CELL [Cellframe] Token

ERC20._sendETHToMarketing(uint256) (contracts/CellToken.sol#413-416) sends eth to arbitrary user
Dangerous calls:
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in ERC20._transfer(address,address,uint256) (contracts/CellToken.sol#327-352):
External calls:
- _amountToRecipient = _takeFeeOnSwap(sender,recipient,amount) (contracts/CellToken.sol#343)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
External calls sending eth:
- _amountToRecipient = _takeFeeOnSwap(sender,recipient,amount) (contracts/CellToken.sol#343)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (contracts/CellToken.sol#346-349)
- _balances[recipient] = _balances[recipient].add(_amountToRecipient) (contracts/CellToken.sol#350)
Reentrancy in ERC20._takeFeeOnSwap(address,address,uint256) (contracts/CellToken.sol#354-381):
External calls:
- _swapTokens(_contractTokenBalance) (contracts/CellToken.sol#374)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
External calls sending eth:
- _swapTokens(_contractTokenBalance) (contracts/CellToken.sol#374)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
State variables written after the call(s):
- _balances[address(this)] = _balances[address(this)].add(_amountToContract) (contracts/CellToken.sol#378)
Apply the check-effects-interactions pattern.

Additional information: link

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/Context.sol#3) allows old versions
Pragma version>=0.5.0 (@uniswap/v2-core/contracts/interfaces/IUniswapV2Factory.sol#1) allows old versions
Pragma version>=0.5.0 (@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#1) allows old versions
Pragma version>=0.6.2 (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol#1) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/access/Ownable.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/math/SafeMath.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/Address.sol#3) allows old versions
Pragma version>=0.6.2 (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#1) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Function IUniswapV2Pair.PERMIT_TYPEHASH() (@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#19) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#36) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#18) is not in mixedCase
Parameter ERC20.setMarketingAddress(address)._addy (contracts/CellToken.sol#104) is not in mixedCase
Function IUniswapV2Router01.WETH() (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#5) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Contract ownership is semi-renounced (passed to a contract)

ERC20.emergencyWithdraw() (contracts/CellToken.sol#131-133) ignores return value by address(owner()).send(address(this).balance) (contracts/CellToken.sol#132)
Ensure that the return value of send is checked or logged.

Additional information: link

ERC20._sendETHToMarketing(uint256) (contracts/CellToken.sol#413-416) ignores return value by marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
Ensure that the return value of a low-level call is checked or logged.

Additional information: link

ERC20.constructor(string,string).name (contracts/CellToken.sol#85) shadows:
- ERC20.name() (contracts/CellToken.sol#138-140) (function)
CellToken.constructor(string,string,uint256).symbol (contracts/CellToken.sol#528) shadows:
- ERC20.symbol() (contracts/CellToken.sol#146-148) (function)
ERC20.allowance(address,address).owner (contracts/CellToken.sol#202) shadows:
- Ownable.owner() (@openzeppelin/contracts/access/Ownable.sol#34-36) (function)
CellToken.constructor(string,string,uint256).totalSupply (contracts/CellToken.sol#529) shadows:
- ERC20.totalSupply() (contracts/CellToken.sol#170-172) (function)
- IERC20.totalSupply() (@openzeppelin/contracts/token/ERC20/IERC20.sol#12) (function)
ERC20.constructor(string,string).symbol (contracts/CellToken.sol#85) shadows:
- ERC20.symbol() (contracts/CellToken.sol#146-148) (function)
ERC20._approve(address,address,uint256).owner (contracts/CellToken.sol#475) shadows:
- Ownable.owner() (@openzeppelin/contracts/access/Ownable.sol#34-36) (function)
CellToken.constructor(string,string,uint256).name (contracts/CellToken.sol#527) shadows:
- ERC20.name() (contracts/CellToken.sol#138-140) (function)
Rename the local variables that shadow another component.

Additional information: link

ERC20.setMarketingAddress(address)._addy (contracts/CellToken.sol#104) lacks a zero-check on :
- marketingAddress = address(_addy) (contracts/CellToken.sol#105)
Check that the address is not zero.

Additional information: link

Reentrancy in ERC20.transferFrom(address,address,uint256) (contracts/CellToken.sol#241-256):
External calls:
- _transfer(sender,recipient,amount) (contracts/CellToken.sol#246)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
External calls sending eth:
- _transfer(sender,recipient,amount) (contracts/CellToken.sol#246)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/CellToken.sol#247-254)
- _allowances[owner][spender] = amount (contracts/CellToken.sol#482)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in ERC20.transferFrom(address,address,uint256) (contracts/CellToken.sol#241-256):
External calls:
- _transfer(sender,recipient,amount) (contracts/CellToken.sol#246)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
External calls sending eth:
- _transfer(sender,recipient,amount) (contracts/CellToken.sol#246)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/CellToken.sol#483)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/CellToken.sol#247-254)
Reentrancy in ERC20._swapTokensForEth(uint256) (contracts/CellToken.sol#393-411):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
Event emitted after the call(s):
- SwapTokensForETH(_tokenAmount,path) (contracts/CellToken.sol#410)
Reentrancy in ERC20._takeFeeOnSwap(address,address,uint256) (contracts/CellToken.sol#354-381):
External calls:
- _swapTokens(_contractTokenBalance) (contracts/CellToken.sol#374)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
External calls sending eth:
- _swapTokens(_contractTokenBalance) (contracts/CellToken.sol#374)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
Event emitted after the call(s):
- Transfer(_from,address(this),_amountToContract) (contracts/CellToken.sol#379)
Reentrancy in ERC20._transfer(address,address,uint256) (contracts/CellToken.sol#327-352):
External calls:
- _amountToRecipient = _takeFeeOnSwap(sender,recipient,amount) (contracts/CellToken.sol#343)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(_tokenAmount,0,path,address(this),block.timestamp) (contracts/CellToken.sol#402-408)
External calls sending eth:
- _amountToRecipient = _takeFeeOnSwap(sender,recipient,amount) (contracts/CellToken.sol#343)
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
Event emitted after the call(s):
- Transfer(sender,recipient,_amountToRecipient) (contracts/CellToken.sol#351)
Apply the check-effects-interactions pattern.

Additional information: link

Address._verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#189-209) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#201-204)
Address.isContract(address) (@openzeppelin/contracts/utils/Address.sol#26-36) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#32-34)
Do not use evm assembly.

Additional information: link

Different versions of Solidity are used:
- Version used: ['0.8.4', '>=0.5.0', '>=0.6.2', '^0.8.0']
- ^0.8.0 (@openzeppelin/contracts/access/Ownable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/Address.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/Context.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/math/SafeMath.sol#3)
- >=0.5.0 (@uniswap/v2-core/contracts/interfaces/IUniswapV2Factory.sol#1)
- >=0.5.0 (@uniswap/v2-core/contracts/interfaces/IUniswapV2Pair.sol#1)
- >=0.6.2 (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#1)
- >=0.6.2 (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol#1)
- 0.8.4 (contracts/CellToken.sol#3)
- 0.8.4 (contracts/CellToken.sol#523)
Use one Solidity version.

Additional information: link

SafeMath.tryDiv(uint256,uint256) (@openzeppelin/contracts/utils/math/SafeMath.sol#63-68) is never used and should be removed
Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#54-59) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts/utils/Address.sol#108-114) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (@openzeppelin/contracts/utils/math/SafeMath.sol#75-80) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#178-187) is never used and should be removed
Address.functionDelegateCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#168-170) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (@openzeppelin/contracts/utils/math/SafeMath.sol#21-27) is never used and should be removed
ERC20._burn(address,uint256) (contracts/CellToken.sol#448-459) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (@openzeppelin/contracts/utils/math/SafeMath.sol#216-225) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#122-133) is never used and should be removed
SafeMath.div(uint256,uint256,string) (@openzeppelin/contracts/utils/math/SafeMath.sol#190-199) is never used and should be removed
ERC20._setupDecimals(uint8) (contracts/CellToken.sol#493-495) is never used and should be removed
Context._msgData() (@openzeppelin/contracts/utils/Context.sol#20-22) is never used and should be removed
Address.functionStaticCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#141-143) is never used and should be removed
SafeMath.mod(uint256,uint256) (@openzeppelin/contracts/utils/math/SafeMath.sol#150-152) is never used and should be removed
Address._verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#189-209) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (@openzeppelin/contracts/utils/math/SafeMath.sol#46-56) is never used and should be removed
SafeMath.trySub(uint256,uint256) (@openzeppelin/contracts/utils/math/SafeMath.sol#34-39) is never used and should be removed
Address.isContract(address) (@openzeppelin/contracts/utils/Address.sol#26-36) is never used and should be removed
Address.functionCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#89-95) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#151-160) is never used and should be removed
Address.functionCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#79-81) is never used and should be removed
Remove unused functions.

Additional information: link

Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#122-133):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts/utils/Address.sol#131)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#178-187):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts/utils/Address.sol#185)
Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#54-59):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts/utils/Address.sol#57)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#151-160):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts/utils/Address.sol#158)
Low level call in ERC20._sendETHToMarketing(uint256) (contracts/CellToken.sol#413-416):
- marketingAddress.call{value: _amount}() (contracts/CellToken.sol#415)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#10) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (@uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router01.sol#11)
Prevent variables from having similar names.

Additional information: link

ERC20._uniswapRouterAddress (contracts/CellToken.sol#65-66) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (contracts/CellToken.sol#241-256)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (@openzeppelin/contracts/access/Ownable.sol#53-55)
decimals() should be declared external:
- ERC20.decimals() (contracts/CellToken.sol#163-165)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (contracts/CellToken.sol#297-311)
symbol() should be declared external:
- ERC20.symbol() (contracts/CellToken.sol#146-148)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (contracts/CellToken.sol#189-197)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (contracts/CellToken.sol#270-281)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (@openzeppelin/contracts/access/Ownable.sol#61-64)
name() should be declared external:
- ERC20.name() (contracts/CellToken.sol#138-140)
totalSupply() should be declared external:
- ERC20.totalSupply() (contracts/CellToken.sol#170-172)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (contracts/CellToken.sol#219-227)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (contracts/CellToken.sol#202-210)
Use the external attribute for functions never called from the contract.

Additional information: link

Average 30d PancakeSwap liquidity is less than $100. Token is either dead or inactive.

Average 30d number of PancakeSwap swaps is less than 1. Token is either dead or inactive.

Contract has 5% buy tax and 8% sell tax.
Taxes are low and contract ownership is renounced.

BscScan page for the token does not contain additional info: website, socials, description, etc.

Additional information: link

Token is not listed at Mobula.Finance

Additional information: link

Unable to find whitepaper link on the website

Unable to find token on CoinHunt

Additional information: link

Unable to verify token contract address on the website