Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
DAO.addLiquidity(uint256,uint256) (#738-751) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in DAO._transfer(address,address,uint256) (#647-685):
External calls:
- swapAndLiquify(contractTokenBalance) (#669)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#669)
- recipient.transfer(amount) (#611)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#672)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#680)
- finalAmount = takeFee(sender,recipient,amount) (#674-675)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#765)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#250) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#251)
Prevent variables from having similar names.
Additional information: link
DAO.addLiquidity(uint256,uint256) (#738-751) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
Ensure that all the return values of the function calls are used.
Additional information: link
DAO.allowance(address,address).owner (#502) shadows:
- Ownable.owner() (#152-154) (function)
DAO._approve(address,address,uint256).owner (#525) shadows:
- Ownable.owner() (#152-154) (function)
Rename the local variables that shadow another component.
Additional information: link
DAO.setBuyTaxes(uint256,uint256,uint256) (#545-551) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#550)
DAO.setSelTaxes(uint256,uint256,uint256) (#553-559) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#558)
DAO.setDistributionSettings(uint256,uint256,uint256) (#561-567) should emit an event for:
- _liquidityShare = newLiquidityShare (#562)
- _teamShare = newTeamShare (#564)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#566)
DAO.setMaxTxAmount(uint256) (#569-571) should emit an event for:
- _maxTxAmount = maxTxAmount (#570)
DAO.setWalletLimit(uint256) (#581-583) should emit an event for:
- _walletMax = newLimit (#582)
DAO.setNumTokensBeforeSwap(uint256) (#585-587) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#586)
Emit an event for critical parameter changes.
Additional information: link
DAO.setMarketingWalletAddress(address).newAddress (#589) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#590)
DAO.setTeamWalletAddress(address).newAddress (#593) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#594)
Check that the address is not zero.
Additional information: link
Reentrancy in DAO.changeRouterVersion(address) (#614-631):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#622-623)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#630)
- isWalletLimitExempt[address(uniswapPair)] = true (#629)
- uniswapPair = newPairAddress (#626)
- uniswapV2Router = _uniswapV2Router (#627)
Reentrancy in DAO.constructor() (#451-480):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#456-457)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#460)
- _balances[_msgSender()] = _totalSupply (#478)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#467)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#465)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#466)
- isExcludedFromFee[owner()] = true (#462)
- isExcludedFromFee[address(this)] = true (#463)
- isMarketPair[address(uniswapPair)] = true (#476)
- isTxLimitExempt[owner()] = true (#473)
- isTxLimitExempt[address(this)] = true (#474)
- isWalletLimitExempt[owner()] = true (#469)
- isWalletLimitExempt[address(uniswapPair)] = true (#470)
- isWalletLimitExempt[address(this)] = true (#471)
- uniswapV2Router = _uniswapV2Router (#459)
Reentrancy in DAO.swapAndLiquify(uint256) (#694-716):
External calls:
- swapTokensForEth(tokensForSwap) (#699)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#709)
- recipient.transfer(amount) (#611)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#712)
- recipient.transfer(amount) (#611)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- _allowances[owner][spender] = amount (#529)
Reentrancy in DAO.transferFrom(address,address,uint256) (#641-645):
External calls:
- _transfer(sender,recipient,amount) (#642)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
External calls sending eth:
- _transfer(sender,recipient,amount) (#642)
- recipient.transfer(amount) (#611)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#643)
- _allowances[owner][spender] = amount (#529)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in DAO._transfer(address,address,uint256) (#647-685):
External calls:
- swapAndLiquify(contractTokenBalance) (#669)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#669)
- recipient.transfer(amount) (#611)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#766)
- finalAmount = takeFee(sender,recipient,amount) (#674-675)
- Transfer(sender,recipient,finalAmount) (#682)
Reentrancy in DAO.constructor() (#451-480):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#456-457)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#479)
Reentrancy in DAO.swapAndLiquify(uint256) (#694-716):
External calls:
- swapTokensForEth(tokensForSwap) (#699)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#709)
- recipient.transfer(amount) (#611)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#712)
- recipient.transfer(amount) (#611)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#530)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
Reentrancy in DAO.swapTokensForEth(uint256) (#718-736):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#735)
Reentrancy in DAO.transferFrom(address,address,uint256) (#641-645):
External calls:
- _transfer(sender,recipient,amount) (#642)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#727-733)
External calls sending eth:
- _transfer(sender,recipient,amount) (#642)
- recipient.transfer(amount) (#611)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#530)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#643)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#83-92) uses assembly
- INLINE ASM (#90)
Address._functionCallWithValue(address,bytes,uint256,string) (#119-136) uses assembly
- INLINE ASM (#128-131)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#119-136) is never used and should be removed
Address.functionCall(address,bytes) (#102-104) is never used and should be removed
Address.functionCall(address,bytes,string) (#106-108) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#110-112) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#114-117) is never used and should be removed
Address.isContract(address) (#83-92) is never used and should be removed
Address.sendValue(address,uint256) (#94-100) is never used and should be removed
Context._msgData() (#10-13) is never used and should be removed
SafeMath.mod(uint256,uint256) (#71-73) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#75-78) is never used and should be removed
Remove unused functions.
Additional information: link
DAO._totalSupply (#415) is set pre-construction with a non-constant function or state variable:
- 1000000000000 * 10 ** _decimals
DAO._maxTxAmount (#416) is set pre-construction with a non-constant function or state variable:
- 1000000000000 * 10 ** _decimals
DAO._walletMax (#417) is set pre-construction with a non-constant function or state variable:
- 1000000000000 * 10 ** _decimals
DAO.minimumTokensBeforeSwap (#418) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#94-100):
- (success) = recipient.call{value: amount}() (#98)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#119-136):
- (success,returndata) = target.call{value: weiValue}(data) (#122)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#209) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#210) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#226) is not in mixedCase
Function IUniswapV2Router01.WETH() (#245) is not in mixedCase
Parameter DAO.setSwapAndLiquifyEnabled(bool)._enabled (#597) is not in mixedCase
Variable DAO._balances (#391) is not in mixedCase
Variable DAO._buyLiquidityFee (#399) is not in mixedCase
Variable DAO._buyMarketingFee (#400) is not in mixedCase
Variable DAO._buyTeamFee (#401) is not in mixedCase
Variable DAO._sellLiquidityFee (#403) is not in mixedCase
Variable DAO._sellMarketingFee (#404) is not in mixedCase
Variable DAO._sellTeamFee (#405) is not in mixedCase
Variable DAO._liquidityShare (#407) is not in mixedCase
Variable DAO._marketingShare (#408) is not in mixedCase
Variable DAO._teamShare (#409) is not in mixedCase
Variable DAO._totalTaxIfBuying (#411) is not in mixedCase
Variable DAO._totalTaxIfSelling (#412) is not in mixedCase
Variable DAO._totalDistributionShares (#413) is not in mixedCase
Variable DAO._maxTxAmount (#416) is not in mixedCase
Variable DAO._walletMax (#417) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#11)" inContext (#4-14)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in DAO._transfer(address,address,uint256) (#647-685):
External calls:
- swapAndLiquify(contractTokenBalance) (#669)
- recipient.transfer(amount) (#611)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#669)
- recipient.transfer(amount) (#611)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#672)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#680)
- finalAmount = takeFee(sender,recipient,amount) (#674-675)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#765)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#766)
- finalAmount = takeFee(sender,recipient,amount) (#674-675)
- Transfer(sender,recipient,finalAmount) (#682)
Reentrancy in DAO.swapAndLiquify(uint256) (#694-716):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#709)
- recipient.transfer(amount) (#611)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#712)
- recipient.transfer(amount) (#611)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#709)
- recipient.transfer(amount) (#611)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#712)
- recipient.transfer(amount) (#611)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
- _allowances[owner][spender] = amount (#529)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#530)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#715)
Reentrancy in DAO.transferFrom(address,address,uint256) (#641-645):
External calls:
- _transfer(sender,recipient,amount) (#642)
- recipient.transfer(amount) (#611)
External calls sending eth:
- _transfer(sender,recipient,amount) (#642)
- recipient.transfer(amount) (#611)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#743-750)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#643)
- _allowances[owner][spender] = amount (#529)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#530)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#643)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.waiveOwnership() (#161-164) uses literals with too many digits:
- OwnershipTransferred(_owner,address(0x000000000000000000000000000000000000dEaD)) (#162)
Ownable.waiveOwnership() (#161-164) uses literals with too many digits:
- _owner = address(0x000000000000000000000000000000000000dEaD) (#163)
DAO.slitherConstructorVariables() (#378-773) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#389)
DAO.slitherConstructorVariables() (#378-773) uses literals with too many digits:
- _totalSupply = 1000000000000 * 10 ** _decimals (#415)
DAO.slitherConstructorVariables() (#378-773) uses literals with too many digits:
- _maxTxAmount = 1000000000000 * 10 ** _decimals (#416)
DAO.slitherConstructorVariables() (#378-773) uses literals with too many digits:
- _walletMax = 1000000000000 * 10 ** _decimals (#417)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Ownable.asdasd (#141) is never used in DAO (#378-773)
Ownable._lockTime (#142) is never used in DAO (#378-773)
Remove unused state variables.
Additional information: link
DAO._decimals (#385) should be constant
DAO._name (#383) should be constant
DAO._symbol (#384) should be constant
Ownable._lockTime (#142) should be constant
Ownable.asdasd (#141) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#161-164)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#166-170)
getTime() should be declared external:
- Ownable.getTime() (#172-174)
name() should be declared external:
- DAO.name() (#482-484)
symbol() should be declared external:
- DAO.symbol() (#486-488)
decimals() should be declared external:
- DAO.decimals() (#490-492)
totalSupply() should be declared external:
- DAO.totalSupply() (#494-496)
allowance(address,address) should be declared external:
- DAO.allowance(address,address) (#502-504)
increaseAllowance(address,uint256) should be declared external:
- DAO.increaseAllowance(address,uint256) (#506-509)
decreaseAllowance(address,uint256) should be declared external:
- DAO.decreaseAllowance(address,uint256) (#511-514)
minimumTokensBeforeSwapAmount() should be declared external:
- DAO.minimumTokensBeforeSwapAmount() (#516-518)
approve(address,uint256) should be declared external:
- DAO.approve(address,uint256) (#520-523)
setMarketPairStatus(address,bool) should be declared external:
- DAO.setMarketPairStatus(address,bool) (#533-535)
setIsExcludedFromFee(address,bool) should be declared external:
- DAO.setIsExcludedFromFee(address,bool) (#541-543)
setSwapAndLiquifyEnabled(bool) should be declared external:
- DAO.setSwapAndLiquifyEnabled(bool) (#597-600)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- DAO.setSwapAndLiquifyByLimitOnly(bool) (#602-604)
getCirculatingSupply() should be declared external:
- DAO.getCirculatingSupply() (#606-608)
changeRouterVersion(address) should be declared external:
- DAO.changeRouterVersion(address) (#614-631)
transfer(address,uint256) should be declared external:
- DAO.transfer(address,uint256) (#636-639)
transferFrom(address,address,uint256) should be declared external:
- DAO.transferFrom(address,address,uint256) (#641-645)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts