Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
McDollarKing.addLiquidity(uint256,uint256) (#570-583) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in McDollarKing._transfer(address,address,uint256) (#466-513):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#504)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
- swapAndLiquify(swapTokensAtAmount,taxes) (#505)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#504)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- swapAndLiquify(swapTokensAtAmount,taxes) (#505)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#512)
- _rOwned[address(this)] += rMarketing (#377)
- _rOwned[address(this)] += rLiquidity (#367)
- _rOwned[address(this)] += rDonation (#387)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#528)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#529)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#512)
- _rTotal -= rRfi (#356)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#512)
- _tOwned[sender] = _tOwned[sender] - tAmount (#522)
- _tOwned[address(this)] += tDonation (#385)
- _tOwned[address(this)] += tMarketing (#375)
- _tOwned[address(this)] += tLiquidity (#365)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#525)
Apply the check-effects-interactions pattern.
Additional information: link
McDollarKing.rescueAnyBEP20Tokens(address,address,uint256) (#674-676) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#675)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
McDollarKing.swapAndLiquify(uint256,McDollarKing.Taxes) (#542-568) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#552)
-bnbToAddLiquidityWith = unitBalance * temp.liquidity (#553)
McDollarKing.swapAndLiquify(uint256,McDollarKing.Taxes) (#542-568) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#552)
-marketingAmt = unitBalance * 2 * temp.marketing (#560)
McDollarKing.swapAndLiquify(uint256,McDollarKing.Taxes) (#542-568) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#552)
-donationAmt = unitBalance * 2 * temp.donation (#564)
Consider ordering multiplication before division.
Additional information: link
McDollarKing.addLiquidity(uint256,uint256) (#570-583) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
Ensure that all the return values of the function calls are used.
Additional information: link
McDollarKing.allowance(address,address).owner (#246) shadows:
- Ownable.owner() (#47-49) (function)
McDollarKing._approve(address,address,uint256).owner (#459) shadows:
- Ownable.owner() (#47-49) (function)
Rename the local variables that shadow another component.
Additional information: link
McDollarKing.updateCooldown(bool,uint256) (#625-628) should emit an event for:
- coolDownTime = time * 1 (#626)
McDollarKing.updateSwapTokensAtAmount(uint256) (#630-632) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#631)
McDollarKing.updateMaxTxLimit(uint256,uint256) (#653-656) should emit an event for:
- maxBuyLimit = maxBuy * 10 ** decimals() (#654)
- maxSellLimit = maxSell * 10 ** decimals() (#655)
McDollarKing.updateMaxWalletlimit(uint256) (#658-660) should emit an event for:
- maxWalletLimit = amount * 10 ** decimals() (#659)
Emit an event for critical parameter changes.
Additional information: link
McDollarKing.constructor(address)._pair (#202-203) lacks a zero-check on :
- pair = _pair (#206)
McDollarKing.updateMarketingWallet(address).newWallet (#616) lacks a zero-check on :
- marketingWallet = newWallet (#617)
McDollarKing.updateDonationWallet(address).newWallet (#620) lacks a zero-check on :
- donationWallet = newWallet (#621)
McDollarKing.updateRouterAndPair(address,address).newPair (#662) lacks a zero-check on :
- pair = newPair (#664)
Check that the address is not zero.
Additional information: link
Reentrancy in McDollarKing._transfer(address,address,uint256) (#466-513):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#504)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
- swapAndLiquify(swapTokensAtAmount,taxes) (#505)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#504)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- swapAndLiquify(swapTokensAtAmount,taxes) (#505)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#512)
- totFeesPaid.donation += tDonation (#381)
- totFeesPaid.marketing += tMarketing (#371)
- totFeesPaid.liquidity += tLiquidity (#361)
- totFeesPaid.rfi += tRfi (#357)
Reentrancy in McDollarKing.constructor(address) (#200-223):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#202-203)
State variables written after the call(s):
- excludeFromReward(pair) (#208)
- _excluded.push(account) (#317)
- excludeFromReward(pair) (#208)
- _isExcluded[account] = true (#316)
- _isExcludedFromFee[address(this)] = true (#211)
- _isExcludedFromFee[owner()] = true (#212)
- _isExcludedFromFee[marketingWallet] = true (#213)
- _isExcludedFromFee[donationWallet] = true (#214)
- _rOwned[owner()] = _rTotal (#210)
- excludeFromReward(pair) (#208)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#314)
- allowedTransfer[address(this)] = true (#216)
- allowedTransfer[owner()] = true (#217)
- allowedTransfer[pair] = true (#218)
- allowedTransfer[marketingWallet] = true (#219)
- allowedTransfer[donationWallet] = true (#220)
- pair = _pair (#206)
- router = _router (#205)
Reentrancy in McDollarKing.swapAndLiquify(uint256,McDollarKing.Taxes) (#542-568):
External calls:
- swapTokensForBNB(toSwap) (#549)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#557)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#557)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#557)
- _allowances[owner][spender] = amount (#462)
Reentrancy in McDollarKing.transferFrom(address,address,uint256) (#255-263):
External calls:
- _transfer(sender,recipient,amount) (#256)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
External calls sending eth:
- _transfer(sender,recipient,amount) (#256)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#260)
- _allowances[owner][spender] = amount (#462)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in McDollarKing._transfer(address,address,uint256) (#466-513):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#504)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
- swapAndLiquify(swapTokensAtAmount,taxes) (#505)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#504)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- swapAndLiquify(swapTokensAtAmount,taxes) (#505)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
Event emitted after the call(s):
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing + s.tDonation) (#534)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#512)
- Transfer(sender,recipient,s.tTransferAmount) (#538)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#512)
Reentrancy in McDollarKing.constructor(address) (#200-223):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#202-203)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#222)
Reentrancy in McDollarKing.swapAndLiquify(uint256,McDollarKing.Taxes) (#542-568):
External calls:
- swapTokensForBNB(toSwap) (#549)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#557)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#557)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#463)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#557)
Reentrancy in McDollarKing.transferFrom(address,address,uint256) (#255-263):
External calls:
- _transfer(sender,recipient,amount) (#256)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#594-600)
- address(marketingWallet).sendValue(marketingAmt) (#562)
- address(donationWallet).sendValue(donationAmt) (#566)
External calls sending eth:
- _transfer(sender,recipient,amount) (#256)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#575-582)
- (success) = recipient.call{value: amount}() (#100)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#463)
- _approve(sender,_msgSender(),currentAllowance - amount) (#260)
Apply the check-effects-interactions pattern.
Additional information: link
McDollarKing._transfer(address,address,uint256) (#466-513) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(timePassed >= coolDownTime,Cooldown enabled) (#493)
Avoid relying on block.timestamp.
Additional information: link
McDollarKing.setTradingStatus(bool) (#299-303) compares to a boolean constant:
-state == true && genesis_block == 0 (#302)
Remove the equality to the boolean constant.
Additional information: link
McDollarKing.includeInReward(address) (#320-331) has costly operations inside a loop:
- _excluded.pop() (#327)
McDollarKing._reflectRfi(uint256,uint256) (#355-358) has costly operations inside a loop:
- _rTotal -= rRfi (#356)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#32-35) is never used and should be removed
Remove unused functions.
Additional information: link
McDollarKing._tTotal (#142) is set pre-construction with a non-constant function or state variable:
- initialsupply * 10 ** _decimals
McDollarKing._rTotal (#143) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#97-102):
- (success) = recipient.call{value: amount}() (#100)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IRouter.WETH() (#78) is not in mixedCase
Struct McDollarKing.valuesFromGetValues (#177-189) is not in CapWords
Parameter McDollarKing.setTaxes(uint256,uint256,uint256,uint256)._rfi (#345) is not in mixedCase
Parameter McDollarKing.setTaxes(uint256,uint256,uint256,uint256)._marketing (#345) is not in mixedCase
Parameter McDollarKing.setTaxes(uint256,uint256,uint256,uint256)._liquidity (#345) is not in mixedCase
Parameter McDollarKing.setTaxes(uint256,uint256,uint256,uint256)._donation (#345) is not in mixedCase
Parameter McDollarKing.setSellTaxes(uint256,uint256,uint256,uint256)._rfi (#350) is not in mixedCase
Parameter McDollarKing.setSellTaxes(uint256,uint256,uint256,uint256)._marketing (#350) is not in mixedCase
Parameter McDollarKing.setSellTaxes(uint256,uint256,uint256,uint256)._liquidity (#350) is not in mixedCase
Parameter McDollarKing.setSellTaxes(uint256,uint256,uint256,uint256)._donation (#350) is not in mixedCase
Parameter McDollarKing.updateSwapEnabled(bool)._enabled (#634) is not in mixedCase
Parameter McDollarKing.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#674) is not in mixedCase
Parameter McDollarKing.rescueAnyBEP20Tokens(address,address,uint256)._to (#674) is not in mixedCase
Parameter McDollarKing.rescueAnyBEP20Tokens(address,address,uint256)._amount (#674) is not in mixedCase
Constant McDollarKing._decimals (#138) is not in UPPER_CASE_WITH_UNDERSCORES
Variable McDollarKing.genesis_block (#150) is not in mixedCase
Constant McDollarKing._name (#155) is not in UPPER_CASE_WITH_UNDERSCORES
Constant McDollarKing._symbol (#156) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#33)" inContext (#27-36)
Remove redundant statements if they congest code but offer no value.
Additional information: link
McDollarKing.initialsupply (#141) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#56-58)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#60-63)
name() should be declared external:
- McDollarKing.name() (#226-228)
symbol() should be declared external:
- McDollarKing.symbol() (#229-231)
totalSupply() should be declared external:
- McDollarKing.totalSupply() (#237-239)
allowance(address,address) should be declared external:
- McDollarKing.allowance(address,address) (#246-248)
approve(address,uint256) should be declared external:
- McDollarKing.approve(address,uint256) (#250-253)
transferFrom(address,address,uint256) should be declared external:
- McDollarKing.transferFrom(address,address,uint256) (#255-263)
increaseAllowance(address,uint256) should be declared external:
- McDollarKing.increaseAllowance(address,uint256) (#265-268)
decreaseAllowance(address,uint256) should be declared external:
- McDollarKing.decreaseAllowance(address,uint256) (#270-276)
transfer(address,uint256) should be declared external:
- McDollarKing.transfer(address,uint256) (#278-282)
isExcludedFromReward(address) should be declared external:
- McDollarKing.isExcludedFromReward(address) (#284-286)
reflectionFromToken(uint256,bool) should be declared external:
- McDollarKing.reflectionFromToken(uint256,bool) (#288-297)
excludeFromFee(address) should be declared external:
- McDollarKing.excludeFromFee(address) (#333-335)
includeInFee(address) should be declared external:
- McDollarKing.includeInFee(address) (#337-339)
isExcludedFromFee(address) should be declared external:
- McDollarKing.isExcludedFromFee(address) (#341-343)
setTaxes(uint256,uint256,uint256,uint256) should be declared external:
- McDollarKing.setTaxes(uint256,uint256,uint256,uint256) (#345-348)
setSellTaxes(uint256,uint256,uint256,uint256) should be declared external:
- McDollarKing.setSellTaxes(uint256,uint256,uint256,uint256) (#350-353)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- McDollarKing.rescueAnyBEP20Tokens(address,address,uint256) (#674-676)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts