Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
LongTaiTou._distributeEth(uint256) (#393-405) sends eth to arbitrary user
Dangerous calls:
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in LongTaiTou._transfer(address,address,uint256) (#272-298):
External calls:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountDesire,0,path,to,block.timestamp) (#410)
External calls sending eth:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
State variables written after the call(s):
- super._move(from,address(this),feeAmount) (#292)
- _balances[sender] = senderBalance - amount (#132)
- _balances[recipient] += amount (#133)
Reentrancy in LongTaiTou._transfer(address,address,uint256) (#272-298):
External calls:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountDesire,0,path,to,block.timestamp) (#410)
- distributeDogeToken() (#293)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#337-343)
- token.transfer(dogePrizeList[i],dogePrizePerUser) (#321)
- token.transfer(devDogeAddress,token.balanceOf(address(this))) (#324)
External calls sending eth:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
State variables written after the call(s):
- super._transfer(from,to,amount - feeAmount) (#297)
- _balances[sender] = senderBalance - amount (#132)
- _balances[recipient] += amount (#133)
- distributeDogeToken() (#293)
- dogePoolTotal = 0 (#307)
- handDogeFees(amount) (#294)
- dogePoolTotal += feePoolAmount (#375)
- super._transfer(from,to,amount - feeAmount) (#297)
- dogePrizeList.push(user) (#358)
- dogePrizeList[i] = dogePrizeList[dogePrizeList.length - 1] (#365)
- dogePrizeList.pop() (#366)
Apply the check-effects-interactions pattern.
Additional information: link
system.rescueLossToken(IERC20,address) (#180) ignores return value by token_.transfer(_recipient,token_.balanceOf(address(this))) (#180)
system.rescueLossTokenWithAmount(IERC20,address,uint256) (#182) ignores return value by token_.transfer(_recipient,amount) (#182)
LongTaiTou.aliasDoge() (#312-325) ignores return value by token.transfer(dogePrizeList[i],dogePrizePerUser) (#321)
LongTaiTou.aliasDoge() (#312-325) ignores return value by token.transfer(devDogeAddress,token.balanceOf(address(this))) (#324)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
LongTaiTou.limitTimeBefore (#222) is never initialized. It is used in:
- LongTaiTou._transfer(address,address,uint256) (#272-298)
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
LongTaiTou.aliasDoge() (#312-325) uses a dangerous strict equality:
- dogeAmount == 0 (#315)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.
Not a direct threat, but may indicate unreliable intentions of developer. Both name and ticker of current token are widespread, i.e. common across multiple tokens. This is slightly suspicious
LongTaiTou.aliasDoge() (#312-325) performs a multiplication on the result of a division:
-prize = 750 * dogeAmount / divBase (#316)
-dogePrizePerUser = prize * balanceOf(dogePrizeList[i]) / amount (#320)
LongTaiTou.handSwap() (#377-392) performs a multiplication on the result of a division:
-amountDesire = amountDesireTotal * 800 / divBase (#383)
-WETHAmount * amountDesire / TOKENAmount >= swapThreshold (#385)
Consider ordering multiplication before division.
Additional information: link
LongTaiTou._transfer(address,address,uint256).feeAmount (#273) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
LongTaiTou._distributeEth(uint256) (#393-405) ignores return value by uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
Ensure that all the return values of the function calls are used.
Additional information: link
system.rescueLossChain(address)._recipient (#181) lacks a zero-check on :
- _recipient.transfer(address(this).balance) (#181)
system.rescueLossChainWithAmount(address,uint256)._recipient (#183) lacks a zero-check on :
- _recipient.transfer(amount) (#183)
LongTaiTou.constructor(address,address,address[])._router (#227) lacks a zero-check on :
- router_ = _router (#228)
LongTaiTou.constructor(address,address,address[])._reward (#227) lacks a zero-check on :
- DogeContract = _reward (#229)
Check that the address is not zero.
Additional information: link
Reentrancy in LongTaiTou._transfer(address,address,uint256) (#272-298):
External calls:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountDesire,0,path,to,block.timestamp) (#410)
- distributeDogeToken() (#293)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#337-343)
- token.transfer(dogePrizeList[i],dogePrizePerUser) (#321)
- token.transfer(devDogeAddress,token.balanceOf(address(this))) (#324)
External calls sending eth:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
State variables written after the call(s):
- super._transfer(from,to,amount - feeAmount) (#297)
- isInDogePrizeList[user] = true (#357)
- isInDogePrizeList[user] = false (#362)
Reentrancy in LongTaiTou.constructor(address,address,address[]) (#227-238):
External calls:
- initIRouter() (#233)
- uniswapPair = IFactory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#269)
State variables written after the call(s):
- _approve(address(this),address(uniswapV2Router),~ uint256(0)) (#236)
- _allowances[owner][spender] = amount (#155)
- _approve(owner(),address(uniswapV2Router),~ uint256(0)) (#237)
- _allowances[owner][spender] = amount (#155)
- super._mint(owner(),100000000000000000000000000) (#235)
- _balances[account] += amount (#140)
- super._mint(owner(),100000000000000000000000000) (#235)
- _totalSupply += amount (#139)
- initAddrs(addrs) (#234)
- devDogeAddress = addrs[0] (#261)
- initAddrs(addrs) (#234)
- devEthAddress = addrs[1] (#262)
- initAddrs(addrs) (#234)
- excludeFeeMembers = addrs (#260)
- initAddrs(addrs) (#234)
- isExcludeFee[addr[i]] = b (#255)
- initAddrs(addrs) (#234)
- liquidityAddress = owner() (#265)
- initAddrs(addrs) (#234)
- marketAddress = owner() (#263)
- initAddrs(addrs) (#234)
- returnAddress = owner() (#264)
Reentrancy in LongTaiTou.initIRouter() (#267-271):
External calls:
- uniswapPair = IFactory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#269)
State variables written after the call(s):
- isExcludeFee[uniswapPair] = true (#270)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in LongTaiTou._transfer(address,address,uint256) (#272-298):
External calls:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountDesire,0,path,to,block.timestamp) (#410)
External calls sending eth:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#134)
- super._move(from,address(this),feeAmount) (#292)
Reentrancy in LongTaiTou._transfer(address,address,uint256) (#272-298):
External calls:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountDesire,0,path,to,block.timestamp) (#410)
- distributeDogeToken() (#293)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#337-343)
- token.transfer(dogePrizeList[i],dogePrizePerUser) (#321)
- token.transfer(devDogeAddress,token.balanceOf(address(this))) (#324)
External calls sending eth:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
Event emitted after the call(s):
- DistributeDogeToken(dogePrizeList[i],dogePrizePerUser) (#322)
- distributeDogeToken() (#293)
- Transfer(sender,recipient,amount) (#134)
- super._transfer(from,to,amount - feeAmount) (#297)
Reentrancy in LongTaiTou.aliasDoge() (#312-325):
External calls:
- token.transfer(dogePrizeList[i],dogePrizePerUser) (#321)
Event emitted after the call(s):
- DistributeDogeToken(dogePrizeList[i],dogePrizePerUser) (#322)
Reentrancy in LongTaiTou.constructor(address,address,address[]) (#227-238):
External calls:
- initIRouter() (#233)
- uniswapPair = IFactory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#269)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#156)
- _approve(owner(),address(uniswapV2Router),~ uint256(0)) (#237)
- Approval(owner,spender,amount) (#156)
- _approve(address(this),address(uniswapV2Router),~ uint256(0)) (#236)
- Transfer(address(0),account,amount) (#141)
- super._mint(owner(),100000000000000000000000000) (#235)
Reentrancy in LongTaiTou.distributeDogeToken() (#299-311):
External calls:
- swapTokensForDoge(amountDesire) (#308)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#337-343)
- aliasDoge() (#309)
- token.transfer(dogePrizeList[i],dogePrizePerUser) (#321)
- token.transfer(devDogeAddress,token.balanceOf(address(this))) (#324)
Event emitted after the call(s):
- DistributeDogeToken(dogePrizeList[i],dogePrizePerUser) (#322)
- aliasDoge() (#309)
Apply the check-effects-interactions pattern.
Additional information: link
LongTaiTou._transfer(address,address,uint256) (#272-298) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp < limitTimeBefore (#277)
- block.timestamp < limitTimeBefore (#288)
Avoid relying on block.timestamp.
Additional information: link
Context._msgData() (#38-41) is never used and should be removed
ERC20._afterTokenTransfer(address,address,uint256) (#159) is never used and should be removed
ERC20._burn(address,uint256) (#143-151) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#2) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Function IRouter.WETH() (#5) is not in mixedCase
Contract system (#177-184) is not in CapWords
Parameter system.rescueLossToken(IERC20,address)._recipient (#180) is not in mixedCase
Parameter system.rescueLossChain(address)._recipient (#181) is not in mixedCase
Parameter system.rescueLossTokenWithAmount(IERC20,address,uint256)._recipient (#182) is not in mixedCase
Parameter system.rescueLossChainWithAmount(address,uint256)._recipient (#183) is not in mixedCase
Variable LongTaiTou.DogeContract (#212) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#39)" inContext (#34-42)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in LongTaiTou._transfer(address,address,uint256) (#272-298):
External calls:
- swapped = handSwap() (#290)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
External calls sending eth:
- swapped = handSwap() (#290)
- uniswapV2Router.addLiquidityETH{value: ethLiquidityAmount}(address(this),tokenLiquidityAmount,0,0,returnAddress,block.timestamp) (#395-402)
- address(marketAddress).transfer(address(this).balance / 3) (#403)
- address(devEthAddress).transfer(address(this).balance) (#404)
- address(devEthAddress).transfer(address(this).balance) (#386)
State variables written after the call(s):
- super._move(from,address(this),feeAmount) (#292)
- _balances[sender] = senderBalance - amount (#132)
- _balances[recipient] += amount (#133)
- super._transfer(from,to,amount - feeAmount) (#297)
- _balances[sender] = senderBalance - amount (#132)
- _balances[recipient] += amount (#133)
- distributeDogeToken() (#293)
- dogePoolTotal = 0 (#307)
- handDogeFees(amount) (#294)
- dogePoolTotal += feePoolAmount (#375)
- super._transfer(from,to,amount - feeAmount) (#297)
- dogePrizeList.push(user) (#358)
- dogePrizeList[i] = dogePrizeList[dogePrizeList.length - 1] (#365)
- dogePrizeList.pop() (#366)
- super._transfer(from,to,amount - feeAmount) (#297)
- isInDogePrizeList[user] = true (#357)
- isInDogePrizeList[user] = false (#362)
Event emitted after the call(s):
- DistributeDogeToken(dogePrizeList[i],dogePrizePerUser) (#322)
- distributeDogeToken() (#293)
- Transfer(sender,recipient,amount) (#134)
- super._move(from,address(this),feeAmount) (#292)
- Transfer(sender,recipient,amount) (#134)
- super._transfer(from,to,amount - feeAmount) (#297)
Reentrancy in LongTaiTou.handSwap() (#377-392):
External calls:
- address(devEthAddress).transfer(address(this).balance) (#386)
State variables written after the call(s):
- _handSwap(amountDesire,address(this)) (#387)
- _status = _ENTERED (#171)
- _status = _NOT_ENTERED (#173)
Apply the check-effects-interactions pattern.
Additional information: link
LongTaiTou.slitherConstructorVariables() (#200-427) uses literals with too many digits:
- dogePrizeThreshold = 100000000000000000000000 (#216)
LongTaiTou.slitherConstructorVariables() (#200-427) uses literals with too many digits:
- limitBuyAmount = 200000000000000000000000000000 (#223)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
LongTaiTou.limitSeconds (#224) is never used in LongTaiTou (#200-427)
LongTaiTou.burnRate (#225) is never used in LongTaiTou (#200-427)
Remove unused state variables.
Additional information: link
LongTaiTou.burnRate (#225) should be constant
LongTaiTou.divBase (#220) should be constant
LongTaiTou.dogePrizeThreshold (#216) should be constant
LongTaiTou.dogeSwapThreshold (#215) should be constant
LongTaiTou.limitBuyAmount (#223) should be constant
LongTaiTou.limitSeconds (#224) should be constant
LongTaiTou.limitTimeBefore (#222) should be constant
LongTaiTou.swapThreshold (#219) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#56-58)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#59-62)
name() should be declared external:
- ERC20.name() (#79-81)
symbol() should be declared external:
- ERC20.symbol() (#82-84)
decimals() should be declared external:
- ERC20.decimals() (#85-87)
totalSupply() should be declared external:
- ERC20.totalSupply() (#88-90)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#94-97)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#98-100)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#101-104)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#105-111)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#112-115)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#116-121)
markBot(address,bool) should be declared external:
- BotKiller.markBot(address,bool) (#192)
markBots(address[],bool) should be declared external:
- BotKiller.markBots(address[],bool) (#193-197)
isBot(address) should be declared external:
- BotKiller.isBot(address) (#198)
swapStart(bool) should be declared external:
- LongTaiTou.swapStart(bool) (#239-241)
closeBotCheck() should be declared external:
- LongTaiTou.closeBotCheck() (#242-244)
closeBotCheckAndPause() should be declared external:
- LongTaiTou.closeBotCheckAndPause() (#245-248)
getDogePrizeListLength() should be declared external:
- LongTaiTou.getDogePrizeListLength() (#345-347)
airdrop(uint256,address[]) should be declared external:
- LongTaiTou.airdrop(uint256,address[]) (#421-425)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Twitter account
Telegram account has relatively few subscribers
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account