CHES [ChainEstate] Token

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

ChainEstateToken.sendFeesToWallets(uint256) (ChainEstateToken.sol#290-295) sends eth to arbitrary user
Dangerous calls:
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in ChainEstateToken.transfer(address,uint256) (ChainEstateToken.sol#164-211):
External calls:
- swapCHESForBNB(contractCHESBalance) (ChainEstateToken.sol#198)
- uniswapRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (ChainEstateToken.sol#277-283)
External calls sending eth:
- sendFeesToWallets(address(this).balance) (ChainEstateToken.sol#203)
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
State variables written after the call(s):
- _transfer(_msgSender(),recipient,valueAfterFees) (ChainEstateToken.sol#209)
- _balances[from] = fromBalance - amount (ERC20.sol#239)
- _balances[to] += amount (ERC20.sol#241)
- _transfer(_msgSender(),recipient,valueAfterFees) (ChainEstateToken.sol#209)
- airDropInvestTime[to] = (value * block.timestamp + (userBalance - value) * airDropInvestTime[to]) / userBalance (ChainEstateToken.sol#342)
Reentrancy in ChainEstateToken.transferFrom(address,address,uint256) (ChainEstateToken.sol#220-266):
External calls:
- swapCHESForBNB(contractCHESBalance) (ChainEstateToken.sol#253)
- uniswapRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (ChainEstateToken.sol#277-283)
External calls sending eth:
- sendFeesToWallets(address(this).balance) (ChainEstateToken.sol#258)
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
State variables written after the call(s):
- _transfer(from,to,valueAfterFees) (ChainEstateToken.sol#264)
- _balances[from] = fromBalance - amount (ERC20.sol#239)
- _balances[to] += amount (ERC20.sol#241)
- _transfer(from,to,valueAfterFees) (ChainEstateToken.sol#264)
- airDropInvestTime[to] = (value * block.timestamp + (userBalance - value) * airDropInvestTime[to]) / userBalance (ChainEstateToken.sol#342)
Apply the check-effects-interactions pattern.

Additional information: link

Contract ownership is not renounced (belongs to a wallet)

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Different versions of Solidity is used:
- Version used: ['>=0.8.0<0.9.0', '^0.8.0']
- >=0.8.0<0.9.0 (ChainEstateToken.sol#3)
- ^0.8.0 (Context.sol#4)
- ^0.8.0 (ERC20.sol#4)
- ^0.8.0 (IERC20.sol#4)
- ^0.8.0 (IERC20Metadata.sol#4)
- ^0.8.0 (Ownable.sol#4)
- >=0.8.0<0.9.0 (Uniswap.sol#2)
Use one Solidity version.

Additional information: link

Context._msgData() (Context.sol#21-23) is never used and should be removed
Remove unused functions.

Additional information: link

ChainEstateToken.setContractCHESDivisor(uint256) (ChainEstateToken.sol#329-331) should emit an event for:
- contractCHESDivisor = newDivisor (ChainEstateToken.sol#330)
Emit an event for critical parameter changes.

Additional information: link

Reentrancy in ChainEstateToken.transfer(address,uint256) (ChainEstateToken.sol#164-211):
External calls:
- swapCHESForBNB(contractCHESBalance) (ChainEstateToken.sol#198)
- uniswapRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (ChainEstateToken.sol#277-283)
External calls sending eth:
- sendFeesToWallets(address(this).balance) (ChainEstateToken.sol#203)
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
Event emitted after the call(s):
- Transfer(from,to,amount) (ERC20.sol#243)
- _transfer(_msgSender(),recipient,valueAfterFees) (ChainEstateToken.sol#209)
Reentrancy in ChainEstateToken.transferFrom(address,address,uint256) (ChainEstateToken.sol#220-266):
External calls:
- swapCHESForBNB(contractCHESBalance) (ChainEstateToken.sol#253)
- uniswapRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(amount,0,path,address(this),block.timestamp) (ChainEstateToken.sol#277-283)
External calls sending eth:
- sendFeesToWallets(address(this).balance) (ChainEstateToken.sol#258)
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
Event emitted after the call(s):
- Transfer(from,to,amount) (ERC20.sol#243)
- _transfer(from,to,valueAfterFees) (ChainEstateToken.sol#264)
Apply the check-effects-interactions pattern.

Additional information: link

Pragma version>=0.8.0<0.9.0 (ChainEstateToken.sol#3) is too complex
Pragma version^0.8.0 (Context.sol#4) allows old versions
Pragma version^0.8.0 (ERC20.sol#4) allows old versions
Pragma version^0.8.0 (IERC20.sol#4) allows old versions
Pragma version^0.8.0 (IERC20Metadata.sol#4) allows old versions
Pragma version^0.8.0 (Ownable.sol#4) allows old versions
Pragma version>=0.8.0<0.9.0 (Uniswap.sol#2) is too complex
solc-0.8.8 is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Event ChainEstateTokenrealEstateTransactionFeeUpdated(uint256) (ChainEstateToken.sol#76) is not in CapWords
Event ChainEstateTokenmarketingTransactionFeeUpdated(uint256) (ChainEstateToken.sol#77) is not in CapWords
Event ChainEstateTokendeveloperTransactionFeeUpdated(uint256) (ChainEstateToken.sol#78) is not in CapWords
Function IUniswapV2Router01.WETH() (Uniswap.sol#15) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (Uniswap.sol#20) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (Uniswap.sol#21)
Prevent variables from having similar names.

Additional information: link

getContractAddress() should be declared external:
- ChainEstateToken.getContractAddress() (ChainEstateToken.sol#130-132)
excludeUserFromFees(address) should be declared external:
- ChainEstateToken.excludeUserFromFees(address) (ChainEstateToken.sol#138-140)
getCurrentTimestamp() should be declared external:
- ChainEstateToken.getCurrentTimestamp() (ChainEstateToken.sol#146-148)
includeUsersInFees(address) should be declared external:
- ChainEstateToken.includeUsersInFees(address) (ChainEstateToken.sol#154-156)
transfer(address,uint256) should be declared external:
- ChainEstateToken.transfer(address,uint256) (ChainEstateToken.sol#164-211)
- ERC20.transfer(address,uint256) (ERC20.sol#113-117)
transferFrom(address,address,uint256) should be declared external:
- ChainEstateToken.transferFrom(address,address,uint256) (ChainEstateToken.sol#220-266)
- ERC20.transferFrom(address,address,uint256) (ERC20.sol#158-167)
disperseFeesManually() should be declared external:
- ChainEstateToken.disperseFeesManually() (ChainEstateToken.sol#300-303)
swapCHESForBNBManually(uint256,bool) should be declared external:
- ChainEstateToken.swapCHESForBNBManually(uint256,bool) (ChainEstateToken.sol#310-321)
setContractCHESDivisor(uint256) should be declared external:
- ChainEstateToken.setContractCHESDivisor(uint256) (ChainEstateToken.sol#329-331)
updateBlackList(address,bool) should be declared external:
- ChainEstateToken.updateBlackList(address,bool) (ChainEstateToken.sol#353-355)
updateRealEstateTransactionFee(uint256) should be declared external:
- ChainEstateToken.updateRealEstateTransactionFee(uint256) (ChainEstateToken.sol#361-365)
updateMarketingTransactionFee(uint256) should be declared external:
- ChainEstateToken.updateMarketingTransactionFee(uint256) (ChainEstateToken.sol#371-375)
updateDeveloperTransactionFee(uint256) should be declared external:
- ChainEstateToken.updateDeveloperTransactionFee(uint256) (ChainEstateToken.sol#381-385)
updateMinter(address,bool) should be declared external:
- ChainEstateToken.updateMinter(address,bool) (ChainEstateToken.sol#392-394)
mint(address,uint256) should be declared external:
- ChainEstateToken.mint(address,uint256) (ChainEstateToken.sol#401-404)
burn(address,uint256) should be declared external:
- ChainEstateToken.burn(address,uint256) (ChainEstateToken.sol#411-414)
setAirDropInvestTime(address,uint256) should be declared external:
- ChainEstateToken.setAirDropInvestTime(address,uint256) (ChainEstateToken.sol#421-424)
setTokenClaimContractAddress(address) should be declared external:
- ChainEstateToken.setTokenClaimContractAddress(address) (ChainEstateToken.sol#430-432)
name() should be declared external:
- ERC20.name() (ERC20.sol#62-64)
symbol() should be declared external:
- ERC20.symbol() (ERC20.sol#70-72)
decimals() should be declared external:
- ERC20.decimals() (ERC20.sol#87-89)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (ERC20.sol#136-140)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (ERC20.sol#181-185)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (ERC20.sol#201-210)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (Ownable.sol#54-56)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (Ownable.sol#62-65)
Use the external attribute for functions never called from the contract.

Additional information: link

ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address) (ChainEstateToken.sol#86-124) ignores return value by IERC20(uniswapPair).approve(address(uniswapRouter),type()(uint256).max) (ChainEstateToken.sol#123)
Ensure that all the return values of the function calls are used.

Additional information: link

ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._airDropContractAddress (ChainEstateToken.sol#88) lacks a zero-check on :
- airDropContractAddress = _airDropContractAddress (ChainEstateToken.sol#96)
ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._realEstateWalletAddress (ChainEstateToken.sol#91) lacks a zero-check on :
- realEstateWalletAddress = _realEstateWalletAddress (ChainEstateToken.sol#97)
ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._burnWalletAddress (ChainEstateToken.sol#89) lacks a zero-check on :
- burnWalletAddress = _burnWalletAddress (ChainEstateToken.sol#98)
ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._liquidityWalletAddress (ChainEstateToken.sol#90) lacks a zero-check on :
- liquidityWalletAddress = _liquidityWalletAddress (ChainEstateToken.sol#99)
ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._marketingWalletAddress (ChainEstateToken.sol#92) lacks a zero-check on :
- marketingWalletAddress = _marketingWalletAddress (ChainEstateToken.sol#100)
ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._developerWalletAddress (ChainEstateToken.sol#93) lacks a zero-check on :
- developerWalletAddress = _developerWalletAddress (ChainEstateToken.sol#101)
ChainEstateToken.constructor(uint256,address,address,address,address,address,address,address)._uniswapRouterAddress (ChainEstateToken.sol#94) lacks a zero-check on :
- uniswapRouterAddress = _uniswapRouterAddress (ChainEstateToken.sol#102)
ChainEstateToken.setTokenClaimContractAddress(address).tokenClaimAddress (ChainEstateToken.sol#430) lacks a zero-check on :
- tokenClaimContractAddress = tokenClaimAddress (ChainEstateToken.sol#431)
Check that the address is not zero.

Additional information: link

Reentrancy in ChainEstateToken.transfer(address,uint256) (ChainEstateToken.sol#164-211):
External calls:
- sendFeesToWallets(address(this).balance) (ChainEstateToken.sol#203)
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
State variables written after the call(s):
- _transfer(_msgSender(),recipient,valueAfterFees) (ChainEstateToken.sol#209)
- _balances[from] = fromBalance - amount (ERC20.sol#239)
- _balances[to] += amount (ERC20.sol#241)
- _transfer(_msgSender(),recipient,valueAfterFees) (ChainEstateToken.sol#209)
- airDropInvestTime[to] = (value * block.timestamp + (userBalance - value) * airDropInvestTime[to]) / userBalance (ChainEstateToken.sol#342)
Event emitted after the call(s):
- Transfer(from,to,amount) (ERC20.sol#243)
- _transfer(_msgSender(),recipient,valueAfterFees) (ChainEstateToken.sol#209)
Reentrancy in ChainEstateToken.transferFrom(address,address,uint256) (ChainEstateToken.sol#220-266):
External calls:
- sendFeesToWallets(address(this).balance) (ChainEstateToken.sol#258)
- realEstateWalletAddress.transfer((amount * realEstateTransactionFeePercent) / totalFee) (ChainEstateToken.sol#292)
- marketingWalletAddress.transfer((amount * marketingFeePercent) / totalFee) (ChainEstateToken.sol#293)
- developerWalletAddress.transfer((amount * developerFeePercent) / totalFee) (ChainEstateToken.sol#294)
State variables written after the call(s):
- _transfer(from,to,valueAfterFees) (ChainEstateToken.sol#264)
- _balances[from] = fromBalance - amount (ERC20.sol#239)
- _balances[to] += amount (ERC20.sol#241)
- _transfer(from,to,valueAfterFees) (ChainEstateToken.sol#264)
- airDropInvestTime[to] = (value * block.timestamp + (userBalance - value) * airDropInvestTime[to]) / userBalance (ChainEstateToken.sol#342)
Event emitted after the call(s):
- Transfer(from,to,amount) (ERC20.sol#243)
- _transfer(from,to,valueAfterFees) (ChainEstateToken.sol#264)
Apply the check-effects-interactions pattern.

Additional information: link

Average 30d number of PancakeSwap swaps is low.

Number of Binance Smart Chain (BSC) token holders is low.

Token is deployed only at one blockchain

Contract has 5% buy tax and 5% sell tax.
Taxes are low but contract ownership is not renounced. Token has a high risk of becoming a honeypot.

Unable to find token contract audit

Unable to find audit link on the website

Unable to find token on CoinHunt

Additional information: link

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death

Token has relatively low CoinGecko rank

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death