Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Reentrancy in FloKing._transfer(address,address,uint256) (#1113-1230):
External calls:
- swapBack() (#1183)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1242-1248)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
External calls sending eth:
- swapBack() (#1183)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
State variables written after the call(s):
- swapping = false (#1185)
Reentrancy in FloKing._transfer(address,address,uint256) (#1113-1230):
External calls:
- swapBack() (#1183)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1242-1248)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
- autoBurnLiquidityPairTokens() (#1189)
- pair.sync() (#1335)
External calls sending eth:
- swapBack() (#1183)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
State variables written after the call(s):
- autoBurnLiquidityPairTokens() (#1189)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#362)
- _balances[recipient] = _balances[recipient].add(amount) (#363)
- super._transfer(from,address(this),fees) (#1223)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#362)
- _balances[recipient] = _balances[recipient].add(amount) (#363)
- super._transfer(from,to,amount) (#1229)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#362)
- _balances[recipient] = _balances[recipient].add(amount) (#363)
- tokensForDev += fees * sellDevFee / sellTotalFees (#1207)
- tokensForDev += fees * buyDevFee / buyTotalFees (#1214)
- tokensForLiquidity += fees * sellLiquidityFee / sellTotalFees (#1206)
- tokensForLiquidity += fees * buyLiquidityFee / buyTotalFees (#1213)
- tokensForMarketing += fees * sellMarketingFee / sellTotalFees (#1208)
- tokensForMarketing += fees * buyMarketingFee / buyTotalFees (#1215)
Apply the check-effects-interactions pattern.
Additional information: link
FloKing.removeToken(address,address) (#1054-1057) ignores return value by IERC20(_token).transfer(_reciever,_balance) (#1056)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
FloKing.swapBack() (#1267-1308) uses a dangerous strict equality:
- contractBalance == 0 || totalTokensToSwap == 0 (#1272)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
FloKing.setAutoLPBurnSettings(uint256,uint256,bool) (#1310-1316) contains a tautology or contradiction:
- require(bool,string)(_percent <= 9000 && _percent >= 0,Must set auto LP burn percent between 0% and 10%) (#1312)
Fix the incorrect comparison by changing the value type or the comparison.
Additional information: link
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
FloKing._transfer(address,address,uint256) (#1113-1230) performs a multiplication on the result of a division:
-fees = amount.mul(sellTotalFees).div(100) (#1205)
-tokensForLiquidity += fees * buyLiquidityFee / buyTotalFees (#1213)
FloKing._transfer(address,address,uint256) (#1113-1230) performs a multiplication on the result of a division:
-fees = amount.mul(sellTotalFees).div(100) (#1205)
-tokensForLiquidity += fees * sellLiquidityFee / sellTotalFees (#1206)
FloKing._transfer(address,address,uint256) (#1113-1230) performs a multiplication on the result of a division:
-fees = amount.mul(sellTotalFees).div(100) (#1205)
-tokensForDev += fees * buyDevFee / buyTotalFees (#1214)
FloKing._transfer(address,address,uint256) (#1113-1230) performs a multiplication on the result of a division:
-fees = amount.mul(sellTotalFees).div(100) (#1205)
-tokensForDev += fees * sellDevFee / sellTotalFees (#1207)
FloKing._transfer(address,address,uint256) (#1113-1230) performs a multiplication on the result of a division:
-fees = amount.mul(sellTotalFees).div(100) (#1205)
-tokensForMarketing += fees * buyMarketingFee / buyTotalFees (#1215)
FloKing._transfer(address,address,uint256) (#1113-1230) performs a multiplication on the result of a division:
-fees = amount.mul(sellTotalFees).div(100) (#1205)
-tokensForMarketing += fees * sellMarketingFee / sellTotalFees (#1208)
Consider ordering multiplication before division.
Additional information: link
Reentrancy in FloKing.swapBack() (#1267-1308):
External calls:
- swapTokensForEth(amountToSwapForETH) (#1284)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1242-1248)
State variables written after the call(s):
- tokensForDev = 0 (#1297)
- tokensForLiquidity = 0 (#1295)
- tokensForMarketing = 0 (#1296)
Apply the check-effects-interactions pattern.
Additional information: link
FloKing._transfer(address,address,uint256) (#1113-1230) uses tx.origin for authorization: require(bool,string)(_holderLastTransferTimestamp[tx.origin] < block.number,_transfer:: Transfer Delay enabled. Only one purchase per block allowed.) (#1144)
Do not use tx.origin for authorization.
Additional information: link
FloKing.addLiquidity(uint256,uint256) (#1252-1265) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
Ensure that all the return values of the function calls are used.
Additional information: link
FloKing.constructor().totalSupply (#948) shadows:
- ERC20.totalSupply() (#236-238) (function)
- IERC20.totalSupply() (#87) (function)
Rename the local variables that shadow another component.
Additional information: link
FloKing.updateSwapTokensAtAmount(uint256) (#1028-1033) should emit an event for:
- swapTokensAtAmount = newAmount (#1031)
FloKing.updateMaxTxnAmount(uint256) (#1035-1038) should emit an event for:
- maxTransactionAmount = newNum * (10 ** 18) (#1037)
FloKing.updateMaxWalletAmount(uint256) (#1040-1043) should emit an event for:
- maxWallet = newNum * (10 ** 18) (#1042)
FloKing.updateBuyFees(uint256,uint256,uint256) (#1063-1069) should emit an event for:
- buyMarketingFee = _marketingFee (#1064)
- buyLiquidityFee = _liquidityFee (#1065)
- buyDevFee = _devFee (#1066)
- buyTotalFees = buyMarketingFee + buyLiquidityFee + buyDevFee (#1067)
FloKing.updateSellFees(uint256,uint256,uint256) (#1071-1077) should emit an event for:
- sellMarketingFee = _marketingFee (#1072)
- sellLiquidityFee = _liquidityFee (#1073)
- sellDevFee = _devFee (#1074)
- sellTotalFees = sellMarketingFee + sellLiquidityFee + sellDevFee (#1075)
FloKing.setAutoLPBurnSettings(uint256,uint256,bool) (#1310-1316) should emit an event for:
- lpBurnFrequency = _frequencyInSeconds (#1313)
- percentForLPBurn = _percent (#1314)
Emit an event for critical parameter changes.
Additional information: link
FloKing.updateLPLocation(address)._address (#994) lacks a zero-check on :
- lpLocation = _address (#995)
FloKing.updateMarketingWallet(address).newMarketingWallet (#1096) lacks a zero-check on :
- marketingWallet = newMarketingWallet (#1098)
FloKing.updateDevWallet(address).newWallet (#1101) lacks a zero-check on :
- devWallet = newWallet (#1103)
Check that the address is not zero.
Additional information: link
Reentrancy in FloKing.constructor() (#925-981):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#936)
State variables written after the call(s):
- _mint(msg.sender,totalSupply) (#980)
- _balances[account] = _balances[account].add(amount) (#382)
- excludeFromFees(owner(),true) (#968)
- _isExcludedFromFees[account] = excluded (#1080)
- excludeFromFees(address(this),true) (#969)
- _isExcludedFromFees[account] = excluded (#1080)
- excludeFromFees(address(0xdead),true) (#970)
- _isExcludedFromFees[account] = excluded (#1080)
- excludeFromMaxTransaction(address(uniswapV2Pair),true) (#937)
- _isExcludedMaxTransactionAmount[updAds] = isEx (#1046)
- excludeFromMaxTransaction(owner(),true) (#972)
- _isExcludedMaxTransactionAmount[updAds] = isEx (#1046)
- excludeFromMaxTransaction(address(this),true) (#973)
- _isExcludedMaxTransactionAmount[updAds] = isEx (#1046)
- excludeFromMaxTransaction(address(0xdead),true) (#974)
- _isExcludedMaxTransactionAmount[updAds] = isEx (#1046)
- _mint(msg.sender,totalSupply) (#980)
- _totalSupply = _totalSupply.add(amount) (#381)
- _setAutomatedMarketMakerPair(address(uniswapV2Pair),true) (#938)
- automatedMarketMakerPairs[pair] = value (#1091)
- buyDevFee = _buyDevFee (#956)
- buyLiquidityFee = _buyLiquidityFee (#955)
- buyMarketingFee = _buyMarketingFee (#954)
- buyTotalFees = buyMarketingFee + buyLiquidityFee + buyDevFee (#957)
- devWallet = address(owner()) (#965)
- lpLocation = address(this) (#966)
- marketingWallet = address(owner()) (#964)
- maxTransactionAmount = totalSupply * 10 / 1000 (#950)
- maxWallet = totalSupply * 20 / 1000 (#951)
- sellDevFee = _sellDevFee (#961)
- sellLiquidityFee = _sellLiquidityFee (#960)
- sellMarketingFee = _sellMarketingFee (#959)
- sellTotalFees = sellMarketingFee + sellLiquidityFee + sellDevFee (#962)
- swapTokensAtAmount = totalSupply * 5 / 10000 (#952)
Reentrancy in FloKing.swapBack() (#1267-1308):
External calls:
- swapTokensForEth(amountToSwapForETH) (#1284)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1242-1248)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- addLiquidity(liquidityTokens,ethForLiquidity) (#1302)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
External calls sending eth:
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- addLiquidity(liquidityTokens,ethForLiquidity) (#1302)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
State variables written after the call(s):
- addLiquidity(liquidityTokens,ethForLiquidity) (#1302)
- _allowances[owner][spender] = amount (#428)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in FloKing._transfer(address,address,uint256) (#1113-1230):
External calls:
- swapBack() (#1183)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1242-1248)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
- autoBurnLiquidityPairTokens() (#1189)
- pair.sync() (#1335)
External calls sending eth:
- swapBack() (#1183)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
Event emitted after the call(s):
- AutoNukeLP() (#1336)
- autoBurnLiquidityPairTokens() (#1189)
- Transfer(sender,recipient,amount) (#364)
- super._transfer(from,to,amount) (#1229)
- Transfer(sender,recipient,amount) (#364)
- autoBurnLiquidityPairTokens() (#1189)
- Transfer(sender,recipient,amount) (#364)
- super._transfer(from,address(this),fees) (#1223)
Reentrancy in FloKing.autoBurnLiquidityPairTokens() (#1318-1338):
External calls:
- pair.sync() (#1335)
Event emitted after the call(s):
- AutoNukeLP() (#1336)
Reentrancy in FloKing.constructor() (#925-981):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#936)
Event emitted after the call(s):
- ExcludeFromFees(account,excluded) (#1081)
- excludeFromFees(owner(),true) (#968)
- ExcludeFromFees(account,excluded) (#1081)
- excludeFromFees(address(0xdead),true) (#970)
- ExcludeFromFees(account,excluded) (#1081)
- excludeFromFees(address(this),true) (#969)
- SetAutomatedMarketMakerPair(pair,value) (#1093)
- _setAutomatedMarketMakerPair(address(uniswapV2Pair),true) (#938)
- Transfer(address(0),account,amount) (#383)
- _mint(msg.sender,totalSupply) (#980)
Reentrancy in FloKing.manualBurnLiquidityPairTokens(uint256) (#1340-1361):
External calls:
- pair.sync() (#1358)
Event emitted after the call(s):
- ManualNukeLP() (#1359)
Reentrancy in FloKing.swapBack() (#1267-1308):
External calls:
- swapTokensForEth(amountToSwapForETH) (#1284)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1242-1248)
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- addLiquidity(liquidityTokens,ethForLiquidity) (#1302)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
External calls sending eth:
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- addLiquidity(liquidityTokens,ethForLiquidity) (#1302)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(lpLocation),block.timestamp) (#1257-1264)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#429)
- addLiquidity(liquidityTokens,ethForLiquidity) (#1302)
- SwapAndLiquify(amountToSwapForETH,ethForLiquidity,tokensForLiquidity) (#1303)
Apply the check-effects-interactions pattern.
Additional information: link
FloKing._transfer(address,address,uint256) (#1113-1230) uses timestamp for comparisons
Dangerous comparisons:
- ! swapping && automatedMarketMakerPairs[to] && lpBurnEnabled && block.timestamp >= lastLpBurnTime + lpBurnFrequency && ! _isExcludedFromFees[from] (#1188)
FloKing.manualBurnLiquidityPairTokens(uint256) (#1340-1361) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > lastManualLpBurnTime + manualBurnFrequency,Must wait for cooldown to finish) (#1341)
Avoid relying on block.timestamp.
Additional information: link
Context._msgData() (#10-13) is never used and should be removed
ERC20._burn(address,uint256) (#397-405) is never used and should be removed
SafeMath.mod(uint256,uint256) (#574-576) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#590-593) is never used and should be removed
SafeMathInt.abs(int256) (#697-700) is never used and should be removed
SafeMathInt.add(int256,int256) (#688-692) is never used and should be removed
SafeMathInt.div(int256,int256) (#668-674) is never used and should be removed
SafeMathInt.mul(int256,int256) (#656-663) is never used and should be removed
SafeMathInt.sub(int256,int256) (#679-683) is never used and should be removed
SafeMathInt.toUint256Safe(int256) (#702-705) is never used and should be removed
SafeMathUint.toInt256Safe(uint256) (#709-713) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version0.8.9 (#3) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.9 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in FloKing.swapBack() (#1267-1308):
- (success,None) = address(devWallet).call{value: ethForDev}() (#1299)
- (success,None) = address(marketingWallet).call{value: address(this).balance}() (#1307)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#31) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#32) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#49) is not in mixedCase
Function IUniswapV2Router01.WETH() (#718) is not in mixedCase
Event FloKingmarketingWalletUpdated(address,address) (#911) is not in CapWords
Event FloKingdevWalletUpdated(address,address) (#913) is not in CapWords
Parameter FloKing.updateLPLocation(address)._address (#994) is not in mixedCase
Parameter FloKing.changeSniper(address,bool)._address (#1005) is not in mixedCase
Parameter FloKing.changeSniper(address,bool)._status (#1005) is not in mixedCase
Parameter FloKing.addBulkSniper(address[])._list (#1009) is not in mixedCase
Parameter FloKing.removeToken(address,address)._token (#1054) is not in mixedCase
Parameter FloKing.removeToken(address,address)._reciever (#1054) is not in mixedCase
Parameter FloKing.updateBuyFees(uint256,uint256,uint256)._marketingFee (#1063) is not in mixedCase
Parameter FloKing.updateBuyFees(uint256,uint256,uint256)._liquidityFee (#1063) is not in mixedCase
Parameter FloKing.updateBuyFees(uint256,uint256,uint256)._devFee (#1063) is not in mixedCase
Parameter FloKing.updateSellFees(uint256,uint256,uint256)._marketingFee (#1071) is not in mixedCase
Parameter FloKing.updateSellFees(uint256,uint256,uint256)._liquidityFee (#1071) is not in mixedCase
Parameter FloKing.updateSellFees(uint256,uint256,uint256)._devFee (#1071) is not in mixedCase
Parameter FloKing.setAutoLPBurnSettings(uint256,uint256,bool)._frequencyInSeconds (#1310) is not in mixedCase
Parameter FloKing.setAutoLPBurnSettings(uint256,uint256,bool)._percent (#1310) is not in mixedCase
Parameter FloKing.setAutoLPBurnSettings(uint256,uint256,bool)._Enabled (#1310) is not in mixedCase
Constant FloKing.deadAddress (#856) is not in UPPER_CASE_WITH_UNDERSCORES
Variable FloKing._isExcludedMaxTransactionAmount (#899) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#11)" inContext (#5-14)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#723) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#724)
Prevent variables from having similar names.
Additional information: link
FloKing.constructor() (#925-981) uses literals with too many digits:
- totalSupply = 10000000 * 1e8 * 1e18 (#948)
FloKing.updateSwapTokensAtAmount(uint256) (#1028-1033) uses literals with too many digits:
- require(bool,string)(newAmount >= totalSupply() * 1 / 100000,Swap amount cannot be lower than 0.001% total supply.) (#1029)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SafeMathInt.MAX_INT256 (#651) is never used in SafeMathInt (#649-706)
Remove unused state variables.
Additional information: link
FloKing.manualBurnFrequency (#868) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
name() should be declared external:
- ERC20.name() (#204-206)
symbol() should be declared external:
- ERC20.symbol() (#212-214)
decimals() should be declared external:
- ERC20.decimals() (#229-231)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#255-258)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#263-265)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#274-277)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#292-300)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#314-317)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#333-336)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#632-635)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#641-645)
updateLPLocation(address) should be declared external:
- FloKing.updateLPLocation(address) (#994-996)
gotcha() should be declared external:
- FloKing.gotcha() (#998-1003)
changeSniper(address,bool) should be declared external:
- FloKing.changeSniper(address,bool) (#1005-1007)
addBulkSniper(address[]) should be declared external:
- FloKing.addBulkSniper(address[]) (#1009-1013)
removeToken(address,address) should be declared external:
- FloKing.removeToken(address,address) (#1054-1057)
updateTradingEnabled(bool) should be declared external:
- FloKing.updateTradingEnabled(bool) (#1059-1061)
setAutomatedMarketMakerPair(address,bool) should be declared external:
- FloKing.setAutomatedMarketMakerPair(address,bool) (#1084-1088)
isExcludedFromFees(address) should be declared external:
- FloKing.isExcludedFromFees(address) (#1107-1109)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts