CO2 [CARBON] Token

CarbonToken (#362-615) contract sets array length with a user-controlled value:
- lockList[receiver].push(item) (#439)
CarbonToken (#362-615) contract sets array length with a user-controlled value:
- lockList[receiver].push(item) (#611)
Do not allow array lengths to be set directly set; instead, opt to add values as needed. Otherwise, thoroughly review the contract to ensure a user-controlled variable cannot reach an array length assignment.

Additional information: link

Contract locking ether found:
Contract CarbonToken (#362-615) has payable functions:
- CarbonToken.fallback() (#477-479)
But does not have a function to withdraw the ether
Remove the payable attribute or add a withdraw function.

Additional information: link

Contract ownership is not renounced (belongs to a wallet)

ERC20Detailed.constructor(string,string,uint8).name (#331) shadows:
- ERC20Detailed.name() (#343-345) (function)
ERC20Detailed.constructor(string,string,uint8).symbol (#332) shadows:
- ERC20Detailed.symbol() (#350-352) (function)
ERC20Detailed.constructor(string,string,uint8).decimals (#333) shadows:
- ERC20Detailed.decimals() (#357-359) (function)
Rename the local variables that shadow another component.

Additional information: link

CarbonToken.getLockedAmount(address) (#448-461) uses timestamp for comparisons
Dangerous comparisons:
- now < lockList[lockedAddress][j].releaseDate (#455)
Avoid relying on block.timestamp.

Additional information: link

SafeMath.div(uint256,uint256) (#60-67) is never used and should be removed
SafeMath.mod(uint256,uint256) (#93-96) is never used and should be removed
SafeMath.mul(uint256,uint256) (#43-55) is never used and should be removed
Remove unused functions.

Additional information: link

Pragma version>=0.4.22<0.6.0 (#1) is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Function CarbonToken.Offsetter(uint256) (#560-566) is not in mixedCase
Constant CarbonToken.carbonianWallet (#363) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CarbonToken.privateSalesWallet (#364) is not in UPPER_CASE_WITH_UNDERSCORES
Constant CarbonToken.presalesWallet (#365) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.

Additional information: link

CarbonToken.constructor() (#376-381) uses literals with too many digits:
- totalCoins = 1000000000 * 10 ** uint256(decimals()) (#377)
CarbonToken.constructor() (#376-381) uses literals with too many digits:
- ERC20.transfer(presalesWallet,50000000 * 10 ** uint256(decimals())) (#379)
CarbonToken.constructor() (#376-381) uses literals with too many digits:
- ERC20.transfer(privateSalesWallet,25000000 * 10 ** uint256(decimals())) (#380)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.

Average 30d PancakeSwap liquidity is less than $100. Token is either dead or inactive.

Token is deployed only at one blockchain

Average 30d number of PancakeSwap swaps is low.

Unable to find token on CoinGecko

Additional information: link

Token is not listed at Mobula.Finance

Additional information: link

Unable to find token on CoinHunt

Additional information: link

Young tokens have high risks of price dump / death

Token has no active CoinGecko listing / rank

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death