Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
CRESTEDINU.swapBack() (#415-461) sends eth to arbitrary user
Dangerous calls:
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in CRESTEDINU._transferFrom(address,address,uint256) (#292-332):
External calls:
- swapBack() (#322)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#426-432)
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
External calls sending eth:
- swapBack() (#322)
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#325)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#328)
- amountReceived = takeFee(sender,amount,recipient) (#327)
- _balances[address(this)] = _balances[address(this)].add(contractTokens) (#363)
- _balances[burnFeeReceiver] = _balances[burnFeeReceiver].add(burnTokens) (#364)
Apply the check-effects-interactions pattern.
Additional information: link
CRESTEDINU.swapBack().tmpSuccess (#443) is written in both
(tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
(tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
CRESTEDINU.swapBack().tmpSuccess (#443) is written in both
(tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
(tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
CRESTEDINU.swapBack().tmpSuccess (#443) is written in both
(tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
tmpSuccess = false (#448)
Fix or remove the writes.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
CRESTEDINU.takeFee(address,uint256,address) (#349-372) performs a multiplication on the result of a division:
-feeAmount = amount.mul(totalFee).mul(multiplier).div(feeDenominator * 100) (#358)
-burnTokens = feeAmount.mul(burnFee).div(totalFee) (#360)
Consider ordering multiplication before division.
Additional information: link
CRESTEDINU.manage_blacklist(address[],bool).i (#468) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
CRESTEDINU.swapBack() (#415-461) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
Ensure that all the return values of the function calls are used.
Additional information: link
authorize(address) should be declared external:
- Auth.authorize(address) (#73-75)
unauthorize(address) should be declared external:
- Auth.unauthorize(address) (#77-79)
transferOwnership(address) should be declared external:
- Auth.transferOwnership(address) (#89-93)
tradingStatus(bool,uint256) should be declared external:
- CRESTEDINU.tradingStatus(bool,uint256) (#393-399)
launchStatus(uint256) should be declared external:
- CRESTEDINU.launchStatus(uint256) (#401-403)
dowefuckbots(bool) should be declared external:
- CRESTEDINU.dowefuckbots(bool) (#405-407)
cooldownEnabled(bool,uint8) should be declared external:
- CRESTEDINU.cooldownEnabled(bool,uint8) (#410-413)
enable_blacklist(bool) should be declared external:
- CRESTEDINU.enable_blacklist(bool) (#463-465)
manage_blacklist(address[],bool) should be declared external:
- CRESTEDINU.manage_blacklist(address[],bool) (#467-471)
Use the external attribute for functions never called from the contract.
Additional information: link
CRESTEDINU.setMaxTxPercent_base1000(uint256) (#284-286) should emit an event for:
- _maxTxAmount = (_totalSupply * maxTXPercentage_base1000) / 1000 (#285)
CRESTEDINU.setTxLimit(uint256) (#288-290) should emit an event for:
- _maxTxAmount = amount (#289)
CRESTEDINU.set_multipliers(uint256,uint256,uint256) (#386-390) should emit an event for:
- sellMultiplier = _sell (#387)
- buyMultiplier = _buy (#388)
- transferMultiplier = _trans (#389)
CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256) (#485-494) should emit an event for:
- liquidityFee = _liquidityFee (#486)
- devFee = _devFee (#487)
- marketingFee = _marketingFee (#488)
- buybackFee = _buybackFee (#489)
- burnFee = _burnFee (#490)
- totalFee = _liquidityFee.add(_devFee).add(_marketingFee).add(_buybackFee).add(_burnFee) (#491)
- feeDenominator = _feeDenominator (#492)
CRESTEDINU.setSwapBackSettings(bool,uint256) (#504-507) should emit an event for:
- swapThreshold = _amount (#506)
CRESTEDINU.setTargetLiquidity(uint256,uint256) (#509-512) should emit an event for:
- targetLiquidity = _target (#510)
- targetLiquidityDenominator = _denominator (#511)
Emit an event for critical parameter changes.
Additional information: link
Auth.transferOwnership(address).adr (#89) lacks a zero-check on :
- owner = adr (#90)
CRESTEDINU.setFeeReceivers(address,address,address,address,address)._autoLiquidityReceiver (#496) lacks a zero-check on :
- autoLiquidityReceiver = _autoLiquidityReceiver (#497)
CRESTEDINU.setFeeReceivers(address,address,address,address,address)._marketingFeeReceiver (#496) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#498)
CRESTEDINU.setFeeReceivers(address,address,address,address,address)._buybackFeeReceiver (#496) lacks a zero-check on :
- buybackFeeReceiver = _buybackFeeReceiver (#499)
CRESTEDINU.setFeeReceivers(address,address,address,address,address)._burnFeeReceiver (#496) lacks a zero-check on :
- burnFeeReceiver = _burnFeeReceiver (#500)
CRESTEDINU.setFeeReceivers(address,address,address,address,address)._devFeeReceiver (#496) lacks a zero-check on :
- devFeeReceiver = _devFeeReceiver (#501)
Check that the address is not zero.
Additional information: link
Reentrancy in CRESTEDINU.constructor() (#221-247):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#223)
State variables written after the call(s):
- _allowances[address(this)][address(router)] = type()(uint256).max (#226)
- _balances[msg.sender] = _totalSupply (#245)
- autoLiquidityReceiver = msg.sender (#239)
- burnFeeReceiver = DEAD (#243)
- buybackFeeReceiver = 0x5d6977960420A868849A12c54Be72B4553EA1008 (#241)
- devFeeReceiver = 0xCd458867E51e56Ac17740aC7B4403ad5a69D77f3 (#242)
- isDividendExempt[pair] = true (#235)
- isDividendExempt[address(this)] = true (#236)
- isDividendExempt[DEAD] = true (#237)
- isFeeExempt[msg.sender] = true (#228)
- isTimelockExempt[msg.sender] = true (#231)
- isTimelockExempt[DEAD] = true (#232)
- isTimelockExempt[address(this)] = true (#233)
- isTxLimitExempt[msg.sender] = true (#229)
- marketingFeeReceiver = 0x79b554fe6aba00358A9Ee2be388E567A7BEa940A (#240)
- pairContract = InterfaceLP(pair) (#224)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CRESTEDINU._transferFrom(address,address,uint256) (#292-332):
External calls:
- swapBack() (#322)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#426-432)
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
External calls sending eth:
- swapBack() (#322)
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
Event emitted after the call(s):
- Transfer(sender,address(this),contractTokens) (#365)
- amountReceived = takeFee(sender,amount,recipient) (#327)
- Transfer(sender,burnFeeReceiver,burnTokens) (#368)
- amountReceived = takeFee(sender,amount,recipient) (#327)
- Transfer(sender,recipient,amountReceived) (#330)
Reentrancy in CRESTEDINU.constructor() (#221-247):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#223)
Event emitted after the call(s):
- Transfer(address(0),msg.sender,_totalSupply) (#246)
Reentrancy in CRESTEDINU.swapBack() (#415-461):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#426-432)
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
External calls sending eth:
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#451-458)
Event emitted after the call(s):
- AutoLiquify(amountBNBLiquidity,amountToLiquify) (#459)
Apply the check-effects-interactions pattern.
Additional information: link
CRESTEDINU._transferFrom(address,address,uint256) (#292-332) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(cooldownTimer[recipient] < block.timestamp,Please wait for 1min between two buys) (#315)
Avoid relying on block.timestamp.
Additional information: link
CRESTEDINU._maxTxAmount (#167) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 200
CRESTEDINU._maxWalletToken (#168) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 100
CRESTEDINU.totalFee (#186) is set pre-construction with a non-constant function or state variable:
- devFee + marketingFee + liquidityFee + buybackFee + burnFee
CRESTEDINU.swapThreshold (#217) is set pre-construction with a non-constant function or state variable:
- _totalSupply * 10 / 10000
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
solc-0.8.9 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in CRESTEDINU.swapBack() (#415-461):
- (tmpSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#443)
- (tmpSuccess,None) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#444)
- (tmpSuccess,None) = address(devFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#445)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IDEXRouter.WETH() (#104) is not in mixedCase
Function CRESTEDINU.setMaxWalletPercent_base1000(uint256) (#281-283) is not in mixedCase
Parameter CRESTEDINU.setMaxWalletPercent_base1000(uint256).maxWallPercent_base1000 (#281) is not in mixedCase
Function CRESTEDINU.setMaxTxPercent_base1000(uint256) (#284-286) is not in mixedCase
Parameter CRESTEDINU.setMaxTxPercent_base1000(uint256).maxTXPercentage_base1000 (#284) is not in mixedCase
Function CRESTEDINU.set_multipliers(uint256,uint256,uint256) (#386-390) is not in mixedCase
Parameter CRESTEDINU.set_multipliers(uint256,uint256,uint256)._buy (#386) is not in mixedCase
Parameter CRESTEDINU.set_multipliers(uint256,uint256,uint256)._sell (#386) is not in mixedCase
Parameter CRESTEDINU.set_multipliers(uint256,uint256,uint256)._trans (#386) is not in mixedCase
Parameter CRESTEDINU.tradingStatus(bool,uint256)._status (#393) is not in mixedCase
Parameter CRESTEDINU.tradingStatus(bool,uint256)._deadBlocks (#393) is not in mixedCase
Parameter CRESTEDINU.launchStatus(uint256)._launchblock (#401) is not in mixedCase
Parameter CRESTEDINU.dowefuckbots(bool)._status (#405) is not in mixedCase
Parameter CRESTEDINU.cooldownEnabled(bool,uint8)._status (#410) is not in mixedCase
Parameter CRESTEDINU.cooldownEnabled(bool,uint8)._interval (#410) is not in mixedCase
Function CRESTEDINU.enable_blacklist(bool) (#463-465) is not in mixedCase
Parameter CRESTEDINU.enable_blacklist(bool)._status (#463) is not in mixedCase
Function CRESTEDINU.manage_blacklist(address[],bool) (#467-471) is not in mixedCase
Parameter CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._liquidityFee (#485) is not in mixedCase
Parameter CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._devFee (#485) is not in mixedCase
Parameter CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._marketingFee (#485) is not in mixedCase
Parameter CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._buybackFee (#485) is not in mixedCase
Parameter CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._burnFee (#485) is not in mixedCase
Parameter CRESTEDINU.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._feeDenominator (#485) is not in mixedCase
Parameter CRESTEDINU.setFeeReceivers(address,address,address,address,address)._autoLiquidityReceiver (#496) is not in mixedCase
Parameter CRESTEDINU.setFeeReceivers(address,address,address,address,address)._marketingFeeReceiver (#496) is not in mixedCase
Parameter CRESTEDINU.setFeeReceivers(address,address,address,address,address)._buybackFeeReceiver (#496) is not in mixedCase
Parameter CRESTEDINU.setFeeReceivers(address,address,address,address,address)._burnFeeReceiver (#496) is not in mixedCase
Parameter CRESTEDINU.setFeeReceivers(address,address,address,address,address)._devFeeReceiver (#496) is not in mixedCase
Parameter CRESTEDINU.setSwapBackSettings(bool,uint256)._enabled (#504) is not in mixedCase
Parameter CRESTEDINU.setSwapBackSettings(bool,uint256)._amount (#504) is not in mixedCase
Parameter CRESTEDINU.setTargetLiquidity(uint256,uint256)._target (#509) is not in mixedCase
Parameter CRESTEDINU.setTargetLiquidity(uint256,uint256)._denominator (#509) is not in mixedCase
Variable CRESTEDINU.WBNB (#157) is not in mixedCase
Variable CRESTEDINU.DEAD (#158) is not in mixedCase
Variable CRESTEDINU.ZERO (#159) is not in mixedCase
Constant CRESTEDINU._name (#161) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CRESTEDINU._symbol (#162) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CRESTEDINU._decimals (#163) is not in UPPER_CASE_WITH_UNDERSCORES
Variable CRESTEDINU._totalSupply (#165) is not in mixedCase
Variable CRESTEDINU._maxTxAmount (#167) is not in mixedCase
Variable CRESTEDINU._maxWalletToken (#168) is not in mixedCase
Variable CRESTEDINU._balances (#170) is not in mixedCase
Variable CRESTEDINU._allowances (#171) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#109) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#110)
Prevent variables from having similar names.
Additional information: link
CRESTEDINU.slitherConstructorVariables() (#154-548) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#158)
CRESTEDINU.slitherConstructorVariables() (#154-548) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#159)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
CRESTEDINU.DEAD (#158) should be constant
CRESTEDINU.WBNB (#157) should be constant
CRESTEDINU.ZERO (#159) should be constant
CRESTEDINU._totalSupply (#165) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
Unable to find website, listings and other project-related information
Token is marked as scam (rug pull, honeypot, phishing, etc.)
Additional information: link
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts