LILI.donateEthDust(uint256) (#600-602) sends eth to arbitrary user
Dangerous calls:
- address(_msgSender()).transfer(amount) (#601)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Recv.withdraw() (#306-315) ignores return value by usdt.transfer(address(token520),usdtBalance) (#309)
Recv.withdraw() (#306-315) ignores return value by token520.transfer(address(token520),token520Balance) (#313)
LILI.donateDust(address,uint256) (#595-598) ignores return value by IERC20(addr).transfer(_msgSender(),amount) (#597)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
LILI.setRThreshold(uint256) (#461-464) contains a tautology or contradiction:
- require(bool)(thres >= 0 && thres <= 50000 * 10 ** 18) (#462)
Fix the incorrect comparison by changing the value type or the comparison.
Additional information: link
LILI.slitherConstructorVariables() (#318-747) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#334)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
LILI._router (#336) should be constant
LILI.commAddress (#348) should be constant
LILI.daoAddress (#350) should be constant
LILI.deadAddress (#334) should be constant
LILI.fundAddress (#347) should be constant
LILI.inviterRequireLockTime (#332) should be constant
LILI.rThreshold (#345) should be constant
LILI.recvAddress (#351) should be constant
LILI.socialAddress (#349) should be constant
LILI.swapAndLiquifyEnabled (#365) should be constant
LILI.usdt (#337) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
owner() should be declared external:
- Ownable.owner() (#250-252)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#264-267)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#269-276)
withdraw() should be declared external:
- Recv.withdraw() (#306-315)
name() should be declared external:
- LILI.name() (#392-394)
symbol() should be declared external:
- LILI.symbol() (#396-398)
decimals() should be declared external:
- LILI.decimals() (#400-402)
totalSupply() should be declared external:
- LILI.totalSupply() (#404-406)
transfer(address,uint256) should be declared external:
- LILI.transfer(address,uint256) (#408-416)
allowance(address,address) should be declared external:
- LILI.allowance(address,address) (#418-426)
approve(address,uint256) should be declared external:
- LILI.approve(address,uint256) (#428-436)
transferFrom(address,address,uint256) should be declared external:
- LILI.transferFrom(address,address,uint256) (#438-453)
setRThreshold(uint256) should be declared external:
- LILI.setRThreshold(uint256) (#461-464)
setInviterBlackAddress(address,bool) should be declared external:
- LILI.setInviterBlackAddress(address,bool) (#466-468)
resetInviterAddress(address,address) should be declared external:
- LILI.resetInviterAddress(address,address) (#470-472)
isInviterBlackAddress(address) should be declared external:
- LILI.isInviterBlackAddress(address) (#474-476)
setTxLimit(uint256) should be declared external:
- LILI.setTxLimit(uint256) (#479-482)
rescueToken(address,uint256) should be declared external:
- LILI.rescueToken(address,uint256) (#484-490)
setIsExcludedFromFee(address,bool) should be declared external:
- LILI.setIsExcludedFromFee(address,bool) (#584-589)
setTxlimitByUsdt(uint256) should be declared external:
- LILI.setTxlimitByUsdt(uint256) (#591-593)
isContract(address) should be declared external:
- LILI.isContract(address) (#604-613)
Use the external attribute for functions never called from the contract.
Additional information: link
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-IERC20(_pair).totalSupply() > 0 && balanceOf(address(this)) > balanceOf(_pair).div(10000).mul(5) (#519)
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-share_scope_1 = amount.mul(99).div(10000) (#564)
-_basicTransfer(sender,socialAddress,share_scope_1.mul(2)) (#565)
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-share_scope_0 = amount.mul(99).div(10000) (#558)
-_basicTransfer(sender,address(this),share_scope_0.mul(6)) (#559)
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-share_scope_1 = amount.mul(99).div(10000) (#564)
-_basicTransfer(sender,recipient,share_scope_1.mul(98)) (#566)
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-share_scope_0 = amount.mul(99).div(10000) (#558)
-_basicTransfer(sender,commAddress,share_scope_0.mul(3)) (#560)
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-share_scope_0 = amount.mul(99).div(10000) (#558)
-_basicTransfer(sender,recipient,share_scope_0.mul(91)) (#561)
LILI._transfer(address,address,uint256) (#511-571) performs a multiplication on the result of a division:
-share = amount.div(100) (#539)
-_basicTransfer(sender,recipient,amount.sub(share.mul(9))) (#555)
LILI.swapAndLiquifyV1() (#681-689) performs a multiplication on the result of a division:
-maxAmount = balanceOf(_pair).div(100).mul(2) (#683)
Consider ordering multiplication before division.
Additional information: link
Reentrancy in LILI._transfer(address,address,uint256) (#511-571):
External calls:
- swapAndLiquifyV1() (#529)
- IERC20(usdt).approve(_router,uAmount) (#734)
- IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
- IPancakeRouter(_router).swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(RECV),block.timestamp) (#697-703)
- RECV.withdraw() (#705)
State variables written after the call(s):
- _basicTransfer(sender,recipient,amount) (#535)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- promotionRewards(sender,recipient,share) (#554)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- _basicTransfer(sender,recipient,amount.sub(share.mul(9))) (#555)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- _basicTransfer(sender,address(this),share_scope_0.mul(6)) (#559)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- _basicTransfer(sender,commAddress,share_scope_0.mul(3)) (#560)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- _basicTransfer(sender,recipient,share_scope_0.mul(91)) (#561)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- _basicTransfer(sender,socialAddress,share_scope_1.mul(2)) (#565)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- _basicTransfer(sender,recipient,share_scope_1.mul(98)) (#566)
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#578)
- _balances[recipient] = _balances[recipient].add(amount) (#579)
- swapping = false (#530)
Apply the check-effects-interactions pattern.
Additional information: link
LILI.addLiquidityUSDT(uint256,uint256) (#732-745) ignores return value by IERC20(usdt).approve(_router,uAmount) (#734)
LILI.addLiquidityUSDT(uint256,uint256) (#732-745) ignores return value by IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
Ensure that all the return values of the function calls are used.
Additional information: link
LILI.allowance(address,address).owner (#418) shadows:
- Ownable.owner() (#250-252) (function)
LILI._approve(address,address,uint256).owner (#493) shadows:
- Ownable.owner() (#250-252) (function)
Rename the local variables that shadow another component.
Additional information: link
LILI.setRThreshold(uint256) (#461-464) should emit an event for:
- _maxRAmount = thres (#463)
LILI.setTxLimit(uint256) (#479-482) should emit an event for:
- txlimitByUsdt = amount (#481)
LILI.setTxlimitByUsdt(uint256) (#591-593) should emit an event for:
- txlimitByUsdt = _txLimitByUsdt (#592)
Emit an event for critical parameter changes.
Additional information: link
Reentrancy in LILI._transfer(address,address,uint256) (#511-571):
External calls:
- swapAndLiquifyV1() (#529)
- IERC20(usdt).approve(_router,uAmount) (#734)
- IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
- IPancakeRouter(_router).swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(RECV),block.timestamp) (#697-703)
- RECV.withdraw() (#705)
State variables written after the call(s):
- limitTx(amount) (#537)
- _maxTxAmount = reserve0.mul(txlimitByUsdt).div(reserve1.add(txlimitByUsdt)) (#670)
- _maxTxAmount = reserve1.mul(txlimitByUsdt).div(reserve0.add(txlimitByUsdt)) (#673)
- inviter[recipient] = deadAddress (#541)
- inviter[recipient] = deadAddress (#550)
- inviter[recipient] = sender (#569)
- inviterLockTime[recipient] = block.timestamp (#542)
- inviterLockTime[recipient] = block.timestamp (#551)
- inviterLockTime[recipient] = block.timestamp (#569)
Reentrancy in LILI.constructor() (#372-390):
External calls:
- _pair = IPancakeFactory(IPancakeRouter(_router).factory()).createPair(address(this),usdt) (#377-380)
State variables written after the call(s):
- RECV = new Recv(IERC20(this)) (#381)
- _approve(address(this),address(_router),~ uint256(0)) (#382)
- _allowances[owner][spender] = amount (#497)
- isExcludedFromFee[_tokenOwner] = true (#383)
- isExcludedFromFee[fundAddress] = true (#384)
- isExcludedFromFee[commAddress] = true (#385)
- isExcludedFromFee[socialAddress] = true (#386)
- isExcludedFromFee[daoAddress] = true (#387)
- isExcludedFromFee[_router] = true (#388)
- isExcludedFromFee[address(this)] = true (#389)
Reentrancy in LILI.transferFrom(address,address,uint256) (#438-453):
External calls:
- _transfer(sender,recipient,amount) (#443)
- IERC20(usdt).approve(_router,uAmount) (#734)
- IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
- IPancakeRouter(_router).swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(RECV),block.timestamp) (#697-703)
- RECV.withdraw() (#705)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#450)
- _allowances[owner][spender] = amount (#497)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in LILI._transfer(address,address,uint256) (#511-571):
External calls:
- swapAndLiquifyV1() (#529)
- IERC20(usdt).approve(_router,uAmount) (#734)
- IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
- IPancakeRouter(_router).swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(RECV),block.timestamp) (#697-703)
- RECV.withdraw() (#705)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,socialAddress,share_scope_1.mul(2)) (#565)
- Transfer(sender,recipient,amount) (#580)
- promotionRewards(sender,recipient,share) (#554)
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,address(this),share_scope_0.mul(6)) (#559)
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,commAddress,share_scope_0.mul(3)) (#560)
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,recipient,share_scope_1.mul(98)) (#566)
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,recipient,amount.sub(share.mul(9))) (#555)
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,recipient,amount) (#535)
- Transfer(sender,recipient,amount) (#580)
- _basicTransfer(sender,recipient,share_scope_0.mul(91)) (#561)
Reentrancy in LILI.constructor() (#372-390):
External calls:
- _pair = IPancakeFactory(IPancakeRouter(_router).factory()).createPair(address(this),usdt) (#377-380)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#498)
- _approve(address(this),address(_router),~ uint256(0)) (#382)
Reentrancy in LILI.swapAndLiquify(uint256) (#708-730):
External calls:
- swapTokensForUSDT(half) (#720)
- IPancakeRouter(_router).swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(RECV),block.timestamp) (#697-703)
- RECV.withdraw() (#705)
- addLiquidityUSDT(otherHalf,usdtBalance) (#727)
- IERC20(usdt).approve(_router,uAmount) (#734)
- IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
Event emitted after the call(s):
- SwapAndLiquify(otherHalf,usdtBalance) (#729)
Reentrancy in LILI.transferFrom(address,address,uint256) (#438-453):
External calls:
- _transfer(sender,recipient,amount) (#443)
- IERC20(usdt).approve(_router,uAmount) (#734)
- IPancakeRouter(_router).addLiquidity(address(this),address(usdt),tokenAmount,uAmount,0,0,fundAddress,block.timestamp) (#735-744)
- IPancakeRouter(_router).swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(RECV),block.timestamp) (#697-703)
- RECV.withdraw() (#705)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#498)
- _approve(sender,_msgSender(),currentAllowance - amount) (#450)
Apply the check-effects-interactions pattern.
Additional information: link
LILI._transfer(address,address,uint256) (#511-571) uses timestamp for comparisons
Dangerous comparisons:
- inviterLockTime[recipient] > block.timestamp - inviterRequireLockTime && inviter[recipient] != deadAddress (#545-547)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#281-294) uses assembly
- INLINE ASM (#292)
LILI.isContract(address) (#604-613) uses assembly
- INLINE ASM (#609-611)
Do not use evm assembly.
Additional information: link
SafeMath.mod(uint256,uint256) (#59-61) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#63-70) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#2) allows old versions
solc-0.8.13 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Function IPancakeRouter.WETH() (#127) is not in mixedCase
Parameter LILI.resetInviterAddress(address,address)._inviter (#470) is not in mixedCase
Parameter LILI.setTxlimitByUsdt(uint256)._txLimitByUsdt (#591) is not in mixedCase
Variable LILI._router (#336) is not in mixedCase
Variable LILI._pair (#341) is not in mixedCase
Variable LILI.RECV (#355) is not in mixedCase
Variable LILI._tokenOwner (#357) is not in mixedCase
Variable LILI._maxTxAmount (#359) is not in mixedCase
Variable LILI._maxRAmount (#361) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IPancakeRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#132) is too similar to IPancakeRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#133)
Variable LILI._transfer(address,address,uint256).share_scope_0 (#558) is too similar to LILI._transfer(address,address,uint256).share_scope_1 (#564)
Prevent variables from having similar names.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts