Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
grimaceputinrussiancatarmy.addLiquidity(uint256,uint256) (#574-587) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in grimaceputinrussiancatarmy._transfer(address,address,uint256) (#470-517):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#508)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
- swapAndLiquify(swapTokensAtAmount,taxes) (#509)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#508)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- swapAndLiquify(swapTokensAtAmount,taxes) (#509)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#516)
- _rOwned[address(this)] += rDonation (#391)
- _rOwned[address(this)] += rMarketing (#381)
- _rOwned[address(this)] += rLiquidity (#371)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#532)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#533)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#516)
- _rTotal -= rRfi (#360)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#516)
- _tOwned[address(this)] += tMarketing (#379)
- _tOwned[address(this)] += tLiquidity (#369)
- _tOwned[sender] = _tOwned[sender] - tAmount (#526)
- _tOwned[address(this)] += tDonation (#389)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#529)
Apply the check-effects-interactions pattern.
Additional information: link
grimaceputinrussiancatarmy.rescueAnyBEP20Tokens(address,address,uint256) (#678-680) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#679)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract name (D'DICTATOR GRIAMCEPUTIN AND THE RUSSIAN CAT ARMY) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
Contract ticker (D'DICTATOR GRIAMCEPUTIN AND THE RUSSIAN CAT ARMY) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
Contract name (D'DICTATOR GRIAMCEPUTIN AND THE RUSSIAN CAT ARMY) has length of 48 chars.
Not a direct threat, but may indicate unreliable intentions of developer.
Contract ticker (D'DICTATOR GRIAMCEPUTIN AND THE RUSSIAN CAT ARMY) has length of 48 chars.
Not a direct threat, but may indicate unreliable intentions of developer.
grimaceputinrussiancatarmy.swapAndLiquify(uint256,grimaceputinrussiancatarmy.Taxes) (#546-572) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#556)
-bnbToAddLiquidityWith = unitBalance * temp.liquidity (#557)
grimaceputinrussiancatarmy.swapAndLiquify(uint256,grimaceputinrussiancatarmy.Taxes) (#546-572) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#556)
-marketingAmt = unitBalance * 2 * temp.marketing (#564)
grimaceputinrussiancatarmy.swapAndLiquify(uint256,grimaceputinrussiancatarmy.Taxes) (#546-572) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#556)
-donationAmt = unitBalance * 2 * temp.donation (#568)
Consider ordering multiplication before division.
Additional information: link
grimaceputinrussiancatarmy.addLiquidity(uint256,uint256) (#574-587) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
Ensure that all the return values of the function calls are used.
Additional information: link
grimaceputinrussiancatarmy.allowance(address,address).owner (#250) shadows:
- Ownable.owner() (#51-53) (function)
grimaceputinrussiancatarmy._approve(address,address,uint256).owner (#463) shadows:
- Ownable.owner() (#51-53) (function)
Rename the local variables that shadow another component.
Additional information: link
grimaceputinrussiancatarmy.updateCooldown(bool,uint256) (#629-632) should emit an event for:
- coolDownTime = time * 1 (#630)
grimaceputinrussiancatarmy.updateSwapTokensAtAmount(uint256) (#634-636) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#635)
grimaceputinrussiancatarmy.updateMaxTxLimit(uint256,uint256) (#657-660) should emit an event for:
- maxBuyLimit = maxBuy * 10 ** decimals() (#658)
- maxSellLimit = maxSell * 10 ** decimals() (#659)
grimaceputinrussiancatarmy.updateMaxWalletlimit(uint256) (#662-664) should emit an event for:
- maxWalletLimit = amount * 10 ** decimals() (#663)
Emit an event for critical parameter changes.
Additional information: link
grimaceputinrussiancatarmy.constructor(address)._pair (#206-207) lacks a zero-check on :
- pair = _pair (#210)
grimaceputinrussiancatarmy.updateMarketingWallet(address).newWallet (#620) lacks a zero-check on :
- marketingWallet = newWallet (#621)
grimaceputinrussiancatarmy.updateDonationWallet(address).newWallet (#624) lacks a zero-check on :
- donationWallet = newWallet (#625)
grimaceputinrussiancatarmy.updateRouterAndPair(address,address).newPair (#666) lacks a zero-check on :
- pair = newPair (#668)
Check that the address is not zero.
Additional information: link
Reentrancy in grimaceputinrussiancatarmy._transfer(address,address,uint256) (#470-517):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#508)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
- swapAndLiquify(swapTokensAtAmount,taxes) (#509)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#508)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- swapAndLiquify(swapTokensAtAmount,taxes) (#509)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#516)
- totFeesPaid.liquidity += tLiquidity (#365)
- totFeesPaid.donation += tDonation (#385)
- totFeesPaid.marketing += tMarketing (#375)
- totFeesPaid.rfi += tRfi (#361)
Reentrancy in grimaceputinrussiancatarmy.constructor(address) (#204-227):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#206-207)
State variables written after the call(s):
- excludeFromReward(pair) (#212)
- _excluded.push(account) (#321)
- excludeFromReward(pair) (#212)
- _isExcluded[account] = true (#320)
- _isExcludedFromFee[address(this)] = true (#215)
- _isExcludedFromFee[owner()] = true (#216)
- _isExcludedFromFee[marketingWallet] = true (#217)
- _isExcludedFromFee[donationWallet] = true (#218)
- _rOwned[owner()] = _rTotal (#214)
- excludeFromReward(pair) (#212)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#318)
- allowedTransfer[address(this)] = true (#220)
- allowedTransfer[owner()] = true (#221)
- allowedTransfer[pair] = true (#222)
- allowedTransfer[marketingWallet] = true (#223)
- allowedTransfer[donationWallet] = true (#224)
- pair = _pair (#210)
- router = _router (#209)
Reentrancy in grimaceputinrussiancatarmy.swapAndLiquify(uint256,grimaceputinrussiancatarmy.Taxes) (#546-572):
External calls:
- swapTokensForBNB(toSwap) (#553)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#561)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#561)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#561)
- _allowances[owner][spender] = amount (#466)
Reentrancy in grimaceputinrussiancatarmy.transferFrom(address,address,uint256) (#259-267):
External calls:
- _transfer(sender,recipient,amount) (#260)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
External calls sending eth:
- _transfer(sender,recipient,amount) (#260)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#264)
- _allowances[owner][spender] = amount (#466)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in grimaceputinrussiancatarmy._transfer(address,address,uint256) (#470-517):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#508)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
- swapAndLiquify(swapTokensAtAmount,taxes) (#509)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#508)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- swapAndLiquify(swapTokensAtAmount,taxes) (#509)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
Event emitted after the call(s):
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing + s.tDonation) (#538)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#516)
- Transfer(sender,recipient,s.tTransferAmount) (#542)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#516)
Reentrancy in grimaceputinrussiancatarmy.constructor(address) (#204-227):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#206-207)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#226)
Reentrancy in grimaceputinrussiancatarmy.swapAndLiquify(uint256,grimaceputinrussiancatarmy.Taxes) (#546-572):
External calls:
- swapTokensForBNB(toSwap) (#553)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#561)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#561)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#467)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#561)
Reentrancy in grimaceputinrussiancatarmy.transferFrom(address,address,uint256) (#259-267):
External calls:
- _transfer(sender,recipient,amount) (#260)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#598-604)
- address(marketingWallet).sendValue(marketingAmt) (#566)
- address(donationWallet).sendValue(donationAmt) (#570)
External calls sending eth:
- _transfer(sender,recipient,amount) (#260)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#579-586)
- (success) = recipient.call{value: amount}() (#104)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#467)
- _approve(sender,_msgSender(),currentAllowance - amount) (#264)
Apply the check-effects-interactions pattern.
Additional information: link
grimaceputinrussiancatarmy._transfer(address,address,uint256) (#470-517) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(timePassed >= coolDownTime,Cooldown enabled) (#497)
Avoid relying on block.timestamp.
Additional information: link
grimaceputinrussiancatarmy.setTradingStatus(bool) (#303-307) compares to a boolean constant:
-state == true && genesis_block == 0 (#306)
Remove the equality to the boolean constant.
Additional information: link
grimaceputinrussiancatarmy.includeInReward(address) (#324-335) has costly operations inside a loop:
- _excluded.pop() (#331)
grimaceputinrussiancatarmy._reflectRfi(uint256,uint256) (#359-362) has costly operations inside a loop:
- _rTotal -= rRfi (#360)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#36-39) is never used and should be removed
Remove unused functions.
Additional information: link
grimaceputinrussiancatarmy._tTotal (#146) is set pre-construction with a non-constant function or state variable:
- initialsupply * 10 ** _decimals
grimaceputinrussiancatarmy._rTotal (#147) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#101-106):
- (success) = recipient.call{value: amount}() (#104)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IRouter.WETH() (#82) is not in mixedCase
Contract grimaceputinrussiancatarmy (#110-685) is not in CapWords
Struct grimaceputinrussiancatarmy.valuesFromGetValues (#181-193) is not in CapWords
Parameter grimaceputinrussiancatarmy.setTaxes(uint256,uint256,uint256,uint256)._rfi (#349) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setTaxes(uint256,uint256,uint256,uint256)._marketing (#349) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setTaxes(uint256,uint256,uint256,uint256)._liquidity (#349) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setTaxes(uint256,uint256,uint256,uint256)._donation (#349) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setSellTaxes(uint256,uint256,uint256,uint256)._rfi (#354) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setSellTaxes(uint256,uint256,uint256,uint256)._marketing (#354) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setSellTaxes(uint256,uint256,uint256,uint256)._liquidity (#354) is not in mixedCase
Parameter grimaceputinrussiancatarmy.setSellTaxes(uint256,uint256,uint256,uint256)._donation (#354) is not in mixedCase
Parameter grimaceputinrussiancatarmy.updateSwapEnabled(bool)._enabled (#638) is not in mixedCase
Parameter grimaceputinrussiancatarmy.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#678) is not in mixedCase
Parameter grimaceputinrussiancatarmy.rescueAnyBEP20Tokens(address,address,uint256)._to (#678) is not in mixedCase
Parameter grimaceputinrussiancatarmy.rescueAnyBEP20Tokens(address,address,uint256)._amount (#678) is not in mixedCase
Constant grimaceputinrussiancatarmy._decimals (#142) is not in UPPER_CASE_WITH_UNDERSCORES
Variable grimaceputinrussiancatarmy.genesis_block (#154) is not in mixedCase
Constant grimaceputinrussiancatarmy._name (#159) is not in UPPER_CASE_WITH_UNDERSCORES
Constant grimaceputinrussiancatarmy._symbol (#160) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#37)" inContext (#31-40)
Remove redundant statements if they congest code but offer no value.
Additional information: link
grimaceputinrussiancatarmy.initialsupply (#145) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#60-62)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#64-67)
name() should be declared external:
- grimaceputinrussiancatarmy.name() (#230-232)
symbol() should be declared external:
- grimaceputinrussiancatarmy.symbol() (#233-235)
totalSupply() should be declared external:
- grimaceputinrussiancatarmy.totalSupply() (#241-243)
allowance(address,address) should be declared external:
- grimaceputinrussiancatarmy.allowance(address,address) (#250-252)
approve(address,uint256) should be declared external:
- grimaceputinrussiancatarmy.approve(address,uint256) (#254-257)
transferFrom(address,address,uint256) should be declared external:
- grimaceputinrussiancatarmy.transferFrom(address,address,uint256) (#259-267)
increaseAllowance(address,uint256) should be declared external:
- grimaceputinrussiancatarmy.increaseAllowance(address,uint256) (#269-272)
decreaseAllowance(address,uint256) should be declared external:
- grimaceputinrussiancatarmy.decreaseAllowance(address,uint256) (#274-280)
transfer(address,uint256) should be declared external:
- grimaceputinrussiancatarmy.transfer(address,uint256) (#282-286)
isExcludedFromReward(address) should be declared external:
- grimaceputinrussiancatarmy.isExcludedFromReward(address) (#288-290)
reflectionFromToken(uint256,bool) should be declared external:
- grimaceputinrussiancatarmy.reflectionFromToken(uint256,bool) (#292-301)
excludeFromFee(address) should be declared external:
- grimaceputinrussiancatarmy.excludeFromFee(address) (#337-339)
includeInFee(address) should be declared external:
- grimaceputinrussiancatarmy.includeInFee(address) (#341-343)
isExcludedFromFee(address) should be declared external:
- grimaceputinrussiancatarmy.isExcludedFromFee(address) (#345-347)
setTaxes(uint256,uint256,uint256,uint256) should be declared external:
- grimaceputinrussiancatarmy.setTaxes(uint256,uint256,uint256,uint256) (#349-352)
setSellTaxes(uint256,uint256,uint256,uint256) should be declared external:
- grimaceputinrussiancatarmy.setSellTaxes(uint256,uint256,uint256,uint256) (#354-357)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- grimaceputinrussiancatarmy.rescueAnyBEP20Tokens(address,address,uint256) (#678-680)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts