Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
LUCKYSHIB.addLiquidity(uint256,uint256) (#784-797) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in LUCKYSHIB._transfer(address,address,uint256) (#693-731):
External calls:
- swapAndLiquify(contractTokenBalance) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#715)
- recipient.transfer(amount) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#718)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#726)
- finalAmount = takeFee(sender,recipient,amount) (#720-721)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#811)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.
LUCKYSHIB.addLiquidity(uint256,uint256) (#784-797) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
Ensure that all the return values of the function calls are used.
Additional information: link
LUCKYSHIB.allowance(address,address).owner (#548) shadows:
- Ownable.owner() (#182-184) (function)
LUCKYSHIB._approve(address,address,uint256).owner (#571) shadows:
- Ownable.owner() (#182-184) (function)
Rename the local variables that shadow another component.
Additional information: link
LUCKYSHIB.setBuyTaxes(uint256,uint256,uint256) (#591-597) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#596)
LUCKYSHIB.setSellTaxes(uint256,uint256,uint256) (#599-605) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#604)
LUCKYSHIB.setDistributionSettings(uint256,uint256,uint256) (#607-613) should emit an event for:
- _liquidityShare = newLiquidityShare (#608)
- _teamShare = newTeamShare (#610)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#612)
LUCKYSHIB.setMaxTxAmount(uint256) (#615-617) should emit an event for:
- _maxTxAmount = maxTxAmount (#616)
LUCKYSHIB.setWalletLimit(uint256) (#627-629) should emit an event for:
- _walletMax = newLimit (#628)
LUCKYSHIB.setNumTokensBeforeSwap(uint256) (#631-633) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#632)
Emit an event for critical parameter changes.
Additional information: link
LUCKYSHIB.setMarketingWalletAddress(address).newAddress (#635) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#636)
LUCKYSHIB.setTeamWalletAddress(address).newAddress (#639) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#640)
Check that the address is not zero.
Additional information: link
Reentrancy in LUCKYSHIB.changeRouterVersion(address) (#660-677):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#668-669)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#676)
- isWalletLimitExempt[address(uniswapPair)] = true (#675)
- uniswapPair = newPairAddress (#672)
- uniswapV2Router = _uniswapV2Router (#673)
Reentrancy in LUCKYSHIB.constructor() (#498-526):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#502-503)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#506)
- _balances[_msgSender()] = _totalSupply (#524)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#513)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#511)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#512)
- isExcludedFromFee[owner()] = true (#508)
- isExcludedFromFee[address(this)] = true (#509)
- isMarketPair[address(uniswapPair)] = true (#522)
- isTxLimitExempt[owner()] = true (#519)
- isTxLimitExempt[address(this)] = true (#520)
- isWalletLimitExempt[owner()] = true (#515)
- isWalletLimitExempt[address(uniswapPair)] = true (#516)
- isWalletLimitExempt[address(this)] = true (#517)
- uniswapV2Router = _uniswapV2Router (#505)
Reentrancy in LUCKYSHIB.swapAndLiquify(uint256) (#740-762):
External calls:
- swapTokensForEth(tokensForSwap) (#745)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#755)
- recipient.transfer(amount) (#657)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#758)
- recipient.transfer(amount) (#657)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- _allowances[owner][spender] = amount (#575)
Reentrancy in LUCKYSHIB.transferFrom(address,address,uint256) (#687-691):
External calls:
- _transfer(sender,recipient,amount) (#688)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
External calls sending eth:
- _transfer(sender,recipient,amount) (#688)
- recipient.transfer(amount) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#689)
- _allowances[owner][spender] = amount (#575)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in LUCKYSHIB._transfer(address,address,uint256) (#693-731):
External calls:
- swapAndLiquify(contractTokenBalance) (#715)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#715)
- recipient.transfer(amount) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#812)
- finalAmount = takeFee(sender,recipient,amount) (#720-721)
- Transfer(sender,recipient,finalAmount) (#728)
Reentrancy in LUCKYSHIB.constructor() (#498-526):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#502-503)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#525)
Reentrancy in LUCKYSHIB.swapAndLiquify(uint256) (#740-762):
External calls:
- swapTokensForEth(tokensForSwap) (#745)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#755)
- recipient.transfer(amount) (#657)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#758)
- recipient.transfer(amount) (#657)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#576)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
Reentrancy in LUCKYSHIB.swapTokensForEth(uint256) (#764-782):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#781)
Reentrancy in LUCKYSHIB.transferFrom(address,address,uint256) (#687-691):
External calls:
- _transfer(sender,recipient,amount) (#688)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#773-779)
External calls sending eth:
- _transfer(sender,recipient,amount) (#688)
- recipient.transfer(amount) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#576)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#689)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#217-222) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#219)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#113-122) uses assembly
- INLINE ASM (#120)
Address._functionCallWithValue(address,bytes,uint256,string) (#149-166) uses assembly
- INLINE ASM (#158-161)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#149-166) is never used and should be removed
Address.functionCall(address,bytes) (#132-134) is never used and should be removed
Address.functionCall(address,bytes,string) (#136-138) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#140-142) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#144-147) is never used and should be removed
Address.isContract(address) (#113-122) is never used and should be removed
Address.sendValue(address,uint256) (#124-130) is never used and should be removed
Context._msgData() (#40-43) is never used and should be removed
SafeMath.mod(uint256,uint256) (#101-103) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#105-108) is never used and should be removed
Remove unused functions.
Additional information: link
LUCKYSHIB._totalSupply (#462) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** 6 * 10 ** 6 * 10 ** _decimals
LUCKYSHIB._maxTxAmount (#463) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** 6 * 10 ** 6 * 10 ** _decimals
LUCKYSHIB._walletMax (#464) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** 6 * 10 ** 6 * 10 ** _decimals
LUCKYSHIB.minimumTokensBeforeSwap (#465) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** 6 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#124-130):
- (success) = recipient.call{value: amount}() (#128)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#149-166):
- (success,returndata) = target.call{value: weiValue}(data) (#152)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#256) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#257) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#273) is not in mixedCase
Function IUniswapV2Router01.WETH() (#292) is not in mixedCase
Parameter LUCKYSHIB.setSwapAndLiquifyEnabled(bool)._enabled (#643) is not in mixedCase
Variable LUCKYSHIB._balances (#438) is not in mixedCase
Variable LUCKYSHIB._buyLiquidityFee (#446) is not in mixedCase
Variable LUCKYSHIB._buyMarketingFee (#447) is not in mixedCase
Variable LUCKYSHIB._buyTeamFee (#448) is not in mixedCase
Variable LUCKYSHIB._sellLiquidityFee (#450) is not in mixedCase
Variable LUCKYSHIB._sellMarketingFee (#451) is not in mixedCase
Variable LUCKYSHIB._sellTeamFee (#452) is not in mixedCase
Variable LUCKYSHIB._liquidityShare (#454) is not in mixedCase
Variable LUCKYSHIB._marketingShare (#455) is not in mixedCase
Variable LUCKYSHIB._teamShare (#456) is not in mixedCase
Variable LUCKYSHIB._totalTaxIfBuying (#458) is not in mixedCase
Variable LUCKYSHIB._totalTaxIfSelling (#459) is not in mixedCase
Variable LUCKYSHIB._totalDistributionShares (#460) is not in mixedCase
Variable LUCKYSHIB._maxTxAmount (#463) is not in mixedCase
Variable LUCKYSHIB._walletMax (#464) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#41)" inContext (#34-44)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in LUCKYSHIB._transfer(address,address,uint256) (#693-731):
External calls:
- swapAndLiquify(contractTokenBalance) (#715)
- recipient.transfer(amount) (#657)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#715)
- recipient.transfer(amount) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#718)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#726)
- finalAmount = takeFee(sender,recipient,amount) (#720-721)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#811)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#812)
- finalAmount = takeFee(sender,recipient,amount) (#720-721)
- Transfer(sender,recipient,finalAmount) (#728)
Reentrancy in LUCKYSHIB.swapAndLiquify(uint256) (#740-762):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#755)
- recipient.transfer(amount) (#657)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#758)
- recipient.transfer(amount) (#657)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#755)
- recipient.transfer(amount) (#657)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#758)
- recipient.transfer(amount) (#657)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
- _allowances[owner][spender] = amount (#575)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#576)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#761)
Reentrancy in LUCKYSHIB.transferFrom(address,address,uint256) (#687-691):
External calls:
- _transfer(sender,recipient,amount) (#688)
- recipient.transfer(amount) (#657)
External calls sending eth:
- _transfer(sender,recipient,amount) (#688)
- recipient.transfer(amount) (#657)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#789-796)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#689)
- _allowances[owner][spender] = amount (#575)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#576)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#689)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#297) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#298)
Prevent variables from having similar names.
Additional information: link
LUCKYSHIB.slitherConstructorVariables() (#425-819) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#436)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
LUCKYSHIB._decimals (#432) should be constant
LUCKYSHIB._name (#430) should be constant
LUCKYSHIB._symbol (#431) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#191-194)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#196-200)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#202-204)
getTime() should be declared external:
- Ownable.getTime() (#206-208)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#210-215)
unlock() should be declared external:
- Ownable.unlock() (#217-222)
name() should be declared external:
- LUCKYSHIB.name() (#528-530)
symbol() should be declared external:
- LUCKYSHIB.symbol() (#532-534)
decimals() should be declared external:
- LUCKYSHIB.decimals() (#536-538)
totalSupply() should be declared external:
- LUCKYSHIB.totalSupply() (#540-542)
allowance(address,address) should be declared external:
- LUCKYSHIB.allowance(address,address) (#548-550)
increaseAllowance(address,uint256) should be declared external:
- LUCKYSHIB.increaseAllowance(address,uint256) (#552-555)
decreaseAllowance(address,uint256) should be declared external:
- LUCKYSHIB.decreaseAllowance(address,uint256) (#557-560)
minimumTokensBeforeSwapAmount() should be declared external:
- LUCKYSHIB.minimumTokensBeforeSwapAmount() (#562-564)
approve(address,uint256) should be declared external:
- LUCKYSHIB.approve(address,uint256) (#566-569)
setMarketPairStatus(address,bool) should be declared external:
- LUCKYSHIB.setMarketPairStatus(address,bool) (#579-581)
setIsExcludedFromFee(address,bool) should be declared external:
- LUCKYSHIB.setIsExcludedFromFee(address,bool) (#587-589)
setSwapAndLiquifyEnabled(bool) should be declared external:
- LUCKYSHIB.setSwapAndLiquifyEnabled(bool) (#643-646)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- LUCKYSHIB.setSwapAndLiquifyByLimitOnly(bool) (#648-650)
getCirculatingSupply() should be declared external:
- LUCKYSHIB.getCirculatingSupply() (#652-654)
changeRouterVersion(address) should be declared external:
- LUCKYSHIB.changeRouterVersion(address) (#660-677)
transfer(address,uint256) should be declared external:
- LUCKYSHIB.transfer(address,uint256) (#682-685)
transferFrom(address,address,uint256) should be declared external:
- LUCKYSHIB.transferFrom(address,address,uint256) (#687-691)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Token is marked as scam (rug pull, honeypot, phishing, etc.)
Additional information: link
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Twitter account
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account