Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
KingKitty.addLiquidity(uint256,uint256) (#603-616) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in KingKitty._transfer(address,address,uint256) (#492-539):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#530)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
- swapAndLiquify(swapTokensAtAmount,taxes) (#531)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#530)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- swapAndLiquify(swapTokensAtAmount,taxes) (#531)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#538)
- _rOwned[address(this)] += rDev (#400)
- _rOwned[address(this)] += rMarketing (#390)
- _rOwned[address(this)] += rBuyback (#411)
- _rOwned[address(this)] += rLiquidity (#380)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#554)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#555)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#538)
- _rTotal -= rRfi (#369)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#538)
- _tOwned[address(this)] += tMarketing (#388)
- _tOwned[address(this)] += tBuyback (#409)
- _tOwned[address(this)] += tLiquidity (#378)
- _tOwned[sender] = _tOwned[sender] - tAmount (#548)
- _tOwned[address(this)] += tDev (#398)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#551)
Apply the check-effects-interactions pattern.
Additional information: link
KingKitty.rescueAnyBEP20Tokens(address,address,uint256) (#704-706) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#705)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Redundant expression "this (#36)" inContext (#30-39)
Remove redundant statements if they congest code but offer no value.
Additional information: link
KingKitty._tTotal (#144) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
KingKitty.swapAndLiquify(uint256,KingKitty.Taxes) (#569-601) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#579)
-bnbToAddLiquidityWith = unitBalance * temp.liquidity (#580)
KingKitty.swapAndLiquify(uint256,KingKitty.Taxes) (#569-601) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#579)
-marketingAmt = unitBalance * 2 * temp.marketing (#587)
KingKitty.swapAndLiquify(uint256,KingKitty.Taxes) (#569-601) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#579)
-devAmt = unitBalance * 2 * temp.dev (#591)
KingKitty.swapAndLiquify(uint256,KingKitty.Taxes) (#569-601) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#579)
-buybackAmt = unitBalance * 2 * temp.buyback (#596)
Consider ordering multiplication before division.
Additional information: link
KingKitty.addLiquidity(uint256,uint256) (#603-616) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
Ensure that all the return values of the function calls are used.
Additional information: link
KingKitty.allowance(address,address).owner (#255) shadows:
- Ownable.owner() (#50-52) (function)
KingKitty._approve(address,address,uint256).owner (#485) shadows:
- Ownable.owner() (#50-52) (function)
Rename the local variables that shadow another component.
Additional information: link
KingKitty.updateCooldown(bool,uint256) (#655-658) should emit an event for:
- coolDownTime = time * 1 (#656)
KingKitty.updateSwapTokensAtAmount(uint256) (#660-662) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#661)
KingKitty.updateMaxTxLimit(uint256,uint256) (#683-686) should emit an event for:
- maxBuyLimit = maxBuy * 10 ** decimals() (#684)
- maxSellLimit = maxSell * 10 ** decimals() (#685)
KingKitty.updateMaxWalletlimit(uint256) (#688-690) should emit an event for:
- maxWalletLimit = amount * 10 ** decimals() (#689)
Emit an event for critical parameter changes.
Additional information: link
KingKitty.constructor(address)._pair (#209-210) lacks a zero-check on :
- pair = _pair (#213)
KingKitty.updateMarketingWallet(address).newWallet (#643) lacks a zero-check on :
- marketingWallet = newWallet (#644)
KingKitty.updateDevWallet(address).newWallet (#647) lacks a zero-check on :
- devWallet = newWallet (#648)
KingKitty.updateBuybackWallet(address).newWallet (#651) lacks a zero-check on :
- buybackWallet = newWallet (#652)
KingKitty.updateRouterAndPair(address,address).newPair (#692) lacks a zero-check on :
- pair = newPair (#694)
Check that the address is not zero.
Additional information: link
Reentrancy in KingKitty._transfer(address,address,uint256) (#492-539):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#530)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
- swapAndLiquify(swapTokensAtAmount,taxes) (#531)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#530)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- swapAndLiquify(swapTokensAtAmount,taxes) (#531)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#538)
- totFeesPaid.buyback += tBuyback (#405)
- totFeesPaid.liquidity += tLiquidity (#374)
- totFeesPaid.dev += tDev (#394)
- totFeesPaid.marketing += tMarketing (#384)
- totFeesPaid.rfi += tRfi (#370)
Reentrancy in KingKitty.constructor(address) (#207-232):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#209-210)
State variables written after the call(s):
- excludeFromReward(pair) (#215)
- _excluded.push(account) (#328)
- excludeFromReward(pair) (#215)
- _isExcluded[account] = true (#327)
- _isExcludedFromFee[address(this)] = true (#218)
- _isExcludedFromFee[owner()] = true (#219)
- _isExcludedFromFee[marketingWallet] = true (#220)
- _isExcludedFromFee[devWallet] = true (#221)
- _isExcludedFromFee[buybackWallet] = true (#222)
- _rOwned[owner()] = _rTotal (#217)
- excludeFromReward(pair) (#215)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#325)
- allowedTransfer[address(this)] = true (#224)
- allowedTransfer[owner()] = true (#225)
- allowedTransfer[pair] = true (#226)
- allowedTransfer[marketingWallet] = true (#227)
- allowedTransfer[devWallet] = true (#228)
- allowedTransfer[buybackWallet] = true (#229)
- pair = _pair (#213)
- router = _router (#212)
Reentrancy in KingKitty.swapAndLiquify(uint256,KingKitty.Taxes) (#569-601):
External calls:
- swapTokensForBNB(toSwap) (#576)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#584)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#584)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#584)
- _allowances[owner][spender] = amount (#488)
Reentrancy in KingKitty.transferFrom(address,address,uint256) (#264-272):
External calls:
- _transfer(sender,recipient,amount) (#265)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
External calls sending eth:
- _transfer(sender,recipient,amount) (#265)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#269)
- _allowances[owner][spender] = amount (#488)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in KingKitty._transfer(address,address,uint256) (#492-539):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#530)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
- swapAndLiquify(swapTokensAtAmount,taxes) (#531)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#530)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- swapAndLiquify(swapTokensAtAmount,taxes) (#531)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
Event emitted after the call(s):
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing + s.tDev + s.tBuyback) (#560)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#538)
- Transfer(sender,recipient,s.tTransferAmount) (#565)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#538)
Reentrancy in KingKitty.constructor(address) (#207-232):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#209-210)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#231)
Reentrancy in KingKitty.swapAndLiquify(uint256,KingKitty.Taxes) (#569-601):
External calls:
- swapTokensForBNB(toSwap) (#576)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#584)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#584)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#489)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#584)
Reentrancy in KingKitty.transferFrom(address,address,uint256) (#264-272):
External calls:
- _transfer(sender,recipient,amount) (#265)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#627-633)
- address(marketingWallet).sendValue(marketingAmt) (#589)
- address(devWallet).sendValue(devAmt) (#593)
- address(buybackWallet).sendValue(buybackAmt) (#598)
External calls sending eth:
- _transfer(sender,recipient,amount) (#265)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#608-615)
- (success) = recipient.call{value: amount}() (#103)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#489)
- _approve(sender,_msgSender(),currentAllowance - amount) (#269)
Apply the check-effects-interactions pattern.
Additional information: link
KingKitty._transfer(address,address,uint256) (#492-539) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(timePassed >= coolDownTime,Cooldown enabled) (#519)
Avoid relying on block.timestamp.
Additional information: link
KingKitty.setTradingStatus(bool) (#309-313) compares to a boolean constant:
-state == true && genesis_block == 0 (#312)
Remove the equality to the boolean constant.
Additional information: link
KingKitty.includeInReward(address) (#331-342) has costly operations inside a loop:
- _excluded.pop() (#338)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#35-38) is never used and should be removed
Remove unused functions.
Additional information: link
KingKitty._rTotal (#145) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#100-105):
- (success) = recipient.call{value: amount}() (#103)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IRouter.WETH() (#81) is not in mixedCase
Struct KingKitty.valuesFromGetValues (#182-196) is not in CapWords
Parameter KingKitty.setTaxes(uint256,uint256,uint256,uint256,uint256)._rfi (#358) is not in mixedCase
Parameter KingKitty.setTaxes(uint256,uint256,uint256,uint256,uint256)._marketing (#358) is not in mixedCase
Parameter KingKitty.setTaxes(uint256,uint256,uint256,uint256,uint256)._liquidity (#358) is not in mixedCase
Parameter KingKitty.setTaxes(uint256,uint256,uint256,uint256,uint256)._dev (#358) is not in mixedCase
Parameter KingKitty.setTaxes(uint256,uint256,uint256,uint256,uint256)._buyback (#358) is not in mixedCase
Parameter KingKitty.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._rfi (#363) is not in mixedCase
Parameter KingKitty.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._marketing (#363) is not in mixedCase
Parameter KingKitty.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._liquidity (#363) is not in mixedCase
Parameter KingKitty.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._dev (#363) is not in mixedCase
Parameter KingKitty.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._buyback (#363) is not in mixedCase
Parameter KingKitty.updateSwapEnabled(bool)._enabled (#664) is not in mixedCase
Parameter KingKitty.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#704) is not in mixedCase
Parameter KingKitty.rescueAnyBEP20Tokens(address,address,uint256)._to (#704) is not in mixedCase
Parameter KingKitty.rescueAnyBEP20Tokens(address,address,uint256)._amount (#704) is not in mixedCase
Constant KingKitty._decimals (#141) is not in UPPER_CASE_WITH_UNDERSCORES
Variable KingKitty.genesis_block (#152) is not in mixedCase
Constant KingKitty._name (#158) is not in UPPER_CASE_WITH_UNDERSCORES
Constant KingKitty._symbol (#159) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#59-61)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#63-66)
name() should be declared external:
- KingKitty.name() (#235-237)
symbol() should be declared external:
- KingKitty.symbol() (#238-240)
totalSupply() should be declared external:
- KingKitty.totalSupply() (#246-248)
allowance(address,address) should be declared external:
- KingKitty.allowance(address,address) (#255-257)
approve(address,uint256) should be declared external:
- KingKitty.approve(address,uint256) (#259-262)
transferFrom(address,address,uint256) should be declared external:
- KingKitty.transferFrom(address,address,uint256) (#264-272)
increaseAllowance(address,uint256) should be declared external:
- KingKitty.increaseAllowance(address,uint256) (#274-277)
decreaseAllowance(address,uint256) should be declared external:
- KingKitty.decreaseAllowance(address,uint256) (#279-285)
transfer(address,uint256) should be declared external:
- KingKitty.transfer(address,uint256) (#287-291)
isExcludedFromReward(address) should be declared external:
- KingKitty.isExcludedFromReward(address) (#293-295)
reflectionFromToken(uint256,bool) should be declared external:
- KingKitty.reflectionFromToken(uint256,bool) (#297-306)
excludeFromFee(address) should be declared external:
- KingKitty.excludeFromFee(address) (#345-347)
includeInFee(address) should be declared external:
- KingKitty.includeInFee(address) (#349-351)
isExcludedFromFee(address) should be declared external:
- KingKitty.isExcludedFromFee(address) (#354-356)
setTaxes(uint256,uint256,uint256,uint256,uint256) should be declared external:
- KingKitty.setTaxes(uint256,uint256,uint256,uint256,uint256) (#358-361)
setSellTaxes(uint256,uint256,uint256,uint256,uint256) should be declared external:
- KingKitty.setSellTaxes(uint256,uint256,uint256,uint256,uint256) (#363-366)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- KingKitty.rescueAnyBEP20Tokens(address,address,uint256) (#704-706)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts