NB [Nuclear Bomb] Token

NB.swapTokensForUSDT(uint256) (#164-180) ignores return value by c_usdt.transferFrom(tempUSDTaddress,address(this),amounts[1]) (#178)
NB.skim() (#347-350) ignores return value by c_usdt.transfer(msg.sender,usdtBal) (#349)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.

Additional information: link

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

Contract ownership is not renounced (belongs to a wallet)

NB._refPayoutToken(address,address,uint256) (#269-291) performs a multiplication on the result of a division:
-amount /= 1000 (#276)
-totalPayout = amount * (refRewardRate[1] + refRewardRate[2]) - totalPayout (#286)
NB._refPayoutToken(address,address,uint256) (#269-291) performs a multiplication on the result of a division:
-amount /= 1000 (#276)
-reward = amount * refRewardRate[i] (#279)
Consider ordering multiplication before division.

Additional information: link

NB.addLiquidity(uint256,uint256) (#182-195) ignores return value by c_usdt.approve(address(uniswapV2Router),token1Amount) (#184)
NB.addLiquidity(uint256,uint256) (#182-195) ignores return value by uniswapV2Router.addLiquidity(address(this),address(c_usdt),token0Amount,token1Amount,0,0,liquidityAddress,block.timestamp) (#185-194)
Ensure that all the return values of the function calls are used.

Additional information: link

NB.allowance(address,address).owner (#112) shadows:
- Ownable.owner (#17) (state variable)
NB._approve(address,address,uint256).owner (#121) shadows:
- Ownable.owner (#17) (state variable)
Rename the local variables that shadow another component.

Additional information: link

Ownable.transferOwnership(address) (#28-30) should emit an event for:
- owner = newOwner (#29)
Emit an event for critical parameter changes.

Additional information: link

Ownable.transferOwnership(address).newOwner (#28) lacks a zero-check on :
- owner = newOwner (#29)
NB.setPair(address)._pair (#303) lacks a zero-check on :
- pair = _pair (#304)
NB.setTU(address).newTU (#331) lacks a zero-check on :
- tempUSDTaddress = newTU (#332)
Check that the address is not zero.

Additional information: link

NB.setTrade(uint256) (#309-311) should emit an event for:
- tradingEnabledTimestamp = t (#310)
NB.setSell(uint256) (#312-314) should emit an event for:
- maxTokensSellAmount = t (#313)
NB.setBuy(uint256) (#315-317) should emit an event for:
- maxTokensBuyAmount = t (#316)
NB.setL(uint256) (#318-320) should emit an event for:
- numTokensSellToAddToLiquidity = t (#319)
NB.setMinRefNum(uint256) (#327-329) should emit an event for:
- minRefNum = newMinRefNum (#328)
NB.setR(uint256,uint256,uint256,uint256) (#335-341) should emit an event for:
- liquidityRate = l (#337)
- marketRate = m (#338)
Emit an event for critical parameter changes.

Additional information: link

Reentrancy in NB.swapAndLiquify(uint256) (#157-162):
External calls:
- usdtAmount = swapTokensForUSDT(half) (#160)
- amounts = uniswapV2Router.swapExactTokensForTokens(tokenAmount,0,path,tempUSDTaddress,block.timestamp) (#171-177)
- c_usdt.transferFrom(tempUSDTaddress,address(this),amounts[1]) (#178)
- addLiquidity(otherHalf,usdtAmount) (#161)
- c_usdt.approve(address(uniswapV2Router),token1Amount) (#184)
- uniswapV2Router.addLiquidity(address(this),address(c_usdt),token0Amount,token1Amount,0,0,liquidityAddress,block.timestamp) (#185-194)
State variables written after the call(s):
- addLiquidity(otherHalf,usdtAmount) (#161)
- _allowances[owner][spender] = amount (#122)
Reentrancy in NB.transferFrom(address,address,uint256) (#131-139):
External calls:
- _transfer(sender,recipient,amount) (#132)
- c_usdt.approve(address(uniswapV2Router),token1Amount) (#184)
- uniswapV2Router.addLiquidity(address(this),address(c_usdt),token0Amount,token1Amount,0,0,liquidityAddress,block.timestamp) (#185-194)
- amounts = uniswapV2Router.swapExactTokensForTokens(tokenAmount,0,path,tempUSDTaddress,block.timestamp) (#171-177)
- c_usdt.transferFrom(tempUSDTaddress,address(this),amounts[1]) (#178)
State variables written after the call(s):
- _approve(sender,msg.sender,currentAllowance - amount) (#136)
- _allowances[owner][spender] = amount (#122)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in NB.swapAndLiquify(uint256) (#157-162):
External calls:
- usdtAmount = swapTokensForUSDT(half) (#160)
- amounts = uniswapV2Router.swapExactTokensForTokens(tokenAmount,0,path,tempUSDTaddress,block.timestamp) (#171-177)
- c_usdt.transferFrom(tempUSDTaddress,address(this),amounts[1]) (#178)
- addLiquidity(otherHalf,usdtAmount) (#161)
- c_usdt.approve(address(uniswapV2Router),token1Amount) (#184)
- uniswapV2Router.addLiquidity(address(this),address(c_usdt),token0Amount,token1Amount,0,0,liquidityAddress,block.timestamp) (#185-194)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#123)
- addLiquidity(otherHalf,usdtAmount) (#161)
Reentrancy in NB.transferFrom(address,address,uint256) (#131-139):
External calls:
- _transfer(sender,recipient,amount) (#132)
- c_usdt.approve(address(uniswapV2Router),token1Amount) (#184)
- uniswapV2Router.addLiquidity(address(this),address(c_usdt),token0Amount,token1Amount,0,0,liquidityAddress,block.timestamp) (#185-194)
- amounts = uniswapV2Router.swapExactTokensForTokens(tokenAmount,0,path,tempUSDTaddress,block.timestamp) (#171-177)
- c_usdt.transferFrom(tempUSDTaddress,address(this),amounts[1]) (#178)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#123)
- _approve(sender,msg.sender,currentAllowance - amount) (#136)
Apply the check-effects-interactions pattern.

Additional information: link

NB._transfer(address,address,uint256) (#197-237) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp >= tradingEnabledTimestamp,trade not open) (#215)
- block.timestamp <= tradingEnabledTimestamp + 9 (#216)
Avoid relying on block.timestamp.

Additional information: link

Parameter NB.setPair(address)._pair (#303) is not in mixedCase
Variable NB.c_usdt (#57) is not in mixedCase
Function IPancakeRouter01.WETH() (#355) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Variable NB.addLiquidity(uint256,uint256).token0Amount (#182) is too similar to NB.addLiquidity(uint256,uint256).token1Amount (#182)
Variable IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#360) is too similar to IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#361)
Prevent variables from having similar names.

Additional information: link

NB.constructor() (#68-90) uses literals with too many digits:
- total = 15000000 * 10 ** 18 (#76)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

NB.liquidityAddress (#47) should be constant
NB.marketAddress (#48) should be constant
NB.refAddress (#49) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#28-30)
totalSupply() should be declared external:
- NB.totalSupply() (#104-106)
Use the external attribute for functions never called from the contract.

Additional information: link

Token is deployed only at one blockchain

BscScan page for the token does not contain additional info: website, socials, description, etc.

Additional information: link

Unable to find token on CoinGecko

Additional information: link

Unable to find token contract audit

Unable to find audit link on the website

Unable to find token on CoinHunt

Additional information: link

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of scam / price dump / death

Token has no active CoinGecko listing / rank

Alexa traffic rank is relatively low

Additional information: link