VestingWallet.withdraw() (#413-428) ignores return value by token.transfer(msg.sender,token.balanceOf(address(this))) (#416)
VestingWallet.withdraw() (#413-428) ignores return value by token.transfer(msg.sender,tokensToWithdraw) (#426)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Contract locking ether found:
Contract CTTToken (#809-859) has payable functions:
- CTTToken.constructor() (#827-857)
But does not have a function to withdraw the ether
Remove the payable attribute or add a withdraw function.
Additional information: link
Contract ownership is not renounced (belongs to a wallet)
VestingWallet.withdraw() (#413-428) performs a multiplication on the result of a division:
-tokensByPart = initialTokens.div(parts) (#419)
-pastParts = timeSinceStart.div(interval) (#421)
-tokensToWithdrawSinceStart = pastParts.mul(tokensByPart) (#422)
Consider ordering multiplication before division.
Additional information: link
VestingWallet.constructor(address,uint256,uint256,uint256,uint256)._beneficiary (#400) lacks a zero-check on :
- beneficiary = _beneficiary (#401)
Check that the address is not zero.
Additional information: link
Reentrancy in CTTToken.constructor() (#827-857):
External calls:
- teamWallet.setToken(address(this)) (#850)
- teamWallet.transferOwnership(msg.sender) (#851)
State variables written after the call(s):
- _mint(accounts[i],supplies[i]) (#855)
- _balances[account] = _balances[account].add(amount) (#676)
- _mint(accounts[i],supplies[i]) (#855)
- _totalSupply = _totalSupply.add(amount) (#675)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CTTToken.constructor() (#827-857):
External calls:
- teamWallet.setToken(address(this)) (#850)
- teamWallet.transferOwnership(msg.sender) (#851)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#677)
- _mint(accounts[i],supplies[i]) (#855)
Apply the check-effects-interactions pattern.
Additional information: link
VestingWallet.withdraw() (#413-428) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= start,VestingWallet: no tokens available for withdrawal at this moment) (#414)
- block.timestamp >= start.add(duration) (#415)
- require(bool,string)(tokensToWithdraw > 0,VestingWallet: no tokens available for withdrawal at this moment) (#424)
CTTToken.constructor() (#827-857) uses timestamp for comparisons
Dangerous comparisons:
- i < accounts.length (#853)
- require(bool)(accounts[i] != address(0)) (#854)
Avoid relying on block.timestamp.
Additional information: link
ERC20._mint(address,uint256) (#670-680) has costly operations inside a loop:
- _totalSupply = _totalSupply.add(amount) (#675)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#285-287) is never used and should be removed
SafeMath.mod(uint256,uint256) (#135-137) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#150-153) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#5) allows old versions
Pragma version^0.8.0 (#158) allows old versions
Pragma version^0.8.0 (#241) allows old versions
Pragma version^0.8.0 (#268) allows old versions
Pragma version^0.8.0 (#293) allows old versions
Pragma version^0.8.0 (#367) allows old versions
Pragma version^0.8.0 (#434) allows old versions
Pragma version^0.8.0 (#802) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#341-343)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#349-352)
setToken(address) should be declared external:
- VestingWallet.setToken(address) (#408-411)
withdraw() should be declared external:
- VestingWallet.withdraw() (#413-428)
name() should be declared external:
- ERC20.name() (#496-498)
symbol() should be declared external:
- ERC20.symbol() (#504-506)
decimals() should be declared external:
- ERC20.decimals() (#521-523)
totalSupply() should be declared external:
- ERC20.totalSupply() (#528-530)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (#535-537)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#547-550)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#566-569)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#584-592)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#606-609)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#625-628)
burn(uint256) should be declared external:
- ERC20.burn(uint256) (#687-689)
burnFrom(address,uint256) should be declared external:
- ERC20.burnFrom(address,uint256) (#702-707)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts