COSMIC [CosmicSwap] Token

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

CosmicToken._writeCheckpoint(address,uint32,uint256,uint256) (#1024-1042) uses a dangerous strict equality:
- nCheckpoints > 0 && checkpoints[delegatee][nCheckpoints - 1].fromBlock == blockNumber (#1034)
Don't use strict equality to determine if an account has enough Ether or tokens.

Additional information: link

BEP20.constructor(string,string).name (#553) shadows:
- BEP20.name() (#569-571) (function)
- IBEP20.name() (#110) (function)
BEP20.constructor(string,string).symbol (#553) shadows:
- BEP20.symbol() (#583-585) (function)
- IBEP20.symbol() (#105) (function)
BEP20.allowance(address,address).owner (#617) shadows:
- Ownable.owner() (#55-57) (function)
BEP20._approve(address,address,uint256).owner (#789) shadows:
- Ownable.owner() (#55-57) (function)
Rename the local variables that shadow another component.

Additional information: link

CosmicToken.delegateBySig(address,uint256,uint256,uint8,bytes32,bytes32) (#890-931) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(now <= expiry,COSMIC::delegateBySig: signature expired) (#929)
Avoid relying on block.timestamp.

Additional information: link

Address.isContract(address) (#365-374) uses assembly
- INLINE ASM (#372)
Address._verifyCallResult(bool,bytes,string) (#486-503) uses assembly
- INLINE ASM (#495-498)
CosmicToken.getChainId() (#1049-1053) uses assembly
- INLINE ASM (#1051)
Do not use evm assembly.

Additional information: link

Address._verifyCallResult(bool,bytes,string) (#486-503) is never used and should be removed
Address.functionCall(address,bytes) (#418-420) is never used and should be removed
Address.functionCall(address,bytes,string) (#428-430) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#443-445) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#453-460) is never used and should be removed
Address.functionStaticCall(address,bytes) (#468-470) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#478-484) is never used and should be removed
Address.isContract(address) (#365-374) is never used and should be removed
Address.sendValue(address,uint256) (#392-398) is never used and should be removed
BEP20._burn(address,uint256) (#767-773) is never used and should be removed
BEP20._burnFrom(address,uint256) (#806-813) is never used and should be removed
Context._msgData() (#20-23) is never used and should be removed
SafeMath.div(uint256,uint256) (#285-287) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#301-307) is never used and should be removed
SafeMath.mod(uint256,uint256) (#321-323) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#337-340) is never used and should be removed
SafeMath.mul(uint256,uint256) (#259-271) is never used and should be removed
Remove unused functions.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#392-398):
- (success) = recipient.call{value: amount}() (#396)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#453-460):
- (success,returndata) = target.call{value: value}(data) (#458)
Low level call in Address.functionStaticCall(address,bytes,string) (#478-484):
- (success,returndata) = target.staticcall(data) (#482)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Parameter CosmicToken.mint(address,uint256)._to (#820) is not in mixedCase
Parameter CosmicToken.mint(address,uint256)._amount (#820) is not in mixedCase
Variable CosmicToken._delegates (#832) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#21)" inContext (#15-24)
Remove redundant statements if they congest code but offer no value.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#74-77)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#83-87)
decimals() should be declared external:
- BEP20.decimals() (#576-578)
symbol() should be declared external:
- BEP20.symbol() (#583-585)
totalSupply() should be declared external:
- BEP20.totalSupply() (#590-592)
transfer(address,uint256) should be declared external:
- BEP20.transfer(address,uint256) (#609-612)
allowance(address,address) should be declared external:
- BEP20.allowance(address,address) (#617-619)
approve(address,uint256) should be declared external:
- BEP20.approve(address,uint256) (#628-631)
transferFrom(address,address,uint256) should be declared external:
- BEP20.transferFrom(address,address,uint256) (#645-657)
increaseAllowance(address,uint256) should be declared external:
- BEP20.increaseAllowance(address,uint256) (#671-674)
decreaseAllowance(address,uint256) should be declared external:
- BEP20.decreaseAllowance(address,uint256) (#690-697)
mint(uint256) should be declared external:
- BEP20.mint(uint256) (#707-710)
mint(address,uint256) should be declared external:
- CosmicToken.mint(address,uint256) (#820-823)
Use the external attribute for functions never called from the contract.

Additional information: link

Contract ownership is semi-renounced (passed to a contract)

Average PancakeSwap trading volume, liqudity, number of swaps are low. Token seems to be inactive.

Average 30d PancakeSwap volume is low.

Average 30d number of PancakeSwap swaps is low.

Token was delisted (assigned to inactive / untracked listing) from CoinMarketCap

Additional information: link

Unable to find token contract audit

Unable to find audit link on the website

Token is not listed at Mobula.Finance

Additional information: link

Token has no active CoinMarketCap listing / rank

Token has relatively low CoinGecko rank