Do you wanna join Metaverse? 🧙 The safest launchpad for blockchain projects in the Web3. Be part of our community and enjoy our products. ❤️
MetaWeb3Pad.claimStuckTokens(address) (#533-542) sends eth to arbitrary user
Dangerous calls:
- address(msg.sender).transfer(address(this).balance) (#536)
MetaWeb3Pad.sendBNB(address,uint256) (#548-553) sends eth to arbitrary user
Dangerous calls:
- (success) = recipient.call{value: amount}() (#551)
MetaWeb3Pad.swapAndLiquify(uint256) (#794-823) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in MetaWeb3Pad._transfer(address,address,uint256) (#691-791):
External calls:
- swapAndLiquify(liquidityTokens) (#735)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#804-809)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(contractTokenBalance,0,path,address(this),block.timestamp) (#748-753)
- sendBNB(address(marketingWallet),marketingBNB) (#759)
- (success) = recipient.call{value: amount}() (#551)
External calls sending eth:
- swapAndLiquify(liquidityTokens) (#735)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
- sendBNB(address(marketingWallet),marketingBNB) (#759)
- (success) = recipient.call{value: amount}() (#551)
State variables written after the call(s):
- super._transfer(from,address(this),fees) (#787)
- _balances[sender] = senderBalance - amount (#172)
- _balances[recipient] += amount (#174)
- super._transfer(from,to,amount) (#790)
- _balances[sender] = senderBalance - amount (#172)
- _balances[recipient] += amount (#174)
- swapping = false (#765)
Apply the check-effects-interactions pattern.
Additional information: link
MetaWeb3Pad.claimStuckTokens(address) (#533-542) ignores return value by ERC20token.transfer(msg.sender,balance) (#541)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Contract ownership is not renounced (belongs to a wallet)
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains
MetaWeb3Pad._transfer(address,address,uint256).liquidityTokens (#732) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
MetaWeb3Pad.swapAndLiquify(uint256) (#794-823) ignores return value by uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
Ensure that all the return values of the function calls are used.
Additional information: link
MetaWeb3Pad._setOperator(address) (#583-586) should emit an event for:
- operator = _operator (#585)
Emit an event for critical parameter changes.
Additional information: link
MetaWeb3Pad.setSwapTokensAtAmount(uint256) (#686-689) should emit an event for:
- swapTokensAtAmount = newAmount (#688)
Emit an event for critical parameter changes.
Additional information: link
MetaWeb3Pad.constructor(address,address)._uniswapV2Pair (#496-497) lacks a zero-check on :
- uniswapV2Pair = _uniswapV2Pair (#500)
MetaWeb3Pad.updateUniswapV2Router(address)._uniswapV2Pair (#565-566) lacks a zero-check on :
- uniswapV2Pair = _uniswapV2Pair (#567)
Check that the address is not zero.
Additional information: link
MetaWeb3Pad.setSwapTokensAtAmount(uint256) (#686-689) uses literals with too many digits:
- require(bool,string)(newAmount > totalSupply() / 100000,SwapTokensAtAmount must be greater than 0.001% of total supply) (#687)
MetaWeb3Pad.slitherConstructorVariables() (#434-825) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#456)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
MetaWeb3Pad.DEAD (#456) should be constant
MetaWeb3Pad.swapEnabled (#461) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
Reentrancy in MetaWeb3Pad.constructor(address,address) (#485-522):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#496-497)
State variables written after the call(s):
- _approve(address(this),address(uniswapV2Router),type()(uint256).max) (#502)
- _allowances[owner][spender] = amount (#218)
- _isExcludedFromFees[newOwner] = true (#505)
- _isExcludedFromFees[owner()] = true (#506)
- _isExcludedFromFees[DEAD] = true (#507)
- _isExcludedFromFees[address(this)] = true (#508)
- _isExcludedMaxTxn[newOwner] = true (#515)
- _isExcludedMaxTxn[owner()] = true (#516)
- _isExcludedMaxTxn[DEAD] = true (#517)
- _isExcludedMaxTxn[address(this)] = true (#518)
- _isExcludedMaxWallet[newOwner] = true (#510)
- _isExcludedMaxWallet[owner()] = true (#511)
- _isExcludedMaxWallet[DEAD] = true (#512)
- _isExcludedMaxWallet[address(this)] = true (#513)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#503)
- automatedMarketMakerPairs[pair] = value (#578)
- swapTokensAtAmount = totalSupply() / 5000 (#521)
- swapWithLimit = false (#520)
- uniswapV2Pair = _uniswapV2Pair (#500)
- uniswapV2Router = _uniswapV2Router (#499)
Reentrancy in MetaWeb3Pad.updateUniswapV2Router(address) (#561-568):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#565-566)
State variables written after the call(s):
- uniswapV2Pair = _uniswapV2Pair (#567)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in MetaWeb3Pad._transfer(address,address,uint256) (#691-791):
External calls:
- swapAndLiquify(liquidityTokens) (#735)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#804-809)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(contractTokenBalance,0,path,address(this),block.timestamp) (#748-753)
- sendBNB(address(marketingWallet),marketingBNB) (#759)
- (success) = recipient.call{value: amount}() (#551)
External calls sending eth:
- swapAndLiquify(liquidityTokens) (#735)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
- sendBNB(address(marketingWallet),marketingBNB) (#759)
- (success) = recipient.call{value: amount}() (#551)
Event emitted after the call(s):
- ProcessMarketingTax(marketingBNB) (#761)
- Transfer(sender,recipient,amount) (#176)
- super._transfer(from,address(this),fees) (#787)
- Transfer(sender,recipient,amount) (#176)
- super._transfer(from,to,amount) (#790)
Reentrancy in MetaWeb3Pad.constructor(address,address) (#485-522):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#496-497)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#219)
- _approve(address(this),address(uniswapV2Router),type()(uint256).max) (#502)
- SetAutomatedMarketMakerPair(pair,value) (#580)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#503)
Reentrancy in MetaWeb3Pad.swapAndLiquify(uint256) (#794-823):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(half,0,path,address(this),block.timestamp) (#804-809)
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
External calls sending eth:
- uniswapV2Router.addLiquidityETH{value: newBalance}(address(this),otherHalf,0,0,DEAD,block.timestamp) (#813-820)
Event emitted after the call(s):
- SwapAndLiquify(half,newBalance,otherHalf) (#822)
Apply the check-effects-interactions pattern.
Additional information: link
Context._msgData() (#39-42) is never used and should be removed
ERC20._burn(address,uint256) (#193-208) is never used and should be removed
Remove unused functions.
Additional information: link
MetaWeb3Pad._totalFeesOnBuy (#441) is set pre-construction with a non-constant function or state variable:
- lpTaxOnBuy + marketingTaxOnBuy
MetaWeb3Pad._totalFeesOnSell (#442) is set pre-construction with a non-constant function or state variable:
- lpTaxOnSell + marketingTaxOnSell
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version0.8.15 (#10) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.15 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in MetaWeb3Pad.sendBNB(address,uint256) (#548-553):
- (success) = recipient.call{value: amount}() (#551)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#263) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#264) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#281) is not in mixedCase
Function IUniswapV2Router01.WETH() (#301) is not in mixedCase
Function MetaWeb3Pad._openTrading() (#556-559) is not in mixedCase
Function MetaWeb3Pad._setOperator(address) (#583-586) is not in mixedCase
Parameter MetaWeb3Pad._setOperator(address)._operator (#583) is not in mixedCase
Parameter MetaWeb3Pad.updateBuyFees(uint256,uint256)._lpTaxOnBuy (#630) is not in mixedCase
Parameter MetaWeb3Pad.updateBuyFees(uint256,uint256)._marketingTaxOnBuy (#630) is not in mixedCase
Parameter MetaWeb3Pad.updateSellFees(uint256,uint256)._lpTaxOnSell (#641) is not in mixedCase
Parameter MetaWeb3Pad.updateSellFees(uint256,uint256)._marketingTaxOnSell (#641) is not in mixedCase
Parameter MetaWeb3Pad.changeMarketingWallet(address)._marketingWallet (#679) is not in mixedCase
Variable MetaWeb3Pad.DEAD (#456) is not in mixedCase
Variable MetaWeb3Pad._isExcludedMaxTxn (#467) is not in mixedCase
Variable MetaWeb3Pad._isExcludedMaxWallet (#468) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#40)" inContext (#34-43)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#306) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#307)
Prevent variables from having similar names.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#65-68)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#70-74)
name() should be declared external:
- ERC20.name() (#92-94)
symbol() should be declared external:
- ERC20.symbol() (#96-98)
decimals() should be declared external:
- ERC20.decimals() (#100-102)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#112-115)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#117-119)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#121-124)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#126-142)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#144-147)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#149-157)
_openTrading() should be declared external:
- MetaWeb3Pad._openTrading() (#556-559)
setAutomatedMarketMakerPair(address,bool) should be declared external:
- MetaWeb3Pad.setAutomatedMarketMakerPair(address,bool) (#570-574)
excludeFromLimits(address,bool) should be declared external:
- MetaWeb3Pad.excludeFromLimits(address,bool) (#596-602)
isExcludedFromFees(address) should be declared external:
- MetaWeb3Pad.isExcludedFromFees(address) (#604-606)
isExcludedMaxTxn(address) should be declared external:
- MetaWeb3Pad.isExcludedMaxTxn(address) (#608-610)
isExcludedMaxWallet(address) should be declared external:
- MetaWeb3Pad.isExcludedMaxWallet(address) (#612-614)
Use the external attribute for functions never called from the contract.
Additional information: link
BscScan page for the token does not contain additional info: website, socials, description, etc.
Additional information: link
Unable to find token on CoinGecko
Additional information: link
Unable to find token on CoinMarketCap
Additional information: link
Token is not listed at Mobula.Finance
Additional information: link
Unable to find token on CoinHunt
Additional information: link
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account
Twitter account has few posts