Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Reentrancy in FistKing._transfer(address,address,uint256) (#1126-1187):
External calls:
- swapAndLiquifyV1() (#1145)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1206-1212)
- swapAndLiquifyV3() (#1146)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1234-1240)
External calls sending eth:
- swapAndLiquifyV1() (#1145)
- _receive.transfer(balance) (#1194)
State variables written after the call(s):
- swapping = false (#1148)
Reentrancy in FistKing._transfer(address,address,uint256) (#1126-1187):
External calls:
- swapAndLiquifyV1() (#1145)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1206-1212)
- swapAndLiquifyV3() (#1146)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1234-1240)
- _splitOtherToken() (#1152)
- doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1284)
- doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1294)
External calls sending eth:
- swapAndLiquifyV1() (#1145)
- _receive.transfer(balance) (#1194)
State variables written after the call(s):
- super._transfer(from,address(this),amount.div(100).mul(7)) (#1168)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- super._transfer(from,_destroyAddress,amount.div(100).mul(3)) (#1169)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- _takeInviterFee(from,to,amount) (#1172)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- super._transfer(from,address(this),amount.div(200).mul(9)) (#1173)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- super._transfer(from,to,amount) (#1179)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- buyAmount = buyAmount.add(amount.div(200).mul(9)) (#1174)
- buyUser.push(to) (#1183)
- sellAmount = sellAmount.add(amount.div(100).mul(7)) (#1170)
Reentrancy in FistKing.swapAndLiquifyV1() (#1189-1197):
External calls:
- swapTokensForETH(canSellAmount) (#1192)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1206-1212)
External calls sending eth:
- _receive.transfer(balance) (#1194)
State variables written after the call(s):
- sellBnbAmount = sellBnbAmount.add(canSellAmount) (#1195)
Apply the check-effects-interactions pattern.
Additional information: link
FistKing._splitOtherToken() (#1255-1301) ignores return value by doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1284)
FistKing._splitOtherToken() (#1255-1301) ignores return value by doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1294)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
FistKing.startTime (#1037) is never initialized. It is used in:
- FistKing.isIn3minter() (#1122-1124)
FistKing.buyChangeFistAmount (#1041) is never initialized. It is used in:
- FistKing.swapAndLiquifyV3() (#1215-1221)
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
FistKing._transfer(address,address,uint256) (#1126-1187) performs a multiplication on the result of a division:
-super._transfer(from,address(this),amount.div(100).mul(7)) (#1168)
FistKing._transfer(address,address,uint256) (#1126-1187) performs a multiplication on the result of a division:
-super._transfer(from,_destroyAddress,amount.div(100).mul(3)) (#1169)
FistKing._transfer(address,address,uint256) (#1126-1187) performs a multiplication on the result of a division:
-super._transfer(from,address(this),amount.div(200).mul(9)) (#1173)
FistKing._transfer(address,address,uint256) (#1126-1187) performs a multiplication on the result of a division:
-buyAmount = buyAmount.add(amount.div(200).mul(9)) (#1174)
FistKing._transfer(address,address,uint256) (#1126-1187) performs a multiplication on the result of a division:
-sellAmount = sellAmount.add(amount.div(100).mul(7)) (#1170)
FistKing._transfer(address,address,uint256) (#1126-1187) performs a multiplication on the result of a division:
-amount = amount.div(10).mul(9) (#1177)
FistKing._splitOtherToken() (#1255-1301) performs a multiplication on the result of a division:
-thisAmount = thisAmount.mul(4).div(5) (#1258)
-doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1284)
-rate = balanceOf(user).mul(10000).div(totalAmount) (#1292)
FistKing._splitOtherToken() (#1255-1301) performs a multiplication on the result of a division:
-thisAmount = thisAmount.mul(4).div(5) (#1258)
-rate = balanceOf(user).mul(10000).div(totalAmount) (#1292)
-doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1294)
FistKing._takeInviterFee(address,address,uint256) (#1304-1331) performs a multiplication on the result of a division:
-super._transfer(sender,reciver,tAmount.div(1000).mul(rate)) (#1329)
Consider ordering multiplication before division.
Additional information: link
FistKing._splitOtherToken().startIndex (#1262) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
ERC20.allowance(address,address).owner (#414) shadows:
- Ownable.owner() (#277-279) (function)
ERC20._approve(address,address,uint256).owner (#625) shadows:
- Ownable.owner() (#277-279) (function)
Rename the local variables that shadow another component.
Additional information: link
FistKing.setSwapTokensAtAmount(uint256) (#1106-1108) should emit an event for:
- swapTokensAtAmount = _swapTokensAtAmount (#1107)
Emit an event for critical parameter changes.
Additional information: link
Ownable.constructor().msgSender (#269) lacks a zero-check on :
- _owner = msgSender (#270)
FistKing.constructor(address,address).tokenOwner (#1064) lacks a zero-check on :
- _tokenOwner = tokenOwner (#1074)
FistKing.constructor(address,address).fundAddress (#1064) lacks a zero-check on :
- _fundAddress = fundAddress (#1075)
Check that the address is not zero.
Additional information: link
FistKing._splitOtherToken() (#1255-1301) has external calls inside a loop: doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1284)
FistKing._splitOtherToken() (#1255-1301) has external calls inside a loop: doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1294)
Favor pull over push strategy for external calls.
Additional information: link
Reentrancy in FistKing._transfer(address,address,uint256) (#1126-1187):
External calls:
- swapAndLiquifyV1() (#1145)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1206-1212)
- swapAndLiquifyV3() (#1146)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1234-1240)
- _splitOtherToken() (#1152)
- doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1284)
- doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1294)
External calls sending eth:
- swapAndLiquifyV1() (#1145)
- _receive.transfer(balance) (#1194)
State variables written after the call(s):
- havePush[to] = true (#1182)
- inviter[to] = from (#1186)
Reentrancy in FistKing.constructor(address,address) (#1064-1084):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1069-1070)
State variables written after the call(s):
- _approve(address(this),address(0x10ED43C718714eb63d5aA57B78B54704E256024E),10 ** 35) (#1071)
- _allowances[owner][spender] = amount (#632)
- _mint(tokenOwner,total) (#1083)
- _balances[account] = _balances[account].add(amount) (#581)
- _fundAddress = fundAddress (#1075)
- excludeFromFees(tokenOwner,true) (#1078)
- _isExcludedFromFees[account] = excluded (#1094)
- excludeFromFees(address(this),true) (#1079)
- _isExcludedFromFees[account] = excluded (#1094)
- _tokenOwner = tokenOwner (#1074)
- _mint(tokenOwner,total) (#1083)
- _totalSupply = _totalSupply.add(amount) (#580)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#1076)
- automatedMarketMakerPairs[pair] = value (#1115)
- doge = IERC20(0xC9882dEF23bc42D53895b8361D0b1EDC7570Bc6A) (#1080)
- swapTokensAtAmount = total.div(10000) (#1082)
- uniswapV2Pair = _uniswapV2Pair (#1073)
- uniswapV2Router = _uniswapV2Router (#1072)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in FistKing._transfer(address,address,uint256) (#1126-1187):
External calls:
- swapAndLiquifyV1() (#1145)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1206-1212)
- swapAndLiquifyV3() (#1146)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1234-1240)
- _splitOtherToken() (#1152)
- doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1284)
- doge.transfer(user,thisAmount.mul(rate).div(10000)) (#1294)
External calls sending eth:
- swapAndLiquifyV1() (#1145)
- _receive.transfer(balance) (#1194)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,_destroyAddress,amount.div(100).mul(3)) (#1169)
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,address(this),amount.div(100).mul(7)) (#1168)
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,address(this),amount.div(200).mul(9)) (#1173)
- Transfer(sender,recipient,amount) (#563)
- _takeInviterFee(from,to,amount) (#1172)
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,to,amount) (#1179)
Reentrancy in FistKing.constructor(address,address) (#1064-1084):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1069-1070)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#633)
- _approve(address(this),address(0x10ED43C718714eb63d5aA57B78B54704E256024E),10 ** 35) (#1071)
- ExcludeFromFees(account,excluded) (#1095)
- excludeFromFees(address(this),true) (#1079)
- ExcludeFromFees(account,excluded) (#1095)
- excludeFromFees(tokenOwner,true) (#1078)
- Transfer(address(0),account,amount) (#582)
- _mint(tokenOwner,total) (#1083)
Apply the check-effects-interactions pattern.
Additional information: link
FistKing.isIn3minter() (#1122-1124) uses timestamp for comparisons
Dangerous comparisons:
- startTime.add(180) > block.timestamp (#1123)
Avoid relying on block.timestamp.
Additional information: link
Context._msgData() (#9-13) is never used and should be removed
ERC20._burn(address,uint256) (#596-607) is never used and should be removed
Remove unused functions.
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#49) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#51) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#82) is not in mixedCase
Function IUniswapV2Router01.WETH() (#816) is not in mixedCase
Parameter FistKing.setSwapTokensAtAmount(uint256)._swapTokensAtAmount (#1106) is not in mixedCase
Parameter FistKing.setSwapAndLiquifyEnabled(bool)._enabled (#1110) is not in mixedCase
Function FistKing._splitOtherToken() (#1255-1301) is not in mixedCase
Variable FistKing._tokenOwner (#1024) is not in mixedCase
Variable FistKing._fundAddress (#1025) is not in mixedCase
Variable FistKing._receive (#1029) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#10)" inContext (#4-14)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in FistKing._transfer(address,address,uint256) (#1126-1187):
External calls:
- swapAndLiquifyV1() (#1145)
- _receive.transfer(balance) (#1194)
State variables written after the call(s):
- super._transfer(from,address(this),amount.div(100).mul(7)) (#1168)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- super._transfer(from,_destroyAddress,amount.div(100).mul(3)) (#1169)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- _takeInviterFee(from,to,amount) (#1172)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- super._transfer(from,address(this),amount.div(200).mul(9)) (#1173)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- super._transfer(from,to,amount) (#1179)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#558-561)
- _balances[recipient] = _balances[recipient].add(amount) (#562)
- buyAmount = buyAmount.add(amount.div(200).mul(9)) (#1174)
- buyUser.push(to) (#1183)
- havePush[to] = true (#1182)
- inviter[to] = from (#1186)
- sellAmount = sellAmount.add(amount.div(100).mul(7)) (#1170)
- swapping = false (#1148)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,address(this),amount.div(200).mul(9)) (#1173)
- Transfer(sender,recipient,amount) (#563)
- _takeInviterFee(from,to,amount) (#1172)
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,to,amount) (#1179)
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,_destroyAddress,amount.div(100).mul(3)) (#1169)
- Transfer(sender,recipient,amount) (#563)
- super._transfer(from,address(this),amount.div(100).mul(7)) (#1168)
Reentrancy in FistKing.swapAndLiquifyV1() (#1189-1197):
External calls:
- _receive.transfer(balance) (#1194)
State variables written after the call(s):
- sellBnbAmount = sellBnbAmount.add(canSellAmount) (#1195)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#821) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#822)
Prevent variables from having similar names.
Additional information: link
FistKing.slitherConstructorVariables() (#1019-1338) uses literals with too many digits:
- _destroyAddress = address(0x000000000000000000000000000000000000dEaD) (#1030)
FistKing.slitherConstructorVariables() (#1019-1338) uses literals with too many digits:
- initInviter = address(0x000000000000000000000000000000000000dEaD) (#1034)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
FistKing._destroyAddress (#1030) should be constant
FistKing._receive (#1029) should be constant
FistKing.buyChangeFistAmount (#1041) should be constant
FistKing.initInviter (#1034) should be constant
FistKing.minBuyAmount (#1038) should be constant
FistKing.startTime (#1037) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
owner() should be declared external:
- Ownable.owner() (#277-279)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#296-299)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#305-312)
name() should be declared external:
- ERC20.name() (#344-346)
symbol() should be declared external:
- ERC20.symbol() (#352-354)
decimals() should be declared external:
- ERC20.decimals() (#369-371)
totalSupply() should be declared external:
- ERC20.totalSupply() (#376-378)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#401-409)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#414-422)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#431-439)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#454-469)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#483-494)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#510-524)
updateUniswapV2Router(address) should be declared external:
- FistKing.updateUniswapV2Router(address) (#1088-1091)
excludeMultipleAccountsFromFees(address[],bool) should be declared external:
- FistKing.excludeMultipleAccountsFromFees(address[],bool) (#1098-1104)
setSwapTokensAtAmount(uint256) should be declared external:
- FistKing.setSwapTokensAtAmount(uint256) (#1106-1108)
setSwapAndLiquifyEnabled(bool) should be declared external:
- FistKing.setSwapAndLiquifyEnabled(bool) (#1110-1112)
isExcludedFromFees(address) should be declared external:
- FistKing.isExcludedFromFees(address) (#1118-1120)
isIn3minter() should be declared external:
- FistKing.isIn3minter() (#1122-1124)
swapAndLiquifyV4() should be declared external:
- FistKing.swapAndLiquifyV4() (#1223-1225)
rescueToken(address,uint256) should be declared external:
- FistKing.rescueToken(address,uint256) (#1245-1251)
getBuysize() should be declared external:
- FistKing.getBuysize() (#1333-1335)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts