,uint256) (#1575-1679):
External calls:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- launchCheck(from,to) (#1644)
- dividendTracker.excludeFromDividends(recipient) (#1568)
- dividendTracker.excludeFromDividends(sender) (#1571)
External calls sending eth:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
State variables written after the call(s):
- super._transfer(from,address(taxer),genFees) (#1657)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#862)
- _balances[recipient] = _balances[recipient].add(amount) (#863)
- super._transfer(from,address(this),fees) (#1661)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#862)
- _balances[recipient] = _balances[recipient].add(amount) (#863)
- super._transfer(from,to,amount) (#1664)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#862)
- _balances[recipient] = _balances[recipient].add(amount) (#863)
- launchCheck(from,to) (#1644)
- _isBlacklisted[recipient] = true (#1567)
- _isBlacklisted[sender] = true (#1570)
Reentrancy in DividendPayingToken._withdrawDividendOfUser(address) (#1076-1092):
External calls:
- (success) = user.call{gas: 3000,value: _withdrawableDividend}() (#1081)
State variables written after the call(s):
- withdrawnDividends[user] = withdrawnDividends[user].sub(_withdrawableDividend) (#1084)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Reentrancy in CBCDAO.updateDividendTracker(address) (#1342-1357):
External calls:
- newDividendTracker.excludeFromDividends(address(newDividendTracker)) (#1349)
- newDividendTracker.excludeFromDividends(address(this)) (#1350)
- newDividendTracker.excludeFromDividends(owner()) (#1351)
- newDividendTracker.excludeFromDividends(address(uniswapV2Router)) (#1352)
State variables written after the call(s):
- dividendTracker = newDividendTracker (#1356)
Apply the check-effects-interactions pattern.
Additional information: link
CBCDAO._transfer(address,address,uint256).iterations (#1672) is a local variable never initialized
CBCDAO._transfer(address,address,uint256).claims (#1672) is a local variable never initialized
CBCDAO._transfer(address,address,uint256).lastProcessedIndex (#1672) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
CBCDAO.claim() (#1541-1543) ignores return value by dividendTracker.processAccount(msg.sender,false) (#1542)
CBCDAO._transfer(address,address,uint256) (#1575-1679) ignores return value by dividendTracker.process(gas) (#1672-1677)
CBCDAO.addLiquidity(uint256,uint256) (#1770-1785) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
Ensure that all the return values of the function calls are used.
Additional information: link
DividendPayingToken.constructor(string,string)._name (#1033) shadows:
- ERC20._name (#684) (state variable)
DividendPayingToken.constructor(string,string)._symbol (#1033) shadows:
- ERC20._symbol (#685) (state variable)
Rename the local variables that shadow another component.
Additional information: link
CBCDAO.updateGenFee(uint256) (#1338-1340) should emit an event for:
- genFee = value (#1339)
CBCDAO.setETHRewardsFee(uint256) (#1359-1362) should emit an event for:
- totalFees = ETHRewardsFee.add(buyBackFee).add(marketFee).add(liquidityFee) (#1361)
CBCDAO.setBuyBackFee(uint256) (#1364-1367) should emit an event for:
- totalFees = ETHRewardsFee.add(buyBackFee).add(marketFee).add(liquidityFee) (#1366)
CBCDAO.setMarketFee(uint256) (#1369-1372) should emit an event for:
- marketFee = value (#1370)
- totalFees = ETHRewardsFee.add(buyBackFee).add(marketFee).add(liquidityFee) (#1371)
CBCDAO.setLiquidityFee(uint256) (#1374-1377) should emit an event for:
- liquidityFee = value (#1375)
- totalFees = ETHRewardsFee.add(buyBackFee).add(marketFee).add(liquidityFee) (#1376)
CBCDAO.setSwapTokensAtAmount(uint256) (#1395-1397) should emit an event for:
- swapTokensAtAmount = value (#1396)
CBCDAO.setLaunchedAt(uint256) (#1410-1412) should emit an event for:
- launchedAt = value (#1411)
CBCDAO.setLaunchedAtTime(uint256) (#1414-1416) should emit an event for:
- launchedAtTime = value (#1415)
Emit an event for critical parameter changes.
Additional information: link
CBCDAO.setMarketWallet(address).wallet (#1379) lacks a zero-check on :
- _marketWallet = wallet (#1380)
CBCDAO.updateUniswapV2Router(address)._uniswapV2Pair (#1426-1427) lacks a zero-check on :
- uniswapV2Pair = _uniswapV2Pair (#1428)
CBCDAO.Sweep(address)._to (#1840) lacks a zero-check on :
- address(_to).transfer(balance) (#1842)
Ownable.constructor().msgSender (#507) lacks a zero-check on :
- _owner = msgSender (#508)
Check that the address is not zero.
Additional information: link
DividendPayingToken._withdrawDividendOfUser(address) (#1076-1092) has external calls inside a loop: (success) = user.call{gas: 3000,value: _withdrawableDividend}() (#1081)
Favor pull over push strategy for external calls.
Additional information: link
Variable 'CBCDAO._transfer(address,address,uint256).claims (#1672)' in CBCDAO._transfer(address,address,uint256) (#1575-1679) potentially used before declaration: ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1673)
Variable 'CBCDAO._transfer(address,address,uint256).iterations (#1672)' in CBCDAO._transfer(address,address,uint256) (#1575-1679) potentially used before declaration: ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1673)
Variable 'CBCDAO._transfer(address,address,uint256).lastProcessedIndex (#1672)' in CBCDAO._transfer(address,address,uint256) (#1575-1679) potentially used before declaration: ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1673)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
Reentrancy in CBCDAO._swap() (#1704-1721):
External calls:
- swapForMarketing(swapTokens) (#1709)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
External calls sending eth:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
State variables written after the call(s):
- swapAndLiquify(liquidityTokens) (#1714)
- _allowances[owner][spender] = amount (#928)
Reentrancy in CBCDAO._swap() (#1704-1721):
External calls:
- swapForMarketing(swapTokens) (#1709)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- swapAndSendDividends(sellTokens) (#1720)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
External calls sending eth:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- swapAndSendDividends(sellTokens) (#1720)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
State variables written after the call(s):
- swapAndSendDividends(sellTokens) (#1720)
- _allowances[owner][spender] = amount (#928)
Reentrancy in CBCDAO._transfer(address,address,uint256) (#1575-1679):
External calls:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
External calls sending eth:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
State variables written after the call(s):
- launch() (#1629)
- launchedAt = block.number (#1558)
- launch() (#1629)
- launchedAtTime = block.timestamp (#1559)
Reentrancy in CBCDAO.constructor() (#1272-1328):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1297-1298)
State variables written after the call(s):
- uniswapV2Pair = _uniswapV2Pair (#1301)
- uniswapV2Router = _uniswapV2Router (#1300)
Reentrancy in CBCDAO.constructor() (#1272-1328):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1297-1298)
- _setAutomatedMarketMCBCDAOerPair(_uniswapV2Pair,true) (#1303)
- dividendTracker.excludeFromDividends(pair) (#1465)
- dividendTracker.excludeFromDividends(address(dividendTracker)) (#1306)
- dividendTracker.excludeFromDividends(address(this)) (#1307)
- dividendTracker.excludeFromDividends(owner()) (#1308)
- dividendTracker.excludeFromDividends(address(_uniswapV2Router)) (#1309)
State variables written after the call(s):
- _mint(owner(),_total) (#1327)
- _balances[account] = _balances[account].add(amount) (#882)
- excludeFromFees(liquidityWallet,true) (#1312)
- _isExcludedFromFees[account] = excluded (#1433)
- excludeFromFees(address(this),true) (#1313)
- _isExcludedFromFees[account] = excluded (#1433)
- excludeFromFees(address(_marketWallet),true) (#1314)
- _isExcludedFromFees[account] = excluded (#1433)
- _managerMap[msg.sender] = true (#1324)
- _marketWallet = msg.sender (#1325)
- _mint(owner(),_total) (#1327)
- _totalSupply = _totalSupply.add(amount) (#881)
- canTransferBeforeTradingIsEnabled[owner()] = true (#1317)
Reentrancy in CBCDAO.launchCheck(address,address) (#1562-1573):
External calls:
- dividendTracker.excludeFromDividends(recipient) (#1568)
State variables written after the call(s):
- _isBlacklisted[sender] = true (#1570)
Reentrancy in CBCDAODividendTracker.processAccount(address,bool) (#2047-2057):
External calls:
- amount = _withdrawDividendOfUser(account) (#2048)
- (success) = user.call{gas: 3000,value: _withdrawableDividend}() (#1081)
State variables written after the call(s):
- lastClaimTimes[account] = block.timestamp (#2051)
Reentrancy in CBCDAO.swapAndLiquify(uint256) (#1723-1747):
External calls:
- swapTokensForEth(half) (#1738)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- addLiquidity(otherHalf,newBalance) (#1744)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
External calls sending eth:
- addLiquidity(otherHalf,newBalance) (#1744)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
State variables written after the call(s):
- addLiquidity(otherHalf,newBalance) (#1744)
- _allowances[owner][spender] = amount (#928)
Reentrancy in CBCDAO.updateUniswapV2Router(address) (#1422-1429):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#1426-1427)
State variables written after the call(s):
- uniswapV2Pair = _uniswapV2Pair (#1428)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CBCDAO._setAutomatedMarketMCBCDAOerPair(address,bool) (#1460-1469):
External calls:
- dividendTracker.excludeFromDividends(pair) (#1465)
Event emitted after the call(s):
- SetAutomatedMarketMCBCDAOerPair(pair,value) (#1468)
Reentrancy in CBCDAO._swap() (#1704-1721):
External calls:
- swapForMarketing(swapTokens) (#1709)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
External calls sending eth:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#929)
- swapAndLiquify(liquidityTokens) (#1714)
- SwapAndLiquify(half,newBalance,otherHalf) (#1746)
- swapAndLiquify(liquidityTokens) (#1714)
Reentrancy in CBCDAO._swap() (#1704-1721):
External calls:
- swapForMarketing(swapTokens) (#1709)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- swapAndSendDividends(sellTokens) (#1720)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
External calls sending eth:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- swapAndSendDividends(sellTokens) (#1720)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#929)
- swapAndSendDividends(sellTokens) (#1720)
- SendDividends(tokens,dividends) (#1796)
- swapAndSendDividends(sellTokens) (#1720)
Reentrancy in CBCDAO._transfer(address,address,uint256) (#1575-1679):
External calls:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- launchCheck(from,to) (#1644)
- dividendTracker.excludeFromDividends(recipient) (#1568)
- dividendTracker.excludeFromDividends(sender) (#1571)
External calls sending eth:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#864)
- super._transfer(from,to,amount) (#1664)
- Transfer(sender,recipient,amount) (#864)
- super._transfer(from,address(this),fees) (#1661)
- Transfer(sender,recipient,amount) (#864)
- super._transfer(from,address(taxer),genFees) (#1657)
Reentrancy in CBCDAO._transfer(address,address,uint256) (#1575-1679):
External calls:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- launchCheck(from,to) (#1644)
- dividendTracker.excludeFromDividends(recipient) (#1568)
- dividendTracker.excludeFromDividends(sender) (#1571)
- dividendTracker.setBalance(address(from),balanceOf(from)) (#1666)
- dividendTracker.setBalance(address(to),balanceOf(to)) (#1667)
- dividendTracker.process(gas) (#1672-1677)
External calls sending eth:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
Event emitted after the call(s):
- ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1673)
Reentrancy in CBCDAO.constructor() (#1272-1328):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1297-1298)
- _setAutomatedMarketMCBCDAOerPair(_uniswapV2Pair,true) (#1303)
- dividendTracker.excludeFromDividends(pair) (#1465)
Event emitted after the call(s):
- SetAutomatedMarketMCBCDAOerPair(pair,value) (#1468)
- _setAutomatedMarketMCBCDAOerPair(_uniswapV2Pair,true) (#1303)
Reentrancy in CBCDAO.constructor() (#1272-1328):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1297-1298)
- _setAutomatedMarketMCBCDAOerPair(_uniswapV2Pair,true) (#1303)
- dividendTracker.excludeFromDividends(pair) (#1465)
- dividendTracker.excludeFromDividends(address(dividendTracker)) (#1306)
- dividendTracker.excludeFromDividends(address(this)) (#1307)
- dividendTracker.excludeFromDividends(owner()) (#1308)
- dividendTracker.excludeFromDividends(address(_uniswapV2Router)) (#1309)
Event emitted after the call(s):
- ExcludeFromFees(account,excluded) (#1435)
- excludeFromFees(address(this),true) (#1313)
- ExcludeFromFees(account,excluded) (#1435)
- excludeFromFees(liquidityWallet,true) (#1312)
- ExcludeFromFees(account,excluded) (#1435)
- excludeFromFees(address(_marketWallet),true) (#1314)
- Transfer(address(0),account,amount) (#883)
- _mint(owner(),_total) (#1327)
Reentrancy in CBCDAODividendTracker.processAccount(address,bool) (#2047-2057):
External calls:
- amount = _withdrawDividendOfUser(account) (#2048)
- (success) = user.call{gas: 3000,value: _withdrawableDividend}() (#1081)
Event emitted after the call(s):
- Claim(account,amount,automatic) (#2052)
Reentrancy in CBCDAO.processDividendTracker(uint256) (#1536-1539):
External calls:
- (iterations,claims,lastProcessedIndex) = dividendTracker.process(gas) (#1537)
Event emitted after the call(s):
- ProcessedDividendTracker(iterations,claims,lastProcessedIndex,false,gas,tx.origin) (#1538)
Reentrancy in CBCDAO.swapAndLiquify(uint256) (#1723-1747):
External calls:
- swapTokensForEth(half) (#1738)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- addLiquidity(otherHalf,newBalance) (#1744)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
External calls sending eth:
- addLiquidity(otherHalf,newBalance) (#1744)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#929)
- addLiquidity(otherHalf,newBalance) (#1744)
- SwapAndLiquify(half,newBalance,otherHalf) (#1746)
Reentrancy in CBCDAO.swapAndSendDividends(uint256) (#1787-1798):
External calls:
- swapTokensForEth(tokens) (#1791)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1760-1766)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
External calls sending eth:
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
Event emitted after the call(s):
- SendDividends(tokens,dividends) (#1796)
Reentrancy in CBCDAO.updateDividendTracker(address) (#1342-1357):
External calls:
- newDividendTracker.excludeFromDividends(address(newDividendTracker)) (#1349)
- newDividendTracker.excludeFromDividends(address(this)) (#1350)
- newDividendTracker.excludeFromDividends(owner()) (#1351)
- newDividendTracker.excludeFromDividends(address(uniswapV2Router)) (#1352)
Event emitted after the call(s):
- UpdateDividendTracker(newAddress,address(dividendTracker)) (#1354)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#575-580) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now > _lockTime,Contract is locked until 7 days) (#577)
CBCDAO._transfer(address,address,uint256) (#1575-1679) uses timestamp for comparisons
Dangerous comparisons:
- launchedAtTime.add(_protectTime) >= block.timestamp (#1639)
CBCDAODividendTracker.getAccount(address) (#1911-1954) uses timestamp for comparisons
Dangerous comparisons:
- nextClaimTime > block.timestamp (#1951-1953)
CBCDAODividendTracker.canAutoClaim(uint256) (#1975-1981) uses timestamp for comparisons
Dangerous comparisons:
- lastClaimTime > block.timestamp (#1976)
- block.timestamp.sub(lastClaimTime) >= claimWait (#1980)
Avoid relying on block.timestamp.
Additional information: link
CBCDAO.isContract(address) (#1800-1810) uses assembly
- INLINE ASM (#1806-1808)
Do not use evm assembly.
Additional information: link
Context._msgData() (#489-492) is never used and should be removed
DividendPayingToken._transfer(address,address,uint256) (#1132-1138) is never used and should be removed
SafeMath.mod(uint256,uint256) (#190-192) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#206-209) is never used and should be removed
SafeMathInt.abs(int256) (#260-263) is never used and should be removed
SafeMathInt.div(int256,int256) (#231-237) is never used and should be removed
SafeMathInt.mul(int256,int256) (#219-226) is never used and should be removed
Remove unused functions.
Additional information: link
CBCDAO.maxSellTransactionAmount (#1191) is set pre-construction with a non-constant function or state variable:
- _total
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.6.2 (#6) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in DividendPayingToken._withdrawDividendOfUser(address) (#1076-1092):
- (success) = user.call{gas: 3000,value: _withdrawableDividend}() (#1081)
Low level call in CBCDAO.swapAndSendDividends(uint256) (#1787-1798):
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#311) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#312) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#329) is not in mixedCase
Function IUniswapV2Router01.WETH() (#349) is not in mixedCase
Variable Ownable._oMap (#499) is not in mixedCase
Parameter DividendPayingToken.dividendOf(address)._owner (#1098) is not in mixedCase
Parameter DividendPayingToken.withdrawableDividendOf(address)._owner (#1105) is not in mixedCase
Parameter DividendPayingToken.withdrawnDividendOf(address)._owner (#1112) is not in mixedCase
Parameter DividendPayingToken.accumulativeDividendOf(address)._owner (#1122) is not in mixedCase
Constant DividendPayingToken.magnitude (#1013) is not in UPPER_CASE_WITH_UNDERSCORES
Function CBCDAO._tokenToBnbValue(address,address,uint256) (#1816-1833) is not in mixedCase
Parameter CBCDAO.transferForeignToken(address,address)._token (#1835) is not in mixedCase
Parameter CBCDAO.transferForeignToken(address,address)._to (#1835) is not in mixedCase
Function CBCDAO.Sweep(address) (#1840-1843) is not in mixedCase
Parameter CBCDAO.Sweep(address)._to (#1840) is not in mixedCase
Variable CBCDAO._maxTxAmount (#1190) is not in mixedCase
Variable CBCDAO._protectTime (#1196) is not in mixedCase
Variable CBCDAO._isBlacklisted (#1198) is not in mixedCase
Variable CBCDAO.ETHRewardsFee (#1203) is not in mixedCase
Variable CBCDAO._marketWallet (#1210) is not in mixedCase
Variable CBCDAO._managerMap (#1231) is not in mixedCase
Variable CBCDAO._referrerByAddr (#1233) is not in mixedCase
Parameter CBCDAODividendTracker.getAccount(address)._account (#1911) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#490)" inContext (#484-493)
Redundant expression "recipient (#1831)" inCBCDAO (#1175-1850)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in CBCDAO._swap() (#1704-1721):
External calls:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
External calls sending eth:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
State variables written after the call(s):
- swapAndLiquify(liquidityTokens) (#1714)
- _allowances[owner][spender] = amount (#928)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#929)
- swapAndLiquify(liquidityTokens) (#1714)
- SwapAndLiquify(half,newBalance,otherHalf) (#1746)
- swapAndLiquify(liquidityTokens) (#1714)
Reentrancy in CBCDAO._swap() (#1704-1721):
External calls:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
External calls sending eth:
- swapForMarketing(swapTokens) (#1709)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
- swapAndLiquify(liquidityTokens) (#1714)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- swapAndSendDividends(sellTokens) (#1720)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
State variables written after the call(s):
- swapAndSendDividends(sellTokens) (#1720)
- _allowances[owner][spender] = amount (#928)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#929)
- swapAndSendDividends(sellTokens) (#1720)
- SendDividends(tokens,dividends) (#1796)
- swapAndSendDividends(sellTokens) (#1720)
Reentrancy in CBCDAO._transfer(address,address,uint256) (#1575-1679):
External calls:
- _swap() (#1616)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
External calls sending eth:
- _swap() (#1616)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(_marketWallet),block.timestamp) (#1776-1783)
- (success) = address(dividendTracker).call{value: dividends}() (#1793)
- address(address(_marketWallet)).transfer(markingBalance) (#1695)
State variables written after the call(s):
- super._transfer(from,address(taxer),genFees) (#1657)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#862)
- _balances[recipient] = _balances[recipient].add(amount) (#863)
- super._transfer(from,address(this),fees) (#1661)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#862)
- _balances[recipient] = _balances[recipient].add(amount) (#863)
- super._transfer(from,to,amount) (#1664)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#862)
- _balances[recipient] = _balances[recipient].add(amount) (#863)
- launchCheck(from,to) (#1644)
- _isBlacklisted[recipient] = true (#1567)
- _isBlacklisted[sender] = true (#1570)
- launch() (#1629)
- launchedAt = block.number (#1558)
- launch() (#1629)
- launchedAtTime = block.timestamp (#1559)
- swapping = false (#1618)
Event emitted after the call(s):
- ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1673)
- Transfer(sender,recipient,amount) (#864)
- super._transfer(from,to,amount) (#1664)
- Transfer(sender,recipient,amount) (#864)
- super._transfer(from,address(this),fees) (#1661)
- Transfer(sender,recipient,amount) (#864)
- super._transfer(from,address(taxer),genFees) (#1657)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#356) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#357)
Variable DividendPayingToken._withdrawDividendOfUser(address)._withdrawableDividend (#1077) is too similar to CBCDAODividendTracker.getAccount(address).withdrawableDividends (#1916)
Prevent variables from having similar names.
Additional information: link
CBCDAO.updateGasForProcessing(uint256) (#1479-1484) uses literals with too many digits:
- require(bool,string)(newValue >= 200000 && newValue <= 500000,CBCDAO: gasForProcessing must be between 200,000 and 500,000) (#1480)
CBCDAO.slitherConstructorVariables() (#1175-1850) uses literals with too many digits:
- gasForProcessing = 300000 (#1215)
CBCDAODividendTracker.constructor(address) (#1872-1876) uses literals with too many digits:
- minimumTokenBalanceForDividends = 1000000 * (10 ** 18) (#1874)
CBCDAODividendTracker.getAccountAtIndex(uint256) (#1956-1973) uses literals with too many digits:
- (0x0000000000000000000000000000000000000000,- 1,- 1,0,0,0,0,0) (#1967)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SafeMathInt.MAX_INT256 (#214) is never used in SafeMathInt (#212-270)
Remove unused state variables.
Additional information: link
CBCDAO._protectTime (#1196) should be constant
CBCDAO._total (#1187) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
get(IterableMapping.Map,address) should be declared external:
- IterableMapping.get(IterableMapping.Map,address) (#17-19)
getIndexOfKey(IterableMapping.Map,address) should be declared external:
- IterableMapping.getIndexOfKey(IterableMapping.Map,address) (#21-26)
getKeyAtIndex(IterableMapping.Map,uint256) should be declared external:
- IterableMapping.getKeyAtIndex(IterableMapping.Map,uint256) (#28-30)
size(IterableMapping.Map) should be declared external:
- IterableMapping.size(IterableMapping.Map) (#34-36)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#539-542)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#548-552)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#554-556)
getTime() should be declared external:
- Ownable.getTime() (#564-566)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#568-573)
unlock() should be declared external:
- Ownable.unlock() (#575-580)
name() should be declared external:
- ERC20.name() (#704-706)
symbol() should be declared external:
- ERC20.symbol() (#712-714)
decimals() should be declared external:
- ERC20.decimals() (#729-731)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#755-758)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#763-765)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#774-777)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#792-800)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#814-817)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#833-836)
withdrawDividend() should be declared external:
- CBCDAODividendTracker.withdrawDividend() (#1882-1884)
- DividendPayingToken.withdrawDividend() (#1070-1072)
dividendOf(address) should be declared external:
- DividendPayingToken.dividendOf(address) (#1098-1100)
withdrawnDividendOf(address) should be declared external:
- DividendPayingToken.withdrawnDividendOf(address) (#1112-1114)
updatePaused(bool) should be declared external:
- CBCDAO.updatePaused(bool) (#1334-1336)
updateGenFee(uint256) should be declared external:
- CBCDAO.updateGenFee(uint256) (#1338-1340)
updateDividendTracker(address) should be declared external:
- CBCDAO.updateDividendTracker(address) (#1342-1357)
setETHRewardsFee(uint256) should be declared external:
- CBCDAO.setETHRewardsFee(uint256) (#1359-1362)
setBuyBackFee(uint256) should be declared external:
- CBCDAO.setBuyBackFee(uint256) (#1364-1367)
setMarketFee(uint256) should be declared external:
- CBCDAO.setMarketFee(uint256) (#1369-1372)
setLiquidityFee(uint256) should be declared external:
- CBCDAO.setLiquidityFee(uint256) (#1374-1377)
setMarketWallet(address) should be declared external:
- CBCDAO.setMarketWallet(address) (#1379-1381)
setSwapEnabled(bool) should be declared external:
- CBCDAO.setSwapEnabled(bool) (#1383-1385)
setMaxSellTransactionAmount(uint256) should be declared external:
- CBCDAO.setMaxSellTransactionAmount(uint256) (#1399-1401)
updateUniswapV2Router(address) should be declared external:
- CBCDAO.updateUniswapV2Router(address) (#1422-1429)
excludeMultipleAccountsFromFees(address[],bool) should be declared external:
- CBCDAO.excludeMultipleAccountsFromFees(address[],bool) (#1438-1444)
setAutomatedMarketMCBCDAOerPair(address,bool) should be declared external:
- CBCDAO.setAutomatedMarketMCBCDAOerPair(address,bool) (#1454-1458)
updateLiquidityWallet(address) should be declared external:
- CBCDAO.updateLiquidityWallet(address) (#1472-1477)
updateGasForProcessing(uint256) should be declared external:
- CBCDAO.updateGasForProcessing(uint256) (#1479-1484)
isExcludedFromFees(address) should be declared external:
- CBCDAO.isExcludedFromFees(address) (#1498-1500)
withdrawableDividendOf(address) should be declared external:
- CBCDAO.withdrawableDividendOf(address) (#1502-1504)
dividendTokenBalanceOf(address) should be declared external:
- CBCDAO.dividendTokenBalanceOf(address) (#1506-1508)
swapAll() should be declared external:
- CBCDAO.swapAll() (#1698-1702)
mint(address,uint256) should be declared external:
- CBCDAO.mint(address,uint256) (#1812-1814)
transferForeignToken(address,address) should be declared external:
- CBCDAO.transferForeignToken(address,address) (#1835-1838)
getAccountAtIndex(uint256) should be declared external:
- CBCDAODividendTracker.getAccountAtIndex(uint256) (#1956-1973)
process(uint256) should be declared external:
- CBCDAODividendTracker.process(uint256) (#2000-2045)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts