Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Reentrancy in DERPYINU._transfer(address,address,uint256) (#482-529):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#520)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
- swapAndLiquify(swapTokensAtAmount,taxes) (#521)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#520)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- swapAndLiquify(swapTokensAtAmount,taxes) (#521)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#528)
- _rOwned[address(this)] += rLiquidity (#383)
- _rOwned[address(this)] += rDonation (#403)
- _rOwned[address(this)] += rMarketing (#393)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#544)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#545)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#528)
- _rTotal -= rRfi (#372)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#528)
- _tOwned[address(this)] += tMarketing (#391)
- _tOwned[address(this)] += tLiquidity (#381)
- _tOwned[sender] = _tOwned[sender] - tAmount (#538)
- _tOwned[address(this)] += tDonation (#401)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#541)
Apply the check-effects-interactions pattern.
Additional information: link
DERPYINU.rescueAnyBEP20Tokens(address,address,uint256) (#690-692) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#691)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
DERPYINU.addLiquidity(uint256,uint256) (#586-599) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#72-74)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#76-79)
name() should be declared external:
- DERPYINU.name() (#242-244)
symbol() should be declared external:
- DERPYINU.symbol() (#245-247)
totalSupply() should be declared external:
- DERPYINU.totalSupply() (#253-255)
allowance(address,address) should be declared external:
- DERPYINU.allowance(address,address) (#262-264)
approve(address,uint256) should be declared external:
- DERPYINU.approve(address,uint256) (#266-269)
transferFrom(address,address,uint256) should be declared external:
- DERPYINU.transferFrom(address,address,uint256) (#271-279)
increaseAllowance(address,uint256) should be declared external:
- DERPYINU.increaseAllowance(address,uint256) (#281-284)
decreaseAllowance(address,uint256) should be declared external:
- DERPYINU.decreaseAllowance(address,uint256) (#286-292)
transfer(address,uint256) should be declared external:
- DERPYINU.transfer(address,uint256) (#294-298)
isExcludedFromReward(address) should be declared external:
- DERPYINU.isExcludedFromReward(address) (#300-302)
reflectionFromToken(uint256,bool) should be declared external:
- DERPYINU.reflectionFromToken(uint256,bool) (#304-313)
excludeFromFee(address) should be declared external:
- DERPYINU.excludeFromFee(address) (#349-351)
includeInFee(address) should be declared external:
- DERPYINU.includeInFee(address) (#353-355)
isExcludedFromFee(address) should be declared external:
- DERPYINU.isExcludedFromFee(address) (#357-359)
setTaxes(uint256,uint256,uint256,uint256) should be declared external:
- DERPYINU.setTaxes(uint256,uint256,uint256,uint256) (#361-364)
setSellTaxes(uint256,uint256,uint256,uint256) should be declared external:
- DERPYINU.setSellTaxes(uint256,uint256,uint256,uint256) (#366-369)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- DERPYINU.rescueAnyBEP20Tokens(address,address,uint256) (#690-692)
Use the external attribute for functions never called from the contract.
Additional information: link
DERPYINU.swapAndLiquify(uint256,DERPYINU.Taxes) (#558-584) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#568)
-bnbToAddLiquidityWith = unitBalance * temp.liquidity (#569)
DERPYINU.swapAndLiquify(uint256,DERPYINU.Taxes) (#558-584) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#568)
-marketingAmt = unitBalance * 2 * temp.marketing (#576)
DERPYINU.swapAndLiquify(uint256,DERPYINU.Taxes) (#558-584) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#568)
-donationAmt = unitBalance * 2 * temp.donation (#580)
Consider ordering multiplication before division.
Additional information: link
DERPYINU.addLiquidity(uint256,uint256) (#586-599) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
Ensure that all the return values of the function calls are used.
Additional information: link
DERPYINU.allowance(address,address).owner (#262) shadows:
- Ownable.owner() (#63-65) (function)
DERPYINU._approve(address,address,uint256).owner (#475) shadows:
- Ownable.owner() (#63-65) (function)
Rename the local variables that shadow another component.
Additional information: link
DERPYINU.updateCooldown(bool,uint256) (#641-644) should emit an event for:
- coolDownTime = time * 1 (#642)
DERPYINU.updateSwapTokensAtAmount(uint256) (#646-648) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#647)
DERPYINU.updateMaxTxLimit(uint256,uint256) (#669-672) should emit an event for:
- maxBuyLimit = maxBuy * 10 ** decimals() (#670)
- maxSellLimit = maxSell * 10 ** decimals() (#671)
DERPYINU.updateMaxWalletlimit(uint256) (#674-676) should emit an event for:
- maxWalletLimit = amount * 10 ** decimals() (#675)
Emit an event for critical parameter changes.
Additional information: link
DERPYINU.constructor(address)._pair (#218-219) lacks a zero-check on :
- pair = _pair (#222)
DERPYINU.updateMarketingWallet(address).newWallet (#632) lacks a zero-check on :
- marketingWallet = newWallet (#633)
DERPYINU.updateDonationWallet(address).newWallet (#636) lacks a zero-check on :
- donationWallet = newWallet (#637)
DERPYINU.updateRouterAndPair(address,address).newPair (#678) lacks a zero-check on :
- pair = newPair (#680)
Check that the address is not zero.
Additional information: link
Reentrancy in DERPYINU._transfer(address,address,uint256) (#482-529):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#520)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
- swapAndLiquify(swapTokensAtAmount,taxes) (#521)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#520)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- swapAndLiquify(swapTokensAtAmount,taxes) (#521)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#528)
- totFeesPaid.marketing += tMarketing (#387)
- totFeesPaid.liquidity += tLiquidity (#377)
- totFeesPaid.donation += tDonation (#397)
- totFeesPaid.rfi += tRfi (#373)
Reentrancy in DERPYINU.constructor(address) (#216-239):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#218-219)
State variables written after the call(s):
- excludeFromReward(pair) (#224)
- _excluded.push(account) (#333)
- excludeFromReward(pair) (#224)
- _isExcluded[account] = true (#332)
- _isExcludedFromFee[address(this)] = true (#227)
- _isExcludedFromFee[owner()] = true (#228)
- _isExcludedFromFee[marketingWallet] = true (#229)
- _isExcludedFromFee[donationWallet] = true (#230)
- _rOwned[owner()] = _rTotal (#226)
- excludeFromReward(pair) (#224)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#330)
- allowedTransfer[address(this)] = true (#232)
- allowedTransfer[owner()] = true (#233)
- allowedTransfer[pair] = true (#234)
- allowedTransfer[marketingWallet] = true (#235)
- allowedTransfer[donationWallet] = true (#236)
- pair = _pair (#222)
- router = _router (#221)
Reentrancy in DERPYINU.swapAndLiquify(uint256,DERPYINU.Taxes) (#558-584):
External calls:
- swapTokensForBNB(toSwap) (#565)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#573)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#573)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#573)
- _allowances[owner][spender] = amount (#478)
Reentrancy in DERPYINU.transferFrom(address,address,uint256) (#271-279):
External calls:
- _transfer(sender,recipient,amount) (#272)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
External calls sending eth:
- _transfer(sender,recipient,amount) (#272)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#276)
- _allowances[owner][spender] = amount (#478)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in DERPYINU._transfer(address,address,uint256) (#482-529):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#520)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
- swapAndLiquify(swapTokensAtAmount,taxes) (#521)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#520)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- swapAndLiquify(swapTokensAtAmount,taxes) (#521)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
Event emitted after the call(s):
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing + s.tDonation) (#550)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#528)
- Transfer(sender,recipient,s.tTransferAmount) (#554)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#528)
Reentrancy in DERPYINU.constructor(address) (#216-239):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#218-219)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#238)
Reentrancy in DERPYINU.swapAndLiquify(uint256,DERPYINU.Taxes) (#558-584):
External calls:
- swapTokensForBNB(toSwap) (#565)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#573)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#573)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#479)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#573)
Reentrancy in DERPYINU.transferFrom(address,address,uint256) (#271-279):
External calls:
- _transfer(sender,recipient,amount) (#272)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#610-616)
- address(marketingWallet).sendValue(marketingAmt) (#578)
- address(donationWallet).sendValue(donationAmt) (#582)
External calls sending eth:
- _transfer(sender,recipient,amount) (#272)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#591-598)
- (success) = recipient.call{value: amount}() (#116)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#479)
- _approve(sender,_msgSender(),currentAllowance - amount) (#276)
Apply the check-effects-interactions pattern.
Additional information: link
DERPYINU._transfer(address,address,uint256) (#482-529) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(timePassed >= coolDownTime,Cooldown enabled) (#509)
Avoid relying on block.timestamp.
Additional information: link
DERPYINU.setTradingStatus(bool) (#315-319) compares to a boolean constant:
-state == true && genesis_block == 0 (#318)
Remove the equality to the boolean constant.
Additional information: link
DERPYINU.includeInReward(address) (#336-347) has costly operations inside a loop:
- _excluded.pop() (#343)
DERPYINU._reflectRfi(uint256,uint256) (#371-374) has costly operations inside a loop:
- _rTotal -= rRfi (#372)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#48-51) is never used and should be removed
Remove unused functions.
Additional information: link
DERPYINU._tTotal (#158) is set pre-construction with a non-constant function or state variable:
- initialsupply * 10 ** _decimals
DERPYINU._rTotal (#159) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#113-118):
- (success) = recipient.call{value: amount}() (#116)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IRouter.WETH() (#94) is not in mixedCase
Struct DERPYINU.valuesFromGetValues (#193-205) is not in CapWords
Parameter DERPYINU.setTaxes(uint256,uint256,uint256,uint256)._rfi (#361) is not in mixedCase
Parameter DERPYINU.setTaxes(uint256,uint256,uint256,uint256)._marketing (#361) is not in mixedCase
Parameter DERPYINU.setTaxes(uint256,uint256,uint256,uint256)._liquidity (#361) is not in mixedCase
Parameter DERPYINU.setTaxes(uint256,uint256,uint256,uint256)._donation (#361) is not in mixedCase
Parameter DERPYINU.setSellTaxes(uint256,uint256,uint256,uint256)._rfi (#366) is not in mixedCase
Parameter DERPYINU.setSellTaxes(uint256,uint256,uint256,uint256)._marketing (#366) is not in mixedCase
Parameter DERPYINU.setSellTaxes(uint256,uint256,uint256,uint256)._liquidity (#366) is not in mixedCase
Parameter DERPYINU.setSellTaxes(uint256,uint256,uint256,uint256)._donation (#366) is not in mixedCase
Parameter DERPYINU.updateSwapEnabled(bool)._enabled (#650) is not in mixedCase
Parameter DERPYINU.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#690) is not in mixedCase
Parameter DERPYINU.rescueAnyBEP20Tokens(address,address,uint256)._to (#690) is not in mixedCase
Parameter DERPYINU.rescueAnyBEP20Tokens(address,address,uint256)._amount (#690) is not in mixedCase
Constant DERPYINU._decimals (#154) is not in UPPER_CASE_WITH_UNDERSCORES
Variable DERPYINU.genesis_block (#166) is not in mixedCase
Constant DERPYINU._name (#171) is not in UPPER_CASE_WITH_UNDERSCORES
Constant DERPYINU._symbol (#172) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#49)" inContext (#43-52)
Remove redundant statements if they congest code but offer no value.
Additional information: link
DERPYINU.initialsupply (#157) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts