Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
MAIN.addLiquidity(uint256,uint256) (#724-737) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in MAIN._transfer(address,address,uint256) (#624-673):
External calls:
- swapAndLiquify(contractTokenBalance) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#657)
- recipient.transfer(amount) (#588)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#660)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#668)
- finalAmount = takeFee(sender,recipient,amount) (#662-663)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#751)
Apply the check-effects-interactions pattern.
Additional information: link
MAIN._buyLiquidityFee (#405) is never initialized. It is used in:
- MAIN.constructor() (#456-483)
- MAIN.slitherConstructorVariables() (#382-774)
MAIN._sellLiquidityFee (#408) is never initialized. It is used in:
- MAIN.constructor() (#456-483)
- MAIN.slitherConstructorVariables() (#382-774)
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ticker (DLD Zilla) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
MAIN.addLiquidity(uint256,uint256) (#724-737) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
Ensure that all the return values of the function calls are used.
Additional information: link
MAIN.allowance(address,address).owner (#505) shadows:
- Ownable.owner() (#154-156) (function)
MAIN._approve(address,address,uint256).owner (#528) shadows:
- Ownable.owner() (#154-156) (function)
Rename the local variables that shadow another component.
Additional information: link
MAIN.setMaxTxAmount(uint256) (#549-551) should emit an event for:
- _maxTxAmount = maxTxAmount (#550)
MAIN.setWalletLimit(uint256) (#561-563) should emit an event for:
- _walletMax = newLimit (#562)
MAIN.setNumTokensBeforeSwap(uint256) (#565-567) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#566)
MAIN.UPfeeTXtime(uint256) (#766-768) should emit an event for:
- feeTXtime = _feeTXtime (#767)
MAIN.UPendtime(uint256) (#770-772) should emit an event for:
- endtime = _endtime (#771)
Emit an event for critical parameter changes.
Additional information: link
MAIN.setMarketingWalletAddress(address).newAddress (#569) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#570)
Check that the address is not zero.
Additional information: link
Reentrancy in MAIN.changeRouterVersion(address) (#591-608):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#599-600)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#607)
- isWalletLimitExempt[address(uniswapPair)] = true (#606)
- uniswapPair = newPairAddress (#603)
- uniswapV2Router = _uniswapV2Router (#604)
Reentrancy in MAIN.constructor() (#456-483):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#460-461)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#464)
- _balances[_msgSender()] = _totalSupply (#481)
- _totalDistributionShares = _liquidityShare.add(_marketingShare) (#471)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee) (#469)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee) (#470)
- isExcludedFromFee[owner()] = true (#466)
- isExcludedFromFee[address(this)] = true (#467)
- isMarketPair[address(uniswapPair)] = true (#479)
- isTxLimitExempt[owner()] = true (#476)
- isTxLimitExempt[address(this)] = true (#477)
- isWalletLimitExempt[owner()] = true (#472)
- isWalletLimitExempt[address(uniswapPair)] = true (#473)
- isWalletLimitExempt[address(this)] = true (#474)
- uniswapV2Router = _uniswapV2Router (#463)
Reentrancy in MAIN.swapAndLiquify(uint256) (#682-702):
External calls:
- swapTokensForEth(tokensForSwap) (#687)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#697)
- recipient.transfer(amount) (#588)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- _allowances[owner][spender] = amount (#532)
Reentrancy in MAIN.transferFrom(address,address,uint256) (#618-622):
External calls:
- _transfer(sender,recipient,amount) (#619)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
External calls sending eth:
- _transfer(sender,recipient,amount) (#619)
- recipient.transfer(amount) (#588)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#620)
- _allowances[owner][spender] = amount (#532)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in MAIN._transfer(address,address,uint256) (#624-673):
External calls:
- swapAndLiquify(contractTokenBalance) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#657)
- recipient.transfer(amount) (#588)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#752)
- finalAmount = takeFee(sender,recipient,amount) (#662-663)
- Transfer(sender,recipient,finalAmount) (#670)
Reentrancy in MAIN.constructor() (#456-483):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#460-461)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#482)
Reentrancy in MAIN.swapAndLiquify(uint256) (#682-702):
External calls:
- swapTokensForEth(tokensForSwap) (#687)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#697)
- recipient.transfer(amount) (#588)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#533)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
Reentrancy in MAIN.swapTokensForEth(uint256) (#704-722):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#721)
Reentrancy in MAIN.transferFrom(address,address,uint256) (#618-622):
External calls:
- _transfer(sender,recipient,amount) (#619)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#713-719)
External calls sending eth:
- _transfer(sender,recipient,amount) (#619)
- recipient.transfer(amount) (#588)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#533)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#620)
Apply the check-effects-interactions pattern.
Additional information: link
MAIN._transfer(address,address,uint256) (#624-673) uses timestamp for comparisons
Dangerous comparisons:
- endtime == 0 (#629)
- endtime > block.timestamp (#632)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#87-96) uses assembly
- INLINE ASM (#94)
Address._functionCallWithValue(address,bytes,uint256,string) (#123-140) uses assembly
- INLINE ASM (#132-135)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#123-140) is never used and should be removed
Address.functionCall(address,bytes) (#106-108) is never used and should be removed
Address.functionCall(address,bytes,string) (#110-112) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#114-116) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#118-121) is never used and should be removed
Address.isContract(address) (#87-96) is never used and should be removed
Address.sendValue(address,uint256) (#98-104) is never used and should be removed
Context._msgData() (#14-17) is never used and should be removed
SafeMath.mod(uint256,uint256) (#75-77) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#79-82) is never used and should be removed
Remove unused functions.
Additional information: link
MAIN._sellMarketingFee (#409) is set pre-construction with a non-constant function or state variable:
- _buyMarketingFee
MAIN._liquidityShare (#411) is set pre-construction with a non-constant function or state variable:
- _buyLiquidityFee.add(_sellLiquidityFee)
MAIN._marketingShare (#412) is set pre-construction with a non-constant function or state variable:
- _buyMarketingFee.add(_sellMarketingFee)
MAIN._maxTxAmount (#419) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(1)
MAIN._walletMax (#420) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(1)
MAIN.minimumTokensBeforeSwap (#421) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(10000)
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#98-104):
- (success) = recipient.call{value: amount}() (#102)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#123-140):
- (success,returndata) = target.call{value: weiValue}(data) (#126)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#213) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#214) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#230) is not in mixedCase
Function IUniswapV2Router01.WETH() (#249) is not in mixedCase
Parameter MAIN.setSwapAndLiquifyEnabled(bool)._enabled (#574) is not in mixedCase
Parameter MAIN.setblocklist(address)._account (#758) is not in mixedCase
Function MAIN.UPfeeTXtime(uint256) (#766-768) is not in mixedCase
Parameter MAIN.UPfeeTXtime(uint256)._feeTXtime (#766) is not in mixedCase
Function MAIN.UPendtime(uint256) (#770-772) is not in mixedCase
Parameter MAIN.UPendtime(uint256)._endtime (#770) is not in mixedCase
Variable MAIN._balances (#394) is not in mixedCase
Variable MAIN._buyLiquidityFee (#405) is not in mixedCase
Variable MAIN._buyMarketingFee (#406) is not in mixedCase
Variable MAIN._sellLiquidityFee (#408) is not in mixedCase
Variable MAIN._sellMarketingFee (#409) is not in mixedCase
Variable MAIN._liquidityShare (#411) is not in mixedCase
Variable MAIN._marketingShare (#412) is not in mixedCase
Variable MAIN._totalTaxIfBuying (#414) is not in mixedCase
Variable MAIN._totalTaxIfSelling (#415) is not in mixedCase
Variable MAIN._totalDistributionShares (#416) is not in mixedCase
Variable MAIN._maxTxAmount (#419) is not in mixedCase
Variable MAIN._walletMax (#420) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#15)" inContext (#8-18)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in MAIN._transfer(address,address,uint256) (#624-673):
External calls:
- swapAndLiquify(contractTokenBalance) (#657)
- recipient.transfer(amount) (#588)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#657)
- recipient.transfer(amount) (#588)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#660)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#668)
- finalAmount = takeFee(sender,recipient,amount) (#662-663)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#751)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#752)
- finalAmount = takeFee(sender,recipient,amount) (#662-663)
- Transfer(sender,recipient,finalAmount) (#670)
Reentrancy in MAIN.swapAndLiquify(uint256) (#682-702):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#697)
- recipient.transfer(amount) (#588)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#697)
- recipient.transfer(amount) (#588)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
- _allowances[owner][spender] = amount (#532)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#533)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#701)
Reentrancy in MAIN.transferFrom(address,address,uint256) (#618-622):
External calls:
- _transfer(sender,recipient,amount) (#619)
- recipient.transfer(amount) (#588)
External calls sending eth:
- _transfer(sender,recipient,amount) (#619)
- recipient.transfer(amount) (#588)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#729-736)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#620)
- _allowances[owner][spender] = amount (#532)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#533)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#620)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#254) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#255)
Prevent variables from having similar names.
Additional information: link
MAIN.slitherConstructorVariables() (#382-774) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#392)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
MAIN._buyLiquidityFee (#405) should be constant
MAIN._buyMarketingFee (#406) should be constant
MAIN._decimals (#389) should be constant
MAIN._name (#387) should be constant
MAIN._sellLiquidityFee (#408) should be constant
MAIN._symbol (#388) should be constant
MAIN._totalSupply (#418) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#163-166)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#168-172)
getTime() should be declared external:
- Ownable.getTime() (#175-177)
name() should be declared external:
- MAIN.name() (#485-487)
symbol() should be declared external:
- MAIN.symbol() (#489-491)
decimals() should be declared external:
- MAIN.decimals() (#493-495)
totalSupply() should be declared external:
- MAIN.totalSupply() (#497-499)
allowance(address,address) should be declared external:
- MAIN.allowance(address,address) (#505-507)
increaseAllowance(address,uint256) should be declared external:
- MAIN.increaseAllowance(address,uint256) (#509-512)
decreaseAllowance(address,uint256) should be declared external:
- MAIN.decreaseAllowance(address,uint256) (#514-517)
minimumTokensBeforeSwapAmount() should be declared external:
- MAIN.minimumTokensBeforeSwapAmount() (#519-521)
approve(address,uint256) should be declared external:
- MAIN.approve(address,uint256) (#523-526)
setMarketPairStatus(address,bool) should be declared external:
- MAIN.setMarketPairStatus(address,bool) (#536-538)
setIsExcludedFromFee(address,bool) should be declared external:
- MAIN.setIsExcludedFromFee(address,bool) (#544-546)
setSwapAndLiquifyEnabled(bool) should be declared external:
- MAIN.setSwapAndLiquifyEnabled(bool) (#574-577)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- MAIN.setSwapAndLiquifyByLimitOnly(bool) (#579-581)
getCirculatingSupply() should be declared external:
- MAIN.getCirculatingSupply() (#583-585)
changeRouterVersion(address) should be declared external:
- MAIN.changeRouterVersion(address) (#591-608)
transfer(address,uint256) should be declared external:
- MAIN.transfer(address,uint256) (#613-616)
transferFrom(address,address,uint256) should be declared external:
- MAIN.transferFrom(address,address,uint256) (#618-622)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Token is marked as scam (rug pull, honeypot, phishing, etc.)
Additional information: link
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Twitter account
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account