Popular Tokens

promoted

WBNB

CPTL [Capitol] Token

About CPTL

Listings

Age

2 years

Token 2 years

Website

thehunger.games

Description

show...

The most ambitious reflection project on the BSC. Providing you with BUSD that actually matters.

Social

Contract

0x407ee64da5bc8107ea8e9cf132b33092374e5894

Laser Scorebeta Last Audit: 30 November 2021

report

Token is either risky or in presale. For presale 30+ is a fine score.

Anti-Scam

Links

Code

Contract

17%

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

HungerGames.buyTokens(uint256,address) (#668-679) sends eth to arbitrary user
Dangerous calls:
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in HungerGames._transferFrom(address,address,uint256) (#522-545):
External calls:
- swapBack() (#527)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#607-613)
- distributor.deposit{value: amountBNBReflection}() (#623)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
- triggerAutoBuyback() (#528)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
External calls sending eth:
- swapBack() (#527)
- distributor.deposit{value: amountBNBReflection}() (#623)
- address(marketingFeeReceiver).transfer(amountBNBMarketing) (#624)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
- triggerAutoBuyback() (#528)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#532)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#536)
- amountReceived = takeFee(sender,recipient,amount) (#534)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#584)
- triggerAutoBuyback() (#528)
- inSwap = true (#461)
- inSwap = false (#461)
Apply the check-effects-interactions pattern.

Additional information: link

DividendDistributor.distributeDividend(address) (#353-364) ignores return value by BUSD.transfer(shareholder,amount) (#359)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.

Additional information: link

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Variable HungerGames._allowances (#415) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Reentrancy in DividendDistributor.setShare(address,uint256) (#286-300):
External calls:
- distributeDividend(shareholder) (#288)
- BUSD.transfer(shareholder,amount) (#359)
State variables written after the call(s):
- shares[shareholder].amount = amount (#298)
- shares[shareholder].totalExcluded = getCumulativeDividends(shares[shareholder].amount) (#299)
Apply the check-effects-interactions pattern.

Additional information: link

HungerGames.swapBack() (#597-639) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
Ensure that all the return values of the function calls are used.

Additional information: link

HungerGames.setTargetLiquidity(uint256,uint256) (#750-753) should emit an event for:
- targetLiquidity = _target (#751)
- targetLiquidityDenominator = _denominator (#752)
Emit an event for critical parameter changes.

Additional information: link

HungerGames.setFeeReceivers(address,address)._marketingFeeReceiver (#740) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#742)
Check that the address is not zero.

Additional information: link

Reentrancy in HungerGames.triggerZeusBuyback(uint256,bool) (#649-655):
External calls:
- buyTokens(amount,DEAD) (#650)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
State variables written after the call(s):
- buybackMultiplierTriggeredAt = block.timestamp (#652)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in HungerGames.triggerZeusBuyback(uint256,bool) (#649-655):
External calls:
- buyTokens(amount,DEAD) (#650)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
Event emitted after the call(s):
- BuybackMultiplierActive(buybackMultiplierLength) (#653)
Apply the check-effects-interactions pattern.

Additional information: link

HungerGames.isOverLiquified(uint256,uint256) (#772-774) uses timestamp for comparisons
Dangerous comparisons:
- getLiquidityBacking(accuracy) > target (#773)
Avoid relying on block.timestamp.

Additional information: link

HungerGames.onlyBuybacker() (#496) compares to a boolean constant:
-require(bool,string)(buyBacker[msg.sender] == true,) (#496)
Remove the equality to the boolean constant.

Additional information: link

DividendDistributor.process(uint256) (#322-346) has costly operations inside a loop:
- currentIndex ++ (#343)
Use a local variable to hold the loop computation result.

Additional information: link

SafeMath.trySub(uint256,uint256) (#19-24) is never used and should be removed
Remove unused functions.

Additional information: link

HungerGames.swapThreshold (#459) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 2000
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

solc-0.8.7 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Reentrancy in HungerGames.swapBack() (#597-639):
External calls:
- address(marketingFeeReceiver).transfer(amountBNBMarketing) (#624)
External calls sending eth:
- distributor.deposit{value: amountBNBReflection}() (#623)
- address(marketingFeeReceiver).transfer(amountBNBMarketing) (#624)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
Event emitted after the call(s):
- AutoLiquify(amountBNBLiquidity,amountToLiquify) (#637)
Apply the check-effects-interactions pattern.

Additional information: link

Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#183) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#184)
Prevent variables from having similar names.

Additional information: link

HungerGames.slitherConstructorVariables() (#397-779) uses literals with too many digits:
- distributorGas = 500000 (#456)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

HungerGames.DEAD_NON_CHECKSUM (#405) is never used in HungerGames (#397-779)
Remove unused state variables.

Additional information: link

HungerGames._totalSupply (#411) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

launch() should be declared external:
- HungerGames.launch() (#701-705)
Use the external attribute for functions never called from the contract.

Additional information: link

Trading

47%

Holders:

Number of Binance Smart Chain (BSC) token holders is low.

Token is deployed only at one blockchain

Token has only one trading pair

Unable to find PancakeSwap trading pair to compute liquidity.

Unable to find PancakeSwap trading pair to compute number of swaps.

Socials

13%

Twitter account link seems to be invalid

Telegram account has relatively few subscribers

Unable to find Blog account (Reddit or Medium)

Unable to find Youtube account

Unable to find Discord account

Transparency

41%

BscScan page for the token does not contain additional info: website, socials, description, etc.

Additional information: link

Unable to find token/project description on the website or on BscScan, CoinMarketCap

Unable to find token contract audit

Unable to find audit link on the website

Unable to find whitepaper link on the website

Unable to find token on CoinHunt

Additional information: link

Unable to find code repository for the project

Age

36%

Young tokens have high risks of price dump / death

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of price dump / death

Token has relatively low CoinGecko rank

Token has relatively low CoinMarketCap rank

Popular Tokens

CPTL [Capitol] Token

About CPTL

Listings

Age

Website

Description

Social

Contract

Laser Scorebeta Last Audit: 30 November 2021

Anti-Scam

Links

Contract

[LSR] Audit is not found critical

[Slither] Functions that send Ether to arbitrary destinations critical

[Slither] Reentrancy vulnerabilities critical

[Slither] Unchecked transfer critical

[LSR] Dangerous combinations (1) major

[LSR] Dangerous combinations (2) major

[LSR] Dangerous combinations (3) major

[Slither] Conformance to Solidity naming conventions minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Unused return minor

[Slither] Missing events arithmetic minor

[Slither] Missing zero address validation minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Block timestamp minor

[Slither] Boolean equality minor

[Slither] Costly operations inside a loop minor

[Slither] Dead-code minor

[Slither] Function Initializing State minor

[Slither] Incorrect versions of Solidity minor

[Slither] Reentrancy vulnerabilities minor

[Slither] Variable names too similar minor

[Slither] Too many digits minor

[Slither] Unused state variable minor

[Slither] State variables that could be declared constant minor

[Slither] Public function that could be declared external minor

Trading

[LSR] Few holders major

[LSR] Few chains major

[LSR] Few trading pairs major

[LSR] Unknown liquidity minor

[LSR] Unknown swaps minor

Socials

[LSR] Twitter is invalid critical

[LSR] Telegram has few subscribers major

[LSR] Blog is not found minor

[LSR] Youtube is not found minor

[LSR] Discord is not found minor

Transparency

[LSR] No BscScan listing critical

[LSR] White paper is not found major

[LSR] Audit is not found major

[LSR] Website: audit is not found minor

[LSR] Website: whitepaper is not found minor

[LSR] No CoinHunt listing minor

[LSR] Code repo is not found minor

Age

[LSR] Token age <= 180 days major

[LSR] CoinGecko age <= 90 days major

[LSR] Domain age <= 90 days major

[LSR] CoinMarketCap age <= 180 days minor

[LSR] Low CoinGecko rank minor

[LSR] Low CoinMarketCap rank minor

Price for CPTL