Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
TokenTool.addLiquidity(uint256,uint256) (#820-833) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in TokenTool._transfer(address,address,uint256) (#729-767):
External calls:
- swapAndLiquify(contractTokenBalance) (#751)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#751)
- recipient.transfer(amount) (#693)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#754)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#762)
- finalAmount = takeFee(sender,recipient,amount) (#756-757)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#847)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
TokenTool.addLiquidity(uint256,uint256) (#820-833) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
Ensure that all the return values of the function calls are used.
Additional information: link
TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address).owner (#521) shadows:
- Ownable.owner() (#154-156) (function)
TokenTool.allowance(address,address).owner (#584) shadows:
- Ownable.owner() (#154-156) (function)
TokenTool._approve(address,address,uint256).owner (#607) shadows:
- Ownable.owner() (#154-156) (function)
Rename the local variables that shadow another component.
Additional information: link
TokenTool.setBuyTaxes(uint256,uint256,uint256) (#627-633) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#632)
TokenTool.setSelTaxes(uint256,uint256,uint256) (#635-641) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#640)
TokenTool.setDistributionSettings(uint256,uint256,uint256) (#643-649) should emit an event for:
- _liquidityShare = newLiquidityShare (#644)
- _teamShare = newTeamShare (#646)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#648)
TokenTool.setMaxTxAmount(uint256) (#651-653) should emit an event for:
- _maxTxAmount = maxTxAmount (#652)
TokenTool.setWalletLimit(uint256) (#663-665) should emit an event for:
- _walletMax = newLimit (#664)
TokenTool.setNumTokensBeforeSwap(uint256) (#667-669) should emit an event for:
- _minimumTokensBeforeSwap = newLimit (#668)
Emit an event for critical parameter changes.
Additional information: link
TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address).owner (#521) lacks a zero-check on :
- _owner = owner (#535)
TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address).marketingAddress (#522) lacks a zero-check on :
- marketingWalletAddress = address(marketingAddress) (#540)
TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address).teamAddress (#523) lacks a zero-check on :
- teamWalletAddress = address(teamAddress) (#541)
TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address).service (#524) lacks a zero-check on :
- address(service).transfer(msg.value) (#560)
TokenTool.setMarketingWalletAddress(address).newAddress (#671) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#672)
TokenTool.setTeamWalletAddress(address).newAddress (#675) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#676)
Check that the address is not zero.
Additional information: link
Reentrancy in TokenTool.changeRouterVersion(address) (#696-713):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#704-705)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#712)
- isWalletLimitExempt[address(uniswapPair)] = true (#711)
- uniswapPair = newPairAddress (#708)
- uniswapV2Router = _uniswapV2Router (#709)
Reentrancy in TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address) (#515-562):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#529-530)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#546)
- _balances[owner] = _totalSupply (#559)
- _decimals = coinDecimals (#534)
- _maxTxAmount = supply * 10 ** _decimals (#537)
- _minimumTokensBeforeSwap = 1 * 10 ** _decimals (#539)
- _name = coinName (#532)
- _owner = owner (#535)
- _symbol = coinSymbol (#533)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#544)
- _totalSupply = supply * 10 ** _decimals (#536)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#542)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#543)
- _walletMax = supply * 10 ** _decimals (#538)
- isExcludedFromFee[owner] = true (#547)
- isExcludedFromFee[address(this)] = true (#548)
- isMarketPair[address(uniswapPair)] = true (#557)
- isTxLimitExempt[owner] = true (#554)
- isTxLimitExempt[address(this)] = true (#555)
- isWalletLimitExempt[owner] = true (#550)
- isWalletLimitExempt[address(uniswapPair)] = true (#551)
- isWalletLimitExempt[address(this)] = true (#552)
- marketingWalletAddress = address(marketingAddress) (#540)
- teamWalletAddress = address(teamAddress) (#541)
- uniswapV2Router = _uniswapV2Router (#545)
Reentrancy in TokenTool.swapAndLiquify(uint256) (#776-798):
External calls:
- swapTokensForEth(tokensForSwap) (#781)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#791)
- recipient.transfer(amount) (#693)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#794)
- recipient.transfer(amount) (#693)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- _allowances[owner][spender] = amount (#611)
Reentrancy in TokenTool.transferFrom(address,address,uint256) (#723-727):
External calls:
- _transfer(sender,recipient,amount) (#724)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
External calls sending eth:
- _transfer(sender,recipient,amount) (#724)
- recipient.transfer(amount) (#693)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#725)
- _allowances[owner][spender] = amount (#611)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in TokenTool._transfer(address,address,uint256) (#729-767):
External calls:
- swapAndLiquify(contractTokenBalance) (#751)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#751)
- recipient.transfer(amount) (#693)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#848)
- finalAmount = takeFee(sender,recipient,amount) (#756-757)
- Transfer(sender,recipient,finalAmount) (#764)
Reentrancy in TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address) (#515-562):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#529-530)
External calls sending eth:
- address(service).transfer(msg.value) (#560)
Event emitted after the call(s):
- Transfer(address(0),owner,_totalSupply) (#561)
Reentrancy in TokenTool.swapAndLiquify(uint256) (#776-798):
External calls:
- swapTokensForEth(tokensForSwap) (#781)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#791)
- recipient.transfer(amount) (#693)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#794)
- recipient.transfer(amount) (#693)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#612)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
Reentrancy in TokenTool.swapTokensForEth(uint256) (#800-818):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#817)
Reentrancy in TokenTool.transferFrom(address,address,uint256) (#723-727):
External calls:
- _transfer(sender,recipient,amount) (#724)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#809-815)
External calls sending eth:
- _transfer(sender,recipient,amount) (#724)
- recipient.transfer(amount) (#693)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#612)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#725)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#190-195) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#192)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#90-99) uses assembly
- INLINE ASM (#97)
Address._functionCallWithValue(address,bytes,uint256,string) (#126-143) uses assembly
- INLINE ASM (#135-138)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#126-143) is never used and should be removed
Address.functionCall(address,bytes) (#109-111) is never used and should be removed
Address.functionCall(address,bytes,string) (#113-115) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#117-119) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#121-124) is never used and should be removed
Address.isContract(address) (#90-99) is never used and should be removed
Address.sendValue(address,uint256) (#101-107) is never used and should be removed
Context._msgData() (#10-14) is never used and should be removed
SafeMath.mod(uint256,uint256) (#78-80) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#82-85) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#101-107):
- (success) = recipient.call{value: amount}() (#105)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#126-143):
- (success,returndata) = target.call{value: weiValue}(data) (#129)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable Ownable._owner (#147) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#240) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#242) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#259) is not in mixedCase
Function IUniswapV2Router01.WETH() (#289) is not in mixedCase
Parameter TokenTool.setSwapAndLiquifyEnabled(bool)._enabled (#679) is not in mixedCase
Variable TokenTool._balances (#452) is not in mixedCase
Variable TokenTool._buyLiquidityFee (#460) is not in mixedCase
Variable TokenTool._buyMarketingFee (#461) is not in mixedCase
Variable TokenTool._buyTeamFee (#462) is not in mixedCase
Variable TokenTool._sellLiquidityFee (#464) is not in mixedCase
Variable TokenTool._sellMarketingFee (#465) is not in mixedCase
Variable TokenTool._sellTeamFee (#466) is not in mixedCase
Variable TokenTool._liquidityShare (#468) is not in mixedCase
Variable TokenTool._marketingShare (#469) is not in mixedCase
Variable TokenTool._teamShare (#470) is not in mixedCase
Variable TokenTool._totalDistributionShares (#471) is not in mixedCase
Variable TokenTool._totalTaxIfBuying (#473) is not in mixedCase
Variable TokenTool._totalTaxIfSelling (#474) is not in mixedCase
Variable TokenTool._maxTxAmount (#478) is not in mixedCase
Variable TokenTool._walletMax (#479) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#11)" inContext (#4-15)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in TokenTool._transfer(address,address,uint256) (#729-767):
External calls:
- swapAndLiquify(contractTokenBalance) (#751)
- recipient.transfer(amount) (#693)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#751)
- recipient.transfer(amount) (#693)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#754)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#762)
- finalAmount = takeFee(sender,recipient,amount) (#756-757)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#847)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#848)
- finalAmount = takeFee(sender,recipient,amount) (#756-757)
- Transfer(sender,recipient,finalAmount) (#764)
Reentrancy in TokenTool.constructor(string,string,uint8,uint256,address,address,address,address,address) (#515-562):
External calls:
- address(service).transfer(msg.value) (#560)
Event emitted after the call(s):
- Transfer(address(0),owner,_totalSupply) (#561)
Reentrancy in TokenTool.swapAndLiquify(uint256) (#776-798):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#791)
- recipient.transfer(amount) (#693)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#794)
- recipient.transfer(amount) (#693)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#791)
- recipient.transfer(amount) (#693)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#794)
- recipient.transfer(amount) (#693)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
- _allowances[owner][spender] = amount (#611)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#612)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#797)
Reentrancy in TokenTool.transferFrom(address,address,uint256) (#723-727):
External calls:
- _transfer(sender,recipient,amount) (#724)
- recipient.transfer(amount) (#693)
External calls sending eth:
- _transfer(sender,recipient,amount) (#724)
- recipient.transfer(amount) (#693)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#825-832)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#725)
- _allowances[owner][spender] = amount (#611)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#612)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#725)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#294) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#295)
Prevent variables from having similar names.
Additional information: link
TokenTool.slitherConstructorVariables() (#440-855) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#450)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#163-166)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#168-172)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#175-177)
getTime() should be declared external:
- Ownable.getTime() (#179-181)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#183-188)
unlock() should be declared external:
- Ownable.unlock() (#190-195)
name() should be declared external:
- TokenTool.name() (#564-566)
symbol() should be declared external:
- TokenTool.symbol() (#568-570)
decimals() should be declared external:
- TokenTool.decimals() (#572-574)
totalSupply() should be declared external:
- TokenTool.totalSupply() (#576-578)
allowance(address,address) should be declared external:
- TokenTool.allowance(address,address) (#584-586)
increaseAllowance(address,uint256) should be declared external:
- TokenTool.increaseAllowance(address,uint256) (#588-591)
decreaseAllowance(address,uint256) should be declared external:
- TokenTool.decreaseAllowance(address,uint256) (#593-596)
minimumTokensBeforeSwapAmount() should be declared external:
- TokenTool.minimumTokensBeforeSwapAmount() (#598-600)
approve(address,uint256) should be declared external:
- TokenTool.approve(address,uint256) (#602-605)
setMarketPairStatus(address,bool) should be declared external:
- TokenTool.setMarketPairStatus(address,bool) (#615-617)
setIsExcludedFromFee(address,bool) should be declared external:
- TokenTool.setIsExcludedFromFee(address,bool) (#623-625)
setSwapAndLiquifyEnabled(bool) should be declared external:
- TokenTool.setSwapAndLiquifyEnabled(bool) (#679-682)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- TokenTool.setSwapAndLiquifyByLimitOnly(bool) (#684-686)
getCirculatingSupply() should be declared external:
- TokenTool.getCirculatingSupply() (#688-690)
changeRouterVersion(address) should be declared external:
- TokenTool.changeRouterVersion(address) (#696-713)
transfer(address,uint256) should be declared external:
- TokenTool.transfer(address,uint256) (#718-721)
transferFrom(address,address,uint256) should be declared external:
- TokenTool.transferFrom(address,address,uint256) (#723-727)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts