LBlock [LuckyBlock] Token

Reentrancy in LuckyBlock._transfer(address,address,uint256) (#1020-1123):
External calls:
- swapAndLiquify(contractTokenBalance) (#1092)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#1092)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
State variables written after the call(s):
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- _reflectionBalance[address(this)] = _reflectionBalance[address(this)].add(_liquidityFee.mul(rate)) (#1146-1148)
- _reflectionBalance[lotteryPoolWallet] = _reflectionBalance[lotteryPoolWallet].add(_lotteryPoolFee.mul(rate)) (#1162-1164)
- _reflectionBalance[nftRoyalPoolWallet] = _reflectionBalance[nftRoyalPoolWallet].add(_nftRoyalPoolFee.mul(rate)) (#1178-1180)
- _reflectionBalance[sender] = _reflectionBalance[sender].sub(amount.mul(rate)) (#1105-1107)
- _reflectionBalance[recipient] = _reflectionBalance[recipient].add(transferAmount.mul(rate)) (#1108-1110)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- _reflectionTotal = _reflectionTotal.sub(_taxFee.mul(rate)) (#1136)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- _tokenBalance[address(this)] = _tokenBalance[address(this)].add(_liquidityFee) (#1150-1152)
- _tokenBalance[lotteryPoolWallet] = _tokenBalance[lotteryPoolWallet].add(_lotteryPoolFee) (#1166-1168)
- _tokenBalance[nftRoyalPoolWallet] = _tokenBalance[nftRoyalPoolWallet].add(_nftRoyalPoolFee) (#1182-1184)
- _tokenBalance[deadWallet] = _tokenBalance[deadWallet].add(_burnFee) (#1194)
- _tokenBalance[sender] = _tokenBalance[sender].sub(amount) (#1114)
- _tokenBalance[recipient] = _tokenBalance[recipient].add(transferAmount) (#1117-1119)
Apply the check-effects-interactions pattern.

Additional information: link

LuckyBlock.recoverERC20(address,uint256) (#1393-1395) ignores return value by IERC20(tokenAddress).transfer(owner(),tokenAmount) (#1394)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.

Additional information: link

LuckyBlock.addLiquidity(uint256,uint256) (#1263-1276) sends eth to arbitrary user
Dangerous calls:
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Contract ownership is not renounced (belongs to a wallet)

Address.isContract(address) (#421-431) uses assembly
- INLINE ASM (#427-429)
Address.verifyCallResult(bool,bytes,string) (#590-610) uses assembly
- INLINE ASM (#602-605)
Do not use evm assembly.

Additional information: link

LuckyBlock.slitherConstructorVariables() (#746-1403) uses literals with too many digits:
- deadWallet = 0x000000000000000000000000000000000000dEaD (#786)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

LuckyBlock.constructor(address)._owner (#842) shadows:
- Ownable._owner (#118) (state variable)
LuckyBlock.allowance(address,address).owner (#889) shadows:
- Ownable.owner() (#132-134) (function)
LuckyBlock._approve(address,address,uint256).owner (#1009) shadows:
- Ownable.owner() (#132-134) (function)
Rename the local variables that shadow another component.

Additional information: link

Address.functionCall(address,bytes) (#474-476) is never used and should be removed
Address.functionCall(address,bytes,string) (#484-490) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#503-509) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#517-528) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#563-565) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#573-582) is never used and should be removed
Address.functionStaticCall(address,bytes) (#536-538) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#546-555) is never used and should be removed
Address.isContract(address) (#421-431) is never used and should be removed
Address.sendValue(address,uint256) (#449-454) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (#590-610) is never used and should be removed
Context._msgData() (#100-102) is never used and should be removed
SafeCast.toInt256(uint256) (#740-743) is never used and should be removed
SafeCast.toUint128(uint256) (#710-713) is never used and should be removed
SafeCast.toUint16(uint256) (#725-728) is never used and should be removed
SafeCast.toUint256(int256) (#735-738) is never used and should be removed
SafeCast.toUint32(uint256) (#720-723) is never used and should be removed
SafeCast.toUint64(uint256) (#715-718) is never used and should be removed
SafeCast.toUint8(uint256) (#730-733) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#360-369) is never used and should be removed
SafeMath.mod(uint256,uint256) (#320-322) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#386-395) is never used and should be removed
SafeMath.tryAdd(uint256,uint256) (#191-197) is never used and should be removed
SafeMath.tryDiv(uint256,uint256) (#233-238) is never used and should be removed
SafeMath.tryMod(uint256,uint256) (#245-250) is never used and should be removed
SafeMath.tryMul(uint256,uint256) (#216-226) is never used and should be removed
SafeMath.trySub(uint256,uint256) (#204-209) is never used and should be removed
Remove unused functions.

Additional information: link

LuckyBlock._reflectionTotal (#761) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tokenTotal))
LuckyBlock.maxTxAmount (#794-795) is set pre-construction with a non-constant function or state variable:
- _tokenTotal.mul(maxTxAmountPercentage).div(10000)
LuckyBlock.sellCooldownAmount (#806) is set pre-construction with a non-constant function or state variable:
- _tokenTotal.mul(5).div(10000)
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#449-454):
- (success) = recipient.call{value: amount}() (#452)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#517-528):
- (success,returndata) = target.call{value: value}(data) (#526)
Low level call in Address.functionStaticCall(address,bytes,string) (#546-555):
- (success,returndata) = target.staticcall(data) (#553)
Low level call in Address.functionDelegateCall(address,bytes,string) (#573-582):
- (success,returndata) = target.delegatecall(data) (#580)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IPancakeswapV2Router01.WETH() (#639) is not in mixedCase
Parameter LuckyBlock.setMaxTxAmountPercentage(uint256)._maxAmountTxPercentage (#1354) is not in mixedCase
Variable LuckyBlock._reflectionBalance (#755) is not in mixedCase
Variable LuckyBlock._tokenBalance (#756) is not in mixedCase
Variable LuckyBlock._allowances (#757) is not in mixedCase
Variable LuckyBlock._tokenTotal (#760) is not in mixedCase
Variable LuckyBlock._reflectionTotal (#761) is not in mixedCase
Variable LuckyBlock._isExcluded (#765) is not in mixedCase
Variable LuckyBlock._excluded (#766) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

LuckyBlock._decimals (#753) should be constant
LuckyBlock._name (#751) should be constant
LuckyBlock._symbol (#752) should be constant
LuckyBlock._tokenTotal (#760) should be constant
LuckyBlock.deadWallet (#786) should be constant
LuckyBlock.feeDecimal (#769) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

LuckyBlock.setAdmin(address) (#1361-1363) should emit an event for:
- admin = account (#1362)
Emit an event for critical parameter changes.

Additional information: link

LuckyBlock._transfer(address,address,uint256) (#1020-1123) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(listedAt != 0 || isTaxless[sender] || isTaxless[recipient],Not Listed yet!) (#1036-1039)
- ! isTaxless[sender] && ! isTaxless[recipient] && listedAt + 180 >= block.timestamp (#1042-1044)
- listedAt + 180 >= block.timestamp (#1052)
- require(bool,string)(sellCooldown[sender] < block.timestamp,Err: Sell Cooldown) (#1065-1068)
- lastSellCycleStart[sender] + sellCooldownTime < block.timestamp (#1070)
LuckyBlock.launch() (#1381-1384) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(listedAt == 0,Already Listed!) (#1382)
Avoid relying on block.timestamp.

Additional information: link

LuckyBlock.setTeamWallet(address).wallet (#1339) lacks a zero-check on :
- teamWallet = wallet (#1340)
LuckyBlock.setDistributionWallet(address).wallet (#1342) lacks a zero-check on :
- distributionWallet = wallet (#1343)
LuckyBlock.setNFTPoolWallet(address).wallet (#1346) lacks a zero-check on :
- nftRoyalPoolWallet = wallet (#1347)
LuckyBlock.setLotteryPoolWallet(address).wallet (#1350) lacks a zero-check on :
- lotteryPoolWallet = wallet (#1351)
LuckyBlock.setAdmin(address).account (#1361) lacks a zero-check on :
- admin = account (#1362)
LuckyBlock.claim(address).destination (#1398) lacks a zero-check on :
- destination.transfer(address(this).balance) (#1399)
Check that the address is not zero.

Additional information: link

LuckyBlock.includeAccount(address) (#995-1006) has costly operations inside a loop:
- _excluded.pop() (#1002)
Use a local variable to hold the loop computation result.

Additional information: link

Pragma version^0.8.0 (#4) allows old versions
solc-0.8.0 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Reentrancy in LuckyBlock._transfer(address,address,uint256) (#1020-1123):
External calls:
- swapAndLiquify(contractTokenBalance) (#1092)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#1092)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
Event emitted after the call(s):
- Transfer(account,distributionWallet,_taxFee) (#1138)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- Transfer(account,address(this),_liquidityFee) (#1155)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- Transfer(account,lotteryPoolWallet,_lotteryPoolFee) (#1171)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- Transfer(account,nftRoyalPoolWallet,_nftRoyalPoolFee) (#1187)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- Transfer(sender,recipient,transferAmount) (#1122)
- Transfer(account,deadWallet,_burnFee) (#1195)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
Reentrancy in LuckyBlock.constructor(address) (#832-856):
External calls:
- pancakeSwapV2Pair = IPancakeswapV2Factory(_pancakeSwapV2Router.factory()).createPair(address(this),_pancakeSwapV2Router.WETH()) (#837-839)
Event emitted after the call(s):
- OwnershipTransferred(oldOwner,newOwner) (#171)
- transferOwnership(_owner) (#855)
- Transfer(address(0),_owner,_tokenTotal) (#853)
Reentrancy in LuckyBlock.swapAndLiquify(uint256) (#1219-1243):
External calls:
- swapTokensForBnb(half) (#1234)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
- addLiquidity(otherHalf,newBalance) (#1240)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
External calls sending eth:
- addLiquidity(otherHalf,newBalance) (#1240)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#1017)
- addLiquidity(otherHalf,newBalance) (#1240)
- SwapAndLiquify(half,newBalance,otherHalf) (#1242)
Reentrancy in LuckyBlock.transferFrom(address,address,uint256) (#907-923):
External calls:
- _transfer(sender,recipient,amount) (#912)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
External calls sending eth:
- _transfer(sender,recipient,amount) (#912)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#1017)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#914-921)
Apply the check-effects-interactions pattern.

Additional information: link

LuckyBlock.addLiquidity(uint256,uint256) (#1263-1276) ignores return value by pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
Ensure that all the return values of the function calls are used.

Additional information: link

LuckyBlock.setLotteryPoolFee(uint256) (#1327-1329) should emit an event for:
- lotteryPoolFee = fee (#1328)
LuckyBlock.setNFTPoolFee(uint256) (#1331-1333) should emit an event for:
- nftRoyalPoolFee = fee (#1332)
LuckyBlock.setBurnFee(uint256) (#1335-1337) should emit an event for:
- burnFee = fee (#1336)
LuckyBlock.setMaxTxAmountPercentage(uint256) (#1354-1359) should emit an event for:
- maxTxAmountPercentage = _maxAmountTxPercentage (#1358)
Emit an event for critical parameter changes.

Additional information: link

Reentrancy in LuckyBlock._transfer(address,address,uint256) (#1020-1123):
External calls:
- swapAndLiquify(contractTokenBalance) (#1092)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#1092)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
State variables written after the call(s):
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- feeTotal = feeTotal.add(_liquidityFee) (#1154)
- feeTotal = feeTotal.add(_lotteryPoolFee) (#1170)
- feeTotal = feeTotal.add(_nftRoyalPoolFee) (#1186)
- transferAmount = collectFee(sender,recipient,amount,rate) (#1101)
- taxFeeTotal = taxFeeTotal.add(_taxFee) (#1137)
Reentrancy in LuckyBlock.constructor(address) (#832-856):
External calls:
- pancakeSwapV2Pair = IPancakeswapV2Factory(_pancakeSwapV2Router.factory()).createPair(address(this),_pancakeSwapV2Router.WETH()) (#837-839)
State variables written after the call(s):
- _excluded.push(pancakeSwapV2Pair) (#849)
- _isExcluded[pancakeSwapV2Pair] = true (#848)
- transferOwnership(_owner) (#855)
- _owner = newOwner (#170)
- _reflectionBalance[_owner] = _reflectionTotal (#851)
- _tokenBalance[_owner] = _tokenTotal (#852)
- isTaxless[_owner] = true (#845)
- isTaxless[teamWallet] = true (#846)
- pancakeswapV2Router = _pancakeSwapV2Router (#840)
- teamWallet = msg.sender (#843)
Reentrancy in LuckyBlock.swapAndLiquify(uint256) (#1219-1243):
External calls:
- swapTokensForBnb(half) (#1234)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
- addLiquidity(otherHalf,newBalance) (#1240)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
External calls sending eth:
- addLiquidity(otherHalf,newBalance) (#1240)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
State variables written after the call(s):
- addLiquidity(otherHalf,newBalance) (#1240)
- _allowances[owner][spender] = amount (#1016)
Reentrancy in LuckyBlock.transferFrom(address,address,uint256) (#907-923):
External calls:
- _transfer(sender,recipient,amount) (#912)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
- pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1254-1260)
External calls sending eth:
- _transfer(sender,recipient,amount) (#912)
- pancakeswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#1268-1275)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#914-921)
- _allowances[owner][spender] = amount (#1016)
Apply the check-effects-interactions pattern.

Additional information: link

LuckyBlock.collectFee(address,address,uint256,uint256) (#1125-1199) performs a multiplication on the result of a division:
-_taxFee = amount.mul(taxFee).div(10 ** (feeDecimal + 2)) (#1134)
-_reflectionTotal = _reflectionTotal.sub(_taxFee.mul(rate)) (#1136)
LuckyBlock.collectFee(address,address,uint256,uint256) (#1125-1199) performs a multiplication on the result of a division:
-_liquidityFee = amount.mul(liquidityFee).div(10 ** (feeDecimal + 2)) (#1142-1144)
-_reflectionBalance[address(this)] = _reflectionBalance[address(this)].add(_liquidityFee.mul(rate)) (#1146-1148)
LuckyBlock.collectFee(address,address,uint256,uint256) (#1125-1199) performs a multiplication on the result of a division:
-_lotteryPoolFee = amount.mul(lotteryPoolFee).div(10 ** (feeDecimal + 2)) (#1160)
-_reflectionBalance[lotteryPoolWallet] = _reflectionBalance[lotteryPoolWallet].add(_lotteryPoolFee.mul(rate)) (#1162-1164)
LuckyBlock.collectFee(address,address,uint256,uint256) (#1125-1199) performs a multiplication on the result of a division:
-_nftRoyalPoolFee = amount.mul(nftRoyalPoolFee).div(10 ** (feeDecimal + 2)) (#1176)
-_reflectionBalance[nftRoyalPoolWallet] = _reflectionBalance[nftRoyalPoolWallet].add(_nftRoyalPoolFee.mul(rate)) (#1178-1180)
Consider ordering multiplication before division.

Additional information: link

Variable IPancakeswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#644) is too similar to IPancakeswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#645)
Prevent variables from having similar names.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#151-153)
name() should be declared external:
- LuckyBlock.name() (#858-860)
symbol() should be declared external:
- LuckyBlock.symbol() (#862-864)
decimals() should be declared external:
- LuckyBlock.decimals() (#866-868)
totalSupply() should be declared external:
- LuckyBlock.totalSupply() (#870-872)
transfer(address,uint256) should be declared external:
- LuckyBlock.transfer(address,uint256) (#879-887)
allowance(address,address) should be declared external:
- LuckyBlock.allowance(address,address) (#889-896)
approve(address,uint256) should be declared external:
- LuckyBlock.approve(address,uint256) (#898-905)
transferFrom(address,address,uint256) should be declared external:
- LuckyBlock.transferFrom(address,address,uint256) (#907-923)
increaseAllowance(address,uint256) should be declared external:
- LuckyBlock.increaseAllowance(address,uint256) (#925-936)
decreaseAllowance(address,uint256) should be declared external:
- LuckyBlock.decreaseAllowance(address,uint256) (#938-952)
isExcluded(address) should be declared external:
- LuckyBlock.isExcluded(address) (#954-956)
reflectionFromToken(uint256) should be declared external:
- LuckyBlock.reflectionFromToken(uint256) (#958-965)
recoverERC20(address,uint256) should be declared external:
- LuckyBlock.recoverERC20(address,uint256) (#1393-1395)
claim(address) should be declared external:
- LuckyBlock.claim(address) (#1398-1400)
Use the external attribute for functions never called from the contract.

Additional information: link

Contract has 0% buy tax and 12% sell tax.
Taxes are suspiciously high (over 10%) and contract ownership is not renounced. Token has a high risk of becoming a honeypot.

Unable to find token on CoinHunt

Additional information: link

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death