DOGEFOOD Token

DOGEFOOD.addLiquidity(uint256,uint256) (#754-767) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in DOGEFOOD._transfer(address,address,uint256) (#663-701):
External calls:
- swapAndLiquify(contractTokenBalance) (#685)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#627)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#688)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#696)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#781)
Apply the check-effects-interactions pattern.

Additional information: link

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Low level call in Address.sendValue(address,uint256) (#94-100):
- (success) = recipient.call{value: amount}() (#98)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#119-136):
- (success,returndata) = target.call{value: weiValue}(data) (#122)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Address.isContract(address) (#83-92) uses assembly
- INLINE ASM (#90)
Address._functionCallWithValue(address,bytes,uint256,string) (#119-136) uses assembly
- INLINE ASM (#128-131)
Do not use evm assembly.

Additional information: link

Redundant expression "this (#11)" inContext (#4-14)
Remove redundant statements if they congest code but offer no value.

Additional information: link

DOGEFOOD._decimals (#402) should be constant
DOGEFOOD._name (#400) should be constant
DOGEFOOD._symbol (#401) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

DOGEFOOD.addLiquidity(uint256,uint256) (#754-767) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
Ensure that all the return values of the function calls are used.

Additional information: link

Address._functionCallWithValue(address,bytes,uint256,string) (#119-136) is never used and should be removed
Address.functionCall(address,bytes) (#102-104) is never used and should be removed
Address.functionCall(address,bytes,string) (#106-108) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#110-112) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#114-117) is never used and should be removed
Address.isContract(address) (#83-92) is never used and should be removed
Address.sendValue(address,uint256) (#94-100) is never used and should be removed
Context._msgData() (#10-13) is never used and should be removed
SafeMath.mod(uint256,uint256) (#71-73) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#75-78) is never used and should be removed
Remove unused functions.

Additional information: link

Ownable.unlock() (#187-192) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#189)
Avoid relying on block.timestamp.

Additional information: link

DOGEFOOD._totalSupply (#432) is set pre-construction with a non-constant function or state variable:
- 420000 * 10 ** 6 * 10 ** 6 * 10 ** _decimals
DOGEFOOD._maxTxAmount (#433) is set pre-construction with a non-constant function or state variable:
- 420000 * 10 ** 6 * 10 ** 6 * 10 ** _decimals
DOGEFOOD._walletMax (#434) is set pre-construction with a non-constant function or state variable:
- 420000 * 10 ** 6 * 10 ** 6 * 10 ** _decimals
DOGEFOOD.minimumTokensBeforeSwap (#435) is set pre-construction with a non-constant function or state variable:
- 420000 * 10 ** 6 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#226) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#227) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#243) is not in mixedCase
Function IUniswapV2Router01.WETH() (#262) is not in mixedCase
Parameter DOGEFOOD.setSwapAndLiquifyEnabled(bool)._enabled (#613) is not in mixedCase
Variable DOGEFOOD._balances (#408) is not in mixedCase
Variable DOGEFOOD._buyLiquidityFee (#416) is not in mixedCase
Variable DOGEFOOD._buyMarketingFee (#417) is not in mixedCase
Variable DOGEFOOD._buyTeamFee (#418) is not in mixedCase
Variable DOGEFOOD._sellLiquidityFee (#420) is not in mixedCase
Variable DOGEFOOD._sellMarketingFee (#421) is not in mixedCase
Variable DOGEFOOD._sellTeamFee (#422) is not in mixedCase
Variable DOGEFOOD._liquidityShare (#424) is not in mixedCase
Variable DOGEFOOD._marketingShare (#425) is not in mixedCase
Variable DOGEFOOD._teamShare (#426) is not in mixedCase
Variable DOGEFOOD._totalTaxIfBuying (#428) is not in mixedCase
Variable DOGEFOOD._totalTaxIfSelling (#429) is not in mixedCase
Variable DOGEFOOD._totalDistributionShares (#430) is not in mixedCase
Variable DOGEFOOD._maxTxAmount (#433) is not in mixedCase
Variable DOGEFOOD._walletMax (#434) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#267) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#268)
Prevent variables from having similar names.

Additional information: link

DOGEFOOD.slitherConstructorVariables() (#395-789) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#406)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

Reentrancy in DOGEFOOD._transfer(address,address,uint256) (#663-701):
External calls:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#627)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#627)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#688)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#696)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#781)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#782)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- Transfer(sender,recipient,finalAmount) (#698)
Reentrancy in DOGEFOOD.swapAndLiquify(uint256) (#710-732):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#627)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#728)
- recipient.transfer(amount) (#627)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#627)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#728)
- recipient.transfer(amount) (#627)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- _allowances[owner][spender] = amount (#545)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
Reentrancy in DOGEFOOD.transferFrom(address,address,uint256) (#657-661):
External calls:
- _transfer(sender,recipient,amount) (#658)
- recipient.transfer(amount) (#627)
External calls sending eth:
- _transfer(sender,recipient,amount) (#658)
- recipient.transfer(amount) (#627)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#659)
- _allowances[owner][spender] = amount (#545)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#659)
Apply the check-effects-interactions pattern.

Additional information: link

waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#161-164)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#166-170)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#172-174)
getTime() should be declared external:
- Ownable.getTime() (#176-178)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#180-185)
unlock() should be declared external:
- Ownable.unlock() (#187-192)
name() should be declared external:
- DOGEFOOD.name() (#498-500)
symbol() should be declared external:
- DOGEFOOD.symbol() (#502-504)
decimals() should be declared external:
- DOGEFOOD.decimals() (#506-508)
totalSupply() should be declared external:
- DOGEFOOD.totalSupply() (#510-512)
allowance(address,address) should be declared external:
- DOGEFOOD.allowance(address,address) (#518-520)
increaseAllowance(address,uint256) should be declared external:
- DOGEFOOD.increaseAllowance(address,uint256) (#522-525)
decreaseAllowance(address,uint256) should be declared external:
- DOGEFOOD.decreaseAllowance(address,uint256) (#527-530)
minimumTokensBeforeSwapAmount() should be declared external:
- DOGEFOOD.minimumTokensBeforeSwapAmount() (#532-534)
approve(address,uint256) should be declared external:
- DOGEFOOD.approve(address,uint256) (#536-539)
setMarketPairStatus(address,bool) should be declared external:
- DOGEFOOD.setMarketPairStatus(address,bool) (#549-551)
setIsExcludedFromFee(address,bool) should be declared external:
- DOGEFOOD.setIsExcludedFromFee(address,bool) (#557-559)
setSwapAndLiquifyEnabled(bool) should be declared external:
- DOGEFOOD.setSwapAndLiquifyEnabled(bool) (#613-616)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- DOGEFOOD.setSwapAndLiquifyByLimitOnly(bool) (#618-620)
getCirculatingSupply() should be declared external:
- DOGEFOOD.getCirculatingSupply() (#622-624)
changeRouterVersion(address) should be declared external:
- DOGEFOOD.changeRouterVersion(address) (#630-647)
transfer(address,uint256) should be declared external:
- DOGEFOOD.transfer(address,uint256) (#652-655)
transferFrom(address,address,uint256) should be declared external:
- DOGEFOOD.transferFrom(address,address,uint256) (#657-661)
Use the external attribute for functions never called from the contract.

Additional information: link

DOGEFOOD.setBuyTaxes(uint256,uint256,uint256) (#561-567) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#566)
DOGEFOOD.setSellTaxes(uint256,uint256,uint256) (#569-575) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#574)
DOGEFOOD.setDistributionSettings(uint256,uint256,uint256) (#577-583) should emit an event for:
- _liquidityShare = newLiquidityShare (#578)
- _teamShare = newTeamShare (#580)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#582)
DOGEFOOD.setMaxTxAmount(uint256) (#585-587) should emit an event for:
- _maxTxAmount = maxTxAmount (#586)
DOGEFOOD.setWalletLimit(uint256) (#597-599) should emit an event for:
- _walletMax = newLimit (#598)
DOGEFOOD.setNumTokensBeforeSwap(uint256) (#601-603) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#602)
Emit an event for critical parameter changes.

Additional information: link

Reentrancy in DOGEFOOD.changeRouterVersion(address) (#630-647):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#638-639)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#646)
- isWalletLimitExempt[address(uniswapPair)] = true (#645)
- uniswapPair = newPairAddress (#642)
- uniswapV2Router = _uniswapV2Router (#643)
Reentrancy in DOGEFOOD.constructor() (#468-496):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#472-473)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#476)
- _balances[_msgSender()] = _totalSupply (#494)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#483)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#481)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#482)
- isExcludedFromFee[owner()] = true (#478)
- isExcludedFromFee[address(this)] = true (#479)
- isMarketPair[address(uniswapPair)] = true (#492)
- isTxLimitExempt[owner()] = true (#489)
- isTxLimitExempt[address(this)] = true (#490)
- isWalletLimitExempt[owner()] = true (#485)
- isWalletLimitExempt[address(uniswapPair)] = true (#486)
- isWalletLimitExempt[address(this)] = true (#487)
- uniswapV2Router = _uniswapV2Router (#475)
Reentrancy in DOGEFOOD.swapAndLiquify(uint256) (#710-732):
External calls:
- swapTokensForEth(tokensForSwap) (#715)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#627)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#728)
- recipient.transfer(amount) (#627)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- _allowances[owner][spender] = amount (#545)
Reentrancy in DOGEFOOD.transferFrom(address,address,uint256) (#657-661):
External calls:
- _transfer(sender,recipient,amount) (#658)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- _transfer(sender,recipient,amount) (#658)
- recipient.transfer(amount) (#627)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#659)
- _allowances[owner][spender] = amount (#545)
Apply the check-effects-interactions pattern.

Additional information: link

DOGEFOOD.setMarketingWalletAddress(address).newAddress (#605) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#606)
DOGEFOOD.setTeamWalletAddress(address).newAddress (#609) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#610)
Check that the address is not zero.

Additional information: link

DOGEFOOD.allowance(address,address).owner (#518) shadows:
- Ownable.owner() (#152-154) (function)
DOGEFOOD._approve(address,address,uint256).owner (#541) shadows:
- Ownable.owner() (#152-154) (function)
Rename the local variables that shadow another component.

Additional information: link

Reentrancy in DOGEFOOD._transfer(address,address,uint256) (#663-701):
External calls:
- swapAndLiquify(contractTokenBalance) (#685)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#685)
- recipient.transfer(amount) (#627)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#782)
- finalAmount = takeFee(sender,recipient,amount) (#690-691)
- Transfer(sender,recipient,finalAmount) (#698)
Reentrancy in DOGEFOOD.constructor() (#468-496):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#472-473)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#495)
Reentrancy in DOGEFOOD.swapAndLiquify(uint256) (#710-732):
External calls:
- swapTokensForEth(tokensForSwap) (#715)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#725)
- recipient.transfer(amount) (#627)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#728)
- recipient.transfer(amount) (#627)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#731)
Reentrancy in DOGEFOOD.swapTokensForEth(uint256) (#734-752):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#751)
Reentrancy in DOGEFOOD.transferFrom(address,address,uint256) (#657-661):
External calls:
- _transfer(sender,recipient,amount) (#658)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#743-749)
External calls sending eth:
- _transfer(sender,recipient,amount) (#658)
- recipient.transfer(amount) (#627)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#759-766)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#659)
Apply the check-effects-interactions pattern.

Additional information: link

Average 30d PancakeSwap liquidity is low.

Average 30d number of PancakeSwap swaps is low.

Token is deployed only at one blockchain

Contract has 8% buy tax and 8% sell tax.
Taxes are low and contract ownership is renounced.

BscScan page for the token does not contain additional info: website, socials, description, etc.

Additional information: link

Unable to verify token contract address on the website

Unable to find token on CoinHunt

Additional information: link

Unable to find Telegram link on the website

Unable to find Twitter link on the website

Token is not listed at Mobula.Finance

Additional information: link

Token is marked as scam (rug pull, honeypot, phishing, etc.)

Additional information: link

Young tokens have high risks of price dump / death

Token has relatively low CoinMarketCap rank

Token has relatively low CoinGecko rank

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death