cwnft Token Logo

cwnft Token

About cwnft

Listings

Not Found
Token 3 months

Website

Not Found

Description

Not Found

Social

Not Found

Laser Scorebeta Last Audit: 4 February 2022

report
Code:


Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

cwnft.addLiquidity(uint256,uint256) (#776-789) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in cwnft._transfer(address,address,uint256) (#685-723):
External calls:
- swapAndLiquify(contractTokenBalance) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#707)
- recipient.transfer(amount) (#649)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#710)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#718)
- finalAmount = takeFee(sender,recipient,amount) (#712-713)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#803)
Apply the check-effects-interactions pattern.

Additional information: link


Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

cwnft._decimals (#418) should be constant
cwnft._name (#416) should be constant
cwnft._symbol (#417) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

cwnft.addLiquidity(uint256,uint256) (#776-789) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
Ensure that all the return values of the function calls are used.

Additional information: link

cwnft.allowance(address,address).owner (#540) shadows:
- Ownable.owner() (#168-170) (function)
cwnft._approve(address,address,uint256).owner (#563) shadows:
- Ownable.owner() (#168-170) (function)
Rename the local variables that shadow another component.

Additional information: link

cwnft.setBuyTaxes(uint256,uint256,uint256) (#583-589) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#588)
cwnft.setSellTaxes(uint256,uint256,uint256) (#591-597) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#596)
cwnft.setDistributionSettings(uint256,uint256,uint256) (#599-605) should emit an event for:
- _liquidityShare = newLiquidityShare (#600)
- _teamShare = newTeamShare (#602)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#604)
cwnft.setMaxTxAmount(uint256) (#607-609) should emit an event for:
- _maxTxAmount = maxTxAmount (#608)
cwnft.setWalletLimit(uint256) (#619-621) should emit an event for:
- _walletMax = newLimit (#620)
cwnft.setNumTokensBeforeSwap(uint256) (#623-625) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#624)
Emit an event for critical parameter changes.

Additional information: link

cwnft.setMarketingWalletAddress(address).newAddress (#627) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#628)
cwnft.setTeamWalletAddress(address).newAddress (#631) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#632)
Check that the address is not zero.

Additional information: link

Reentrancy in cwnft.changeRouterVersion(address) (#652-669):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#660-661)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#668)
- isWalletLimitExempt[address(uniswapPair)] = true (#667)
- uniswapPair = newPairAddress (#664)
- uniswapV2Router = _uniswapV2Router (#665)
Reentrancy in cwnft.constructor() (#484-518):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#488-489)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#492)
- _balances[_msgSender()] = _totalSupply (#516)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#501)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#499)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#500)
- isExcludedFromFee[owner()] = true (#494)
- isExcludedFromFee[marketingWalletAddress] = true (#495)
- isExcludedFromFee[teamWalletAddress] = true (#496)
- isExcludedFromFee[address(this)] = true (#497)
- isMarketPair[address(uniswapPair)] = true (#514)
- isTxLimitExempt[owner()] = true (#509)
- isTxLimitExempt[address(this)] = true (#510)
- isTxLimitExempt[marketingWalletAddress] = true (#511)
- isTxLimitExempt[teamWalletAddress] = true (#512)
- isWalletLimitExempt[owner()] = true (#503)
- isWalletLimitExempt[address(uniswapPair)] = true (#504)
- isWalletLimitExempt[address(this)] = true (#505)
- isWalletLimitExempt[marketingWalletAddress] = true (#506)
- isWalletLimitExempt[teamWalletAddress] = true (#507)
- uniswapV2Router = _uniswapV2Router (#491)
Reentrancy in cwnft.swapAndLiquify(uint256) (#732-754):
External calls:
- swapTokensForEth(tokensForSwap) (#737)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#747)
- recipient.transfer(amount) (#649)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#750)
- recipient.transfer(amount) (#649)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- _allowances[owner][spender] = amount (#567)
Reentrancy in cwnft.transferFrom(address,address,uint256) (#679-683):
External calls:
- _transfer(sender,recipient,amount) (#680)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
External calls sending eth:
- _transfer(sender,recipient,amount) (#680)
- recipient.transfer(amount) (#649)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#681)
- _allowances[owner][spender] = amount (#567)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in cwnft._transfer(address,address,uint256) (#685-723):
External calls:
- swapAndLiquify(contractTokenBalance) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#707)
- recipient.transfer(amount) (#649)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#804)
- finalAmount = takeFee(sender,recipient,amount) (#712-713)
- Transfer(sender,recipient,finalAmount) (#720)
Reentrancy in cwnft.constructor() (#484-518):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#488-489)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#517)
Reentrancy in cwnft.swapAndLiquify(uint256) (#732-754):
External calls:
- swapTokensForEth(tokensForSwap) (#737)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#747)
- recipient.transfer(amount) (#649)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#750)
- recipient.transfer(amount) (#649)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#568)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
Reentrancy in cwnft.swapTokensForEth(uint256) (#756-774):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#773)
Reentrancy in cwnft.transferFrom(address,address,uint256) (#679-683):
External calls:
- _transfer(sender,recipient,amount) (#680)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#765-771)
External calls sending eth:
- _transfer(sender,recipient,amount) (#680)
- recipient.transfer(amount) (#649)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#568)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#681)
Apply the check-effects-interactions pattern.

Additional information: link

Ownable.unlock() (#203-208) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#205)
Avoid relying on block.timestamp.

Additional information: link

Address.isContract(address) (#99-108) uses assembly
- INLINE ASM (#106)
Address._functionCallWithValue(address,bytes,uint256,string) (#135-152) uses assembly
- INLINE ASM (#144-147)
Do not use evm assembly.

Additional information: link

Address._functionCallWithValue(address,bytes,uint256,string) (#135-152) is never used and should be removed
Address.functionCall(address,bytes) (#118-120) is never used and should be removed
Address.functionCall(address,bytes,string) (#122-124) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#126-128) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#130-133) is never used and should be removed
Address.isContract(address) (#99-108) is never used and should be removed
Address.sendValue(address,uint256) (#110-116) is never used and should be removed
Context._msgData() (#26-29) is never used and should be removed
SafeMath.mod(uint256,uint256) (#87-89) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#91-94) is never used and should be removed
Remove unused functions.

Additional information: link

cwnft._totalSupply (#448) is set pre-construction with a non-constant function or state variable:
- 1400000000 * 10 ** _decimals
cwnft._maxTxAmount (#449) is set pre-construction with a non-constant function or state variable:
- 1400000000 * 10 ** _decimals
cwnft._walletMax (#450) is set pre-construction with a non-constant function or state variable:
- 1400000000 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Pragma version^0.8.0 (#18) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#110-116):
- (success) = recipient.call{value: amount}() (#114)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#135-152):
- (success,returndata) = target.call{value: weiValue}(data) (#138)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#242) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#243) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#259) is not in mixedCase
Function IUniswapV2Router01.WETH() (#278) is not in mixedCase
Contract cwnft (#411-811) is not in CapWords
Parameter cwnft.setSwapAndLiquifyEnabled(bool)._enabled (#635) is not in mixedCase
Variable cwnft._balances (#424) is not in mixedCase
Variable cwnft._buyLiquidityFee (#432) is not in mixedCase
Variable cwnft._buyMarketingFee (#433) is not in mixedCase
Variable cwnft._buyTeamFee (#434) is not in mixedCase
Variable cwnft._sellLiquidityFee (#436) is not in mixedCase
Variable cwnft._sellMarketingFee (#437) is not in mixedCase
Variable cwnft._sellTeamFee (#438) is not in mixedCase
Variable cwnft._liquidityShare (#440) is not in mixedCase
Variable cwnft._marketingShare (#441) is not in mixedCase
Variable cwnft._teamShare (#442) is not in mixedCase
Variable cwnft._totalTaxIfBuying (#444) is not in mixedCase
Variable cwnft._totalTaxIfSelling (#445) is not in mixedCase
Variable cwnft._totalDistributionShares (#446) is not in mixedCase
Variable cwnft._maxTxAmount (#449) is not in mixedCase
Variable cwnft._walletMax (#450) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#27)" inContext (#20-30)
Remove redundant statements if they congest code but offer no value.

Additional information: link

Reentrancy in cwnft._transfer(address,address,uint256) (#685-723):
External calls:
- swapAndLiquify(contractTokenBalance) (#707)
- recipient.transfer(amount) (#649)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#707)
- recipient.transfer(amount) (#649)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#710)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#718)
- finalAmount = takeFee(sender,recipient,amount) (#712-713)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#803)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#804)
- finalAmount = takeFee(sender,recipient,amount) (#712-713)
- Transfer(sender,recipient,finalAmount) (#720)
Reentrancy in cwnft.swapAndLiquify(uint256) (#732-754):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#747)
- recipient.transfer(amount) (#649)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#750)
- recipient.transfer(amount) (#649)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#747)
- recipient.transfer(amount) (#649)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#750)
- recipient.transfer(amount) (#649)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
- _allowances[owner][spender] = amount (#567)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#568)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#753)
Reentrancy in cwnft.transferFrom(address,address,uint256) (#679-683):
External calls:
- _transfer(sender,recipient,amount) (#680)
- recipient.transfer(amount) (#649)
External calls sending eth:
- _transfer(sender,recipient,amount) (#680)
- recipient.transfer(amount) (#649)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#781-788)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#681)
- _allowances[owner][spender] = amount (#567)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#568)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#681)
Apply the check-effects-interactions pattern.

Additional information: link

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#283) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#284)
Prevent variables from having similar names.

Additional information: link

cwnft.slitherConstructorVariables() (#411-811) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#422)
cwnft.slitherConstructorVariables() (#411-811) uses literals with too many digits:
- _totalSupply = 1400000000 * 10 ** _decimals (#448)
cwnft.slitherConstructorVariables() (#411-811) uses literals with too many digits:
- _maxTxAmount = 1400000000 * 10 ** _decimals (#449)
cwnft.slitherConstructorVariables() (#411-811) uses literals with too many digits:
- _walletMax = 1400000000 * 10 ** _decimals (#450)
cwnft.slitherConstructorVariables() (#411-811) uses literals with too many digits:
- minimumTokensBeforeSwap = 1400000000 * 10 ** 3 (#451)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#177-180)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#182-186)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#188-190)
getTime() should be declared external:
- Ownable.getTime() (#192-194)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#196-201)
unlock() should be declared external:
- Ownable.unlock() (#203-208)
name() should be declared external:
- cwnft.name() (#520-522)
symbol() should be declared external:
- cwnft.symbol() (#524-526)
decimals() should be declared external:
- cwnft.decimals() (#528-530)
totalSupply() should be declared external:
- cwnft.totalSupply() (#532-534)
allowance(address,address) should be declared external:
- cwnft.allowance(address,address) (#540-542)
increaseAllowance(address,uint256) should be declared external:
- cwnft.increaseAllowance(address,uint256) (#544-547)
decreaseAllowance(address,uint256) should be declared external:
- cwnft.decreaseAllowance(address,uint256) (#549-552)
minimumTokensBeforeSwapAmount() should be declared external:
- cwnft.minimumTokensBeforeSwapAmount() (#554-556)
approve(address,uint256) should be declared external:
- cwnft.approve(address,uint256) (#558-561)
setMarketPairStatus(address,bool) should be declared external:
- cwnft.setMarketPairStatus(address,bool) (#571-573)
setIsExcludedFromFee(address,bool) should be declared external:
- cwnft.setIsExcludedFromFee(address,bool) (#579-581)
setSwapAndLiquifyEnabled(bool) should be declared external:
- cwnft.setSwapAndLiquifyEnabled(bool) (#635-638)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- cwnft.setSwapAndLiquifyByLimitOnly(bool) (#640-642)
getCirculatingSupply() should be declared external:
- cwnft.getCirculatingSupply() (#644-646)
changeRouterVersion(address) should be declared external:
- cwnft.changeRouterVersion(address) (#652-669)
transfer(address,uint256) should be declared external:
- cwnft.transfer(address,uint256) (#674-677)
transferFrom(address,address,uint256) should be declared external:
- cwnft.transferFrom(address,address,uint256) (#679-683)
Use the external attribute for functions never called from the contract.

Additional information: link

Holders:


Token seems to be untradeable: there is no PancakeSwap trading pair and no trading volumes. Ignore for presale.


Unable to find Telegram and Twitter accounts

Search:


Unable to find website, listings and other project-related information


Young tokens have high risks of scam / price dump / death


Token has no active CoinGecko listing / rank


Token has no active CoinMarketCap listing / rank

Anti-Scam Checks

Price for cwnft