![$Poolz Finance [via ChainPort.io] logo](/media/token/0x77018282fd033daf370337a5367e62d8811bc885/logo/logo_128.png){kind=logo}
About GFT
Listings
Website
Description
Social
Laser Scorebeta Last Audit: 16 May 2022
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Contract ownership is not renounced (belongs to a wallet)
GFTToken._transfer(address,address,uint256).param (#571) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
GFTToken.allowance(address,address).owner (#396) shadows:
- Ownable.owner() (#159-161) (function)
GFTToken._approve(address,address,uint256).owner (#451) shadows:
- Ownable.owner() (#159-161) (function)
GFTToken._updateBal(address).owner (#509) shadows:
- Ownable.owner() (#159-161) (function)
Rename the local variables that shadow another component.
Additional information: link
GFTToken.setTxAmount(uint256,uint256,uint256) (#333-337) should emit an event for:
- addPriceTokenAmount = apta (#334)
- swapAmountLimit = sal (#335)
- holdTokenLimit = htl (#336)
GFTToken.setDeflationPeriod(uint256) (#338-340) should emit an event for:
- deflationPeriod = period (#339)
Emit an event for critical parameter changes.
Additional information: link
Ownable.transferOwnership(address).newOwner (#168) lacks a zero-check on :
- _owner = newOwner (#170)
GFTToken.constructor(address,address,address,address,address)._usdt (#302) lacks a zero-check on :
- usdt = _usdt (#307)
GFTToken.constructor(address,address,address,address,address)._holder (#303) lacks a zero-check on :
- holder = _holder (#308)
GFTToken.constructor(address,address,address,address,address)._fundAddress (#304) lacks a zero-check on :
- fundAddress = _fundAddress (#309)
GFTToken.constructor(address,address,address,address,address)._mkAddress (#305) lacks a zero-check on :
- mkAddress = _mkAddress (#310)
Check that the address is not zero.
Additional information: link
Reentrancy in GFTToken.constructor(address,address,address,address,address) (#300-327):
External calls:
- uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),usdt) (#319-320)
State variables written after the call(s):
- _isExcludedHoldFee[uniswapV2Pair] = true (#323)
- _owner = msg.sender (#325)
- ammPairs[uniswapV2Pair] = true (#322)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in GFTToken.constructor(address,address,address,address,address) (#300-327):
External calls:
- uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),usdt) (#319-320)
Event emitted after the call(s):
- Transfer(address(0),_holder,_tTotal) (#326)
Apply the check-effects-interactions pattern.
Additional information: link
GFTToken._balanceOf(address) (#362-381) uses timestamp for comparisons
Dangerous comparisons:
- bal > 0 && deflationStartTime > 0 (#365)
- end > startTime && end - startTime > deflationPeriod (#373)
- dayNum > 0 (#376)
- lastAddLqTime > deflationStartTime (#369)
- dayNum > 49 (#375)
GFTToken._transfer(address,address,uint256) (#526-580) uses timestamp for comparisons
Dangerous comparisons:
- deflationStartTime > 0 && ammPairs[to] && isAddLiquidity (#557)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#95-100) uses assembly
- INLINE ASM (#98)
Address._functionCallWithValue(address,bytes,uint256,string) (#130-151) uses assembly
- INLINE ASM (#143-146)
GFTToken._isContract(address) (#599-603) uses assembly
- INLINE ASM (#601)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#130-151) is never used and should be removed
Address.functionCall(address,bytes) (#110-112) is never used and should be removed
Address.functionCall(address,bytes,string) (#115-117) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#120-122) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#125-128) is never used and should be removed
Address.isContract(address) (#95-100) is never used and should be removed
Address.sendValue(address,uint256) (#102-108) is never used and should be removed
Context._msgData() (#87-90) is never used and should be removed
GFTToken._isContract(address) (#599-603) is never used and should be removed
SafeMath.div(uint256,uint256) (#59-61) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#64-68) is never used and should be removed
SafeMath.mod(uint256,uint256) (#71-73) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#76-79) is never used and should be removed
SafeMath.mul(uint256,uint256) (#49-56) is never used and should be removed
TransferHelper.safeApprove(address,address,uint256) (#225-229) is never used and should be removed
TransferHelper.safeTransferFrom(address,address,address,uint256) (#237-241) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#102-108):
- (success) = recipient.call{value: amount}() (#106)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#130-151):
- (success,returndata) = target.call{value: weiValue}(data) (#134)
Low level call in TransferHelper.safeApprove(address,address,uint256) (#225-229):
- (success,data) = token.call(abi.encodeWithSelector(0x095ea7b3,to,value)) (#227)
Low level call in TransferHelper.safeTransfer(address,address,uint256) (#231-235):
- (success,data) = token.call(abi.encodeWithSelector(0xa9059cbb,to,value)) (#233)
Low level call in TransferHelper.safeTransferFrom(address,address,address,uint256) (#237-241):
- (success,data) = token.call(abi.encodeWithSelector(0x23b872dd,from,to,value)) (#239)
Low level call in TransferHelper.safeTransferETH(address,uint256) (#243-246):
- (success) = to.call{value: value}(new bytes(0)) (#244)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable Ownable._owner (#155) is not in mixedCase
Function IUniswapV2Router02.WETH() (#183) is not in mixedCase
Variable GFTToken._burnFee (#275) is not in mixedCase
Variable GFTToken._fundFee (#276) is not in mixedCase
Variable GFTToken._mkFee (#277) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#88)" inContext (#82-91)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Variable IUniswapV2Router02.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#210) is too similar to IUniswapV2Router02.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#211)
Prevent variables from having similar names.
Additional information: link
GFTToken.slitherConstructorVariables() (#259-606) uses literals with too many digits:
- _tTotal = 100000000 * 10 ** 9 (#270)
GFTToken.slitherConstructorVariables() (#259-606) uses literals with too many digits:
- burnAmountLimit = 90000000 * 10 ** 9 (#295)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
GFTToken._decimals (#269) should be constant
GFTToken._fundFee (#276) should be constant
GFTToken._mkFee (#277) should be constant
GFTToken._name (#272) should be constant
GFTToken._symbol (#273) should be constant
GFTToken._tTotal (#270) should be constant
GFTToken.burnAmountLimit (#295) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
owner() should be declared external:
- Ownable.owner() (#159-161)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#168-171)
name() should be declared external:
- GFTToken.name() (#346-348)
symbol() should be declared external:
- GFTToken.symbol() (#350-352)
decimals() should be declared external:
- GFTToken.decimals() (#354-356)
totalSupply() should be declared external:
- GFTToken.totalSupply() (#358-360)
transfer(address,uint256) should be declared external:
- GFTToken.transfer(address,uint256) (#390-393)
allowance(address,address) should be declared external:
- GFTToken.allowance(address,address) (#396-398)
approve(address,uint256) should be declared external:
- GFTToken.approve(address,uint256) (#400-403)
transferFrom(address,address,uint256) should be declared external:
- GFTToken.transferFrom(address,address,uint256) (#405-409)
increaseAllowance(address,uint256) should be declared external:
- GFTToken.increaseAllowance(address,uint256) (#411-414)
decreaseAllowance(address,uint256) should be declared external:
- GFTToken.decreaseAllowance(address,uint256) (#416-419)
excludeFromHold(address) should be declared external:
- GFTToken.excludeFromHold(address) (#421-423)
includeInHold(address) should be declared external:
- GFTToken.includeInHold(address) (#425-427)
excludeFromFee(address[]) should be declared external:
- GFTToken.excludeFromFee(address[]) (#429-433)
includeInFee(address) should be declared external:
- GFTToken.includeInFee(address) (#435-437)
isExcludedFromFee(address) should be declared external:
- GFTToken.isExcludedFromFee(address) (#439-441)
Use the external attribute for functions never called from the contract.
Additional information: link
Contract has 10% buy tax and 0% sell tax.
Taxes are low but contract ownership is not renounced. Token has a high risk of becoming a honeypot.
Token is deployed only at one blockchain
Token has only one trading pair
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Price for GFT
LASER DESK beta
Unable to find Telegram and Twitter accounts