Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
CWF.addLiquidity(uint256,uint256) (#769-782) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in CWF._transfer(address,address,uint256) (#667-716):
External calls:
- swapAndLiquify(contractTokenBalance) (#700)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#700)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#703)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#711)
- finalAmount = takeFee(sender,recipient,amount) (#705-706)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#796)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract name (Chinese Women's Football) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.
CWF.addLiquidity(uint256,uint256) (#769-782) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
Ensure that all the return values of the function calls are used.
Additional information: link
CWF.allowance(address,address).owner (#522) shadows:
- Ownable.owner() (#152-154) (function)
CWF._approve(address,address,uint256).owner (#545) shadows:
- Ownable.owner() (#152-154) (function)
Rename the local variables that shadow another component.
Additional information: link
CWF.setBuyTaxes(uint256,uint256,uint256) (#565-571) should emit an event for:
- _buyLiquidityFee = newLiquidityTax (#566)
- _buyMarketingFee = newMarketingTax (#567)
- _buycwfLPFee = newcwfLPTax (#568)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buycwfLPFee) (#570)
CWF.setSellTaxes(uint256,uint256,uint256) (#573-579) should emit an event for:
- _sellLiquidityFee = newLiquidityTax (#574)
- _sellMarketingFee = newMarketingTax (#575)
- _sellcwfLPFee = newcwfLPTax (#576)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellcwfLPFee) (#578)
CWF.setDistributionSettings(uint256,uint256,uint256) (#581-587) should emit an event for:
- _liquidityShare = newLiquidityShare (#582)
- _cwfLPShare = newcwfLPShare (#584)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_cwfLPShare) (#586)
CWF.setMaxTxAmount(uint256) (#589-591) should emit an event for:
- _maxTxAmount = maxTxAmount (#590)
CWF.setWalletLimit(uint256) (#601-603) should emit an event for:
- _walletMax = newLimit (#602)
CWF.setNumTokensBeforeSwap(uint256) (#605-607) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#606)
CWF.UPfeeTXtime(uint256) (#811-813) should emit an event for:
- feeTXtime = _feeTXtime (#812)
CWF.UPendtime(uint256) (#815-817) should emit an event for:
- endtime = _endtime (#816)
Emit an event for critical parameter changes.
Additional information: link
CWF.setMarketingWalletAddress(address).newAddress (#609) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#610)
CWF.setcwfLPWalletAddress(address).newAddress (#613) lacks a zero-check on :
- cwfLPWalletAddress = address(newAddress) (#614)
Check that the address is not zero.
Additional information: link
Reentrancy in CWF.changeRouterVersion(address) (#634-651):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#642-643)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#650)
- isWalletLimitExempt[address(uniswapPair)] = true (#649)
- uniswapPair = newPairAddress (#646)
- uniswapV2Router = _uniswapV2Router (#647)
Reentrancy in CWF.constructor() (#472-500):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#476-477)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#480)
- _balances[_msgSender()] = _totalSupply (#498)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_cwfLPShare) (#487)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buycwfLPFee) (#485)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellcwfLPFee) (#486)
- isExcludedFromFee[owner()] = true (#482)
- isExcludedFromFee[address(this)] = true (#483)
- isMarketPair[address(uniswapPair)] = true (#496)
- isTxLimitExempt[owner()] = true (#493)
- isTxLimitExempt[address(this)] = true (#494)
- isWalletLimitExempt[owner()] = true (#489)
- isWalletLimitExempt[address(uniswapPair)] = true (#490)
- isWalletLimitExempt[address(this)] = true (#491)
- uniswapV2Router = _uniswapV2Router (#479)
Reentrancy in CWF.swapAndLiquify(uint256) (#725-747):
External calls:
- swapTokensForEth(tokensForSwap) (#730)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#740)
- recipient.transfer(amount) (#631)
- transferToAddressETH(cwfLPWalletAddress,amountBNBcwfLP) (#743)
- recipient.transfer(amount) (#631)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- _allowances[owner][spender] = amount (#549)
Reentrancy in CWF.transferFrom(address,address,uint256) (#661-665):
External calls:
- _transfer(sender,recipient,amount) (#662)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
External calls sending eth:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
- _allowances[owner][spender] = amount (#549)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CWF._transfer(address,address,uint256) (#667-716):
External calls:
- swapAndLiquify(contractTokenBalance) (#700)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#700)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#797)
- finalAmount = takeFee(sender,recipient,amount) (#705-706)
- Transfer(sender,recipient,finalAmount) (#713)
Reentrancy in CWF.constructor() (#472-500):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#476-477)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#499)
Reentrancy in CWF.swapAndLiquify(uint256) (#725-747):
External calls:
- swapTokensForEth(tokensForSwap) (#730)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#740)
- recipient.transfer(amount) (#631)
- transferToAddressETH(cwfLPWalletAddress,amountBNBcwfLP) (#743)
- recipient.transfer(amount) (#631)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
Reentrancy in CWF.swapTokensForEth(uint256) (#749-767):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#766)
Reentrancy in CWF.transferFrom(address,address,uint256) (#661-665):
External calls:
- _transfer(sender,recipient,amount) (#662)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#758-764)
External calls sending eth:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#187-192) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#189)
CWF._transfer(address,address,uint256) (#667-716) uses timestamp for comparisons
Dangerous comparisons:
- endtime == 0 (#672)
- endtime > block.timestamp (#675)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#83-92) uses assembly
- INLINE ASM (#90)
Address._functionCallWithValue(address,bytes,uint256,string) (#119-136) uses assembly
- INLINE ASM (#128-131)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#119-136) is never used and should be removed
Address.functionCall(address,bytes) (#102-104) is never used and should be removed
Address.functionCall(address,bytes,string) (#106-108) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#110-112) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#114-117) is never used and should be removed
Address.isContract(address) (#83-92) is never used and should be removed
Address.sendValue(address,uint256) (#94-100) is never used and should be removed
Context._msgData() (#10-13) is never used and should be removed
SafeMath.mod(uint256,uint256) (#71-73) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#75-78) is never used and should be removed
Remove unused functions.
Additional information: link
CWF._liquidityShare (#426) is set pre-construction with a non-constant function or state variable:
- _buyLiquidityFee.add(_sellLiquidityFee)
CWF._marketingShare (#427) is set pre-construction with a non-constant function or state variable:
- _buyMarketingFee.add(_sellMarketingFee)
CWF._cwfLPShare (#428) is set pre-construction with a non-constant function or state variable:
- _buycwfLPFee.add(_sellcwfLPFee)
CWF._totalSupply (#434) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** 6 * 10 ** _decimals
CWF._maxTxAmount (#435) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(10)
CWF._walletMax (#436) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(10)
CWF.minimumTokensBeforeSwap (#437) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(10000)
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#94-100):
- (success) = recipient.call{value: amount}() (#98)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#119-136):
- (success,returndata) = target.call{value: weiValue}(data) (#122)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#226) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#227) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#243) is not in mixedCase
Function IUniswapV2Router01.WETH() (#262) is not in mixedCase
Parameter CWF.setSwapAndLiquifyEnabled(bool)._enabled (#617) is not in mixedCase
Parameter CWF.setblocklist(address)._account (#803) is not in mixedCase
Function CWF.UPfeeTXtime(uint256) (#811-813) is not in mixedCase
Parameter CWF.UPfeeTXtime(uint256)._feeTXtime (#811) is not in mixedCase
Function CWF.UPendtime(uint256) (#815-817) is not in mixedCase
Parameter CWF.UPendtime(uint256)._endtime (#815) is not in mixedCase
Variable CWF._balances (#407) is not in mixedCase
Variable CWF._buyMarketingFee (#419) is not in mixedCase
Variable CWF._buycwfLPFee (#420) is not in mixedCase
Variable CWF._sellMarketingFee (#423) is not in mixedCase
Variable CWF._sellcwfLPFee (#424) is not in mixedCase
Variable CWF._marketingShare (#427) is not in mixedCase
Variable CWF._cwfLPShare (#428) is not in mixedCase
Variable CWF._totalTaxIfBuying (#430) is not in mixedCase
Variable CWF._totalTaxIfSelling (#431) is not in mixedCase
Variable CWF._totalDistributionShares (#432) is not in mixedCase
Variable CWF._maxTxAmount (#435) is not in mixedCase
Variable CWF._walletMax (#436) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#11)" inContext (#4-14)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in CWF._transfer(address,address,uint256) (#667-716):
External calls:
- swapAndLiquify(contractTokenBalance) (#700)
- recipient.transfer(amount) (#631)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#700)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#703)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#711)
- finalAmount = takeFee(sender,recipient,amount) (#705-706)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#796)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#797)
- finalAmount = takeFee(sender,recipient,amount) (#705-706)
- Transfer(sender,recipient,finalAmount) (#713)
Reentrancy in CWF.swapAndLiquify(uint256) (#725-747):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#740)
- recipient.transfer(amount) (#631)
- transferToAddressETH(cwfLPWalletAddress,amountBNBcwfLP) (#743)
- recipient.transfer(amount) (#631)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#740)
- recipient.transfer(amount) (#631)
- transferToAddressETH(cwfLPWalletAddress,amountBNBcwfLP) (#743)
- recipient.transfer(amount) (#631)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
- _allowances[owner][spender] = amount (#549)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#746)
Reentrancy in CWF.transferFrom(address,address,uint256) (#661-665):
External calls:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
External calls sending eth:
- _transfer(sender,recipient,amount) (#662)
- recipient.transfer(amount) (#631)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#774-781)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
- _allowances[owner][spender] = amount (#549)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#550)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#663)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#267) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#268)
Prevent variables from having similar names.
Additional information: link
CWF.slitherConstructorVariables() (#395-819) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#405)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
CWF._decimals (#402) should be constant
CWF._name (#400) should be constant
CWF._symbol (#401) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#161-164)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#166-170)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#172-174)
getTime() should be declared external:
- Ownable.getTime() (#176-178)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#180-185)
unlock() should be declared external:
- Ownable.unlock() (#187-192)
name() should be declared external:
- CWF.name() (#502-504)
symbol() should be declared external:
- CWF.symbol() (#506-508)
decimals() should be declared external:
- CWF.decimals() (#510-512)
totalSupply() should be declared external:
- CWF.totalSupply() (#514-516)
allowance(address,address) should be declared external:
- CWF.allowance(address,address) (#522-524)
increaseAllowance(address,uint256) should be declared external:
- CWF.increaseAllowance(address,uint256) (#526-529)
decreaseAllowance(address,uint256) should be declared external:
- CWF.decreaseAllowance(address,uint256) (#531-534)
minimumTokensBeforeSwapAmount() should be declared external:
- CWF.minimumTokensBeforeSwapAmount() (#536-538)
approve(address,uint256) should be declared external:
- CWF.approve(address,uint256) (#540-543)
setMarketPairStatus(address,bool) should be declared external:
- CWF.setMarketPairStatus(address,bool) (#553-555)
setIsExcludedFromFee(address,bool) should be declared external:
- CWF.setIsExcludedFromFee(address,bool) (#561-563)
setSwapAndLiquifyEnabled(bool) should be declared external:
- CWF.setSwapAndLiquifyEnabled(bool) (#617-620)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- CWF.setSwapAndLiquifyByLimitOnly(bool) (#622-624)
getCirculatingSupply() should be declared external:
- CWF.getCirculatingSupply() (#626-628)
changeRouterVersion(address) should be declared external:
- CWF.changeRouterVersion(address) (#634-651)
transfer(address,uint256) should be declared external:
- CWF.transfer(address,uint256) (#656-659)
transferFrom(address,address,uint256) should be declared external:
- CWF.transferFrom(address,address,uint256) (#661-665)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts