CR7Inu.addLiquidity(uint256,uint256) (#761-774) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in CR7Inu._transfer(address,address,uint256) (#662-701):
External calls:
- swapAndLiquify(contractTokenBalance) (#685)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#617)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#688)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#696)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#788)
Apply the check-effects-interactions pattern.
Additional information: link
CR7Inu.rescueAnyBEP20Tokens(address,address,uint256) (#553-555) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#554)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ownership is not renounced (belongs to a wallet)
CR7Inu.addToBlackList(address[]).i (#756) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
CR7Inu.addLiquidity(uint256,uint256) (#761-774) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
Ensure that all the return values of the function calls are used.
Additional information: link
CR7Inu.allowance(address,address).owner (#499) shadows:
- Ownable.owner() (#153-155) (function)
CR7Inu._approve(address,address,uint256).owner (#518) shadows:
- Ownable.owner() (#153-155) (function)
Rename the local variables that shadow another component.
Additional information: link
CR7Inu.setBuyTaxes(uint256,uint256,uint256) (#538-544) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyBuyBackFee) (#543)
CR7Inu.setSellTaxes(uint256,uint256,uint256) (#558-564) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellBuyBackFee) (#563)
CR7Inu.setDistributionSettings(uint256,uint256,uint256) (#566-572) should emit an event for:
- _liquidityShare = newLiquidityShare (#567)
- _BuyBackShare = newBuyBackShare (#569)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_BuyBackShare) (#571)
CR7Inu.setMaxTxAmount(uint256) (#574-577) should emit an event for:
- _maxTxAmount = maxTxAmount (#576)
CR7Inu.setWalletLimit(uint256) (#587-589) should emit an event for:
- _walletMax = newLimit (#588)
CR7Inu.setNumTokensBeforeSwap(uint256) (#591-593) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#592)
Emit an event for critical parameter changes.
Additional information: link
CR7Inu.setMarketingWalletAddress(address).newAddress (#595) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#596)
CR7Inu.setBuyBackWalletAddress(address).newAddress (#599) lacks a zero-check on :
- BuyBackWalletAddress = address(newAddress) (#600)
Check that the address is not zero.
Additional information: link
Reentrancy in CR7Inu.changeRouterVersion(address) (#620-637):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#628-629)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#636)
- isWalletLimitExempt[address(uniswapPair)] = true (#635)
- uniswapPair = newPairAddress (#632)
- uniswapV2Router = _uniswapV2Router (#633)
Reentrancy in CR7Inu.constructor() (#449-477):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#453-454)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#457)
- _balances[_msgSender()] = _totalSupply (#475)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_BuyBackShare) (#464)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyBuyBackFee) (#462)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellBuyBackFee) (#463)
- isExcludedFromFee[owner()] = true (#459)
- isExcludedFromFee[address(this)] = true (#460)
- isMarketPair[address(uniswapPair)] = true (#473)
- isTxLimitExempt[owner()] = true (#470)
- isTxLimitExempt[address(this)] = true (#471)
- isWalletLimitExempt[owner()] = true (#466)
- isWalletLimitExempt[address(uniswapPair)] = true (#467)
- isWalletLimitExempt[address(this)] = true (#468)
- uniswapV2Router = _uniswapV2Router (#456)
Reentrancy in CR7Inu.swapAndLiquify(uint256) (#710-732):
External calls:
- swapTokensForEth(tokensForSwap) (#715)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#617)
- transferToAddressETH(BuyBackWalletAddress,amountBNBBuyBack) (#728)
- recipient.transfer(amount) (#617)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- _allowances[owner][spender] = amount (#522)
Reentrancy in CR7Inu.transferFrom(address,address,uint256) (#650-654):
External calls:
- _transfer(sender,recipient,amount) (#651)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- _transfer(sender,recipient,amount) (#651)
- recipient.transfer(amount) (#617)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#652)
- _allowances[owner][spender] = amount (#522)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CR7Inu._transfer(address,address,uint256) (#662-701):
External calls:
- swapAndLiquify(contractTokenBalance) (#685)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#617)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#789)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- Transfer(sender,recipient,finalAmount) (#698)
Reentrancy in CR7Inu.constructor() (#449-477):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#453-454)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#476)
Reentrancy in CR7Inu.swapAndLiquify(uint256) (#710-732):
External calls:
- swapTokensForEth(tokensForSwap) (#715)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#617)
- transferToAddressETH(BuyBackWalletAddress,amountBNBBuyBack) (#728)
- recipient.transfer(amount) (#617)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#523)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
Reentrancy in CR7Inu.swapTokensForEth(uint256) (#734-752):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#751)
Reentrancy in CR7Inu.transferFrom(address,address,uint256) (#650-654):
External calls:
- _transfer(sender,recipient,amount) (#651)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- _transfer(sender,recipient,amount) (#651)
- recipient.transfer(amount) (#617)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#523)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#652)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#85-94) uses assembly
- INLINE ASM (#92)
Address._functionCallWithValue(address,bytes,uint256,string) (#121-138) uses assembly
- INLINE ASM (#130-133)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#121-138) is never used and should be removed
Address.functionCall(address,bytes) (#104-106) is never used and should be removed
Address.functionCall(address,bytes,string) (#108-110) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#112-114) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#116-119) is never used and should be removed
Address.isContract(address) (#85-94) is never used and should be removed
Address.sendValue(address,uint256) (#96-102) is never used and should be removed
Context._msgData() (#12-15) is never used and should be removed
SafeMath.mod(uint256,uint256) (#73-75) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#77-80) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#96-102):
- (success) = recipient.call{value: amount}() (#100)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#121-138):
- (success,returndata) = target.call{value: weiValue}(data) (#124)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#205) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#206) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#222) is not in mixedCase
Function IUniswapV2Router01.WETH() (#241) is not in mixedCase
Parameter CR7Inu.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#553) is not in mixedCase
Parameter CR7Inu.rescueAnyBEP20Tokens(address,address,uint256)._to (#553) is not in mixedCase
Parameter CR7Inu.rescueAnyBEP20Tokens(address,address,uint256)._amount (#553) is not in mixedCase
Parameter CR7Inu.setSwapAndLiquifyEnabled(bool)._enabled (#603) is not in mixedCase
Variable CR7Inu.BuyBackWalletAddress (#384) is not in mixedCase
Variable CR7Inu._balances (#387) is not in mixedCase
Variable CR7Inu._buyLiquidityFee (#395) is not in mixedCase
Variable CR7Inu._buyMarketingFee (#396) is not in mixedCase
Variable CR7Inu._buyBuyBackFee (#397) is not in mixedCase
Variable CR7Inu._sellLiquidityFee (#398) is not in mixedCase
Variable CR7Inu._sellMarketingFee (#399) is not in mixedCase
Variable CR7Inu._sellBuyBackFee (#400) is not in mixedCase
Variable CR7Inu._liquidityShare (#402) is not in mixedCase
Variable CR7Inu._marketingShare (#403) is not in mixedCase
Variable CR7Inu._BuyBackShare (#404) is not in mixedCase
Variable CR7Inu._totalTaxIfBuying (#406) is not in mixedCase
Variable CR7Inu._totalTaxIfSelling (#407) is not in mixedCase
Variable CR7Inu._totalDistributionShares (#408) is not in mixedCase
Variable CR7Inu._maxTxAmount (#411) is not in mixedCase
Variable CR7Inu._walletMax (#412) is not in mixedCase
Variable CR7Inu._isBlacklisted (#648) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#13)" inContext (#6-16)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in CR7Inu._transfer(address,address,uint256) (#662-701):
External calls:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#617)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#617)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#688)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#696)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#788)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#789)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- Transfer(sender,recipient,finalAmount) (#698)
Reentrancy in CR7Inu.swapAndLiquify(uint256) (#710-732):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#617)
- transferToAddressETH(BuyBackWalletAddress,amountBNBBuyBack) (#728)
- recipient.transfer(amount) (#617)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#617)
- transferToAddressETH(BuyBackWalletAddress,amountBNBBuyBack) (#728)
- recipient.transfer(amount) (#617)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- _allowances[owner][spender] = amount (#522)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#523)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
Reentrancy in CR7Inu.transferFrom(address,address,uint256) (#650-654):
External calls:
- _transfer(sender,recipient,amount) (#651)
- recipient.transfer(amount) (#617)
External calls sending eth:
- _transfer(sender,recipient,amount) (#651)
- recipient.transfer(amount) (#617)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#766-773)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#652)
- _allowances[owner][spender] = amount (#522)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#523)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#652)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#246) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#247)
Prevent variables from having similar names.
Additional information: link
CR7Inu.slitherConstructorVariables() (#374-796) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#385)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Ownable._previousOwner (#143) is never used in CR7Inu (#374-796)
CR7Inu._maxSellTxAmount (#413) is never used in CR7Inu (#374-796)
Remove unused state variables.
Additional information: link
CR7Inu._decimals (#381) should be constant
CR7Inu._maxSellTxAmount (#413) should be constant
CR7Inu._name (#379) should be constant
CR7Inu._symbol (#380) should be constant
CR7Inu._totalSupply (#410) should be constant
Ownable._previousOwner (#143) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#162-165)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#167-171)
name() should be declared external:
- CR7Inu.name() (#479-481)
symbol() should be declared external:
- CR7Inu.symbol() (#483-485)
decimals() should be declared external:
- CR7Inu.decimals() (#487-489)
totalSupply() should be declared external:
- CR7Inu.totalSupply() (#491-493)
allowance(address,address) should be declared external:
- CR7Inu.allowance(address,address) (#499-501)
increaseAllowance(address,uint256) should be declared external:
- CR7Inu.increaseAllowance(address,uint256) (#503-506)
decreaseAllowance(address,uint256) should be declared external:
- CR7Inu.decreaseAllowance(address,uint256) (#508-511)
approve(address,uint256) should be declared external:
- CR7Inu.approve(address,uint256) (#513-516)
addMarketPair(address) should be declared external:
- CR7Inu.addMarketPair(address) (#526-528)
setIsExcludedFromFee(address,bool) should be declared external:
- CR7Inu.setIsExcludedFromFee(address,bool) (#534-536)
clearStuckBNB() should be declared external:
- CR7Inu.clearStuckBNB() (#547-549)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- CR7Inu.rescueAnyBEP20Tokens(address,address,uint256) (#553-555)
setSwapAndLiquifyEnabled(bool) should be declared external:
- CR7Inu.setSwapAndLiquifyEnabled(bool) (#603-606)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- CR7Inu.setSwapAndLiquifyByLimitOnly(bool) (#608-610)
getCirculatingSupply() should be declared external:
- CR7Inu.getCirculatingSupply() (#612-614)
changeRouterVersion(address) should be declared external:
- CR7Inu.changeRouterVersion(address) (#620-637)
transfer(address,uint256) should be declared external:
- CR7Inu.transfer(address,uint256) (#642-645)
transferFrom(address,address,uint256) should be declared external:
- CR7Inu.transferFrom(address,address,uint256) (#650-654)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts