Our goal here at NiFTi is to pioneer the way and create a platform with an easy to use interface, where NFT and crypto enthusiasts can come and have a like minded experience.
This platform will be the first to give everyone the opportunity to engage with one another, all while being able to “buy/sell/trade”, while scrolling their feed. Not just any feed, a feed personalized by the user, based upon “friends/influencers/other social media & NFT platforms”.
NiFTi.contractSwap(uint256) (#561-611) sends eth to arbitrary user
Dangerous calls:
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _taxWallets.marketing.transfer(marketingBalance) (#606)
- developmentWallet.transfer(developmentBalance) (#609)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in NiFTi._transfer(address,address,uint256) (#507-559):
External calls:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(swapAmt,0,path,address(this),block.timestamp) (#578-584)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
External calls sending eth:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _taxWallets.marketing.transfer(marketingBalance) (#606)
- developmentWallet.transfer(developmentBalance) (#609)
State variables written after the call(s):
- lastSwap = block.timestamp (#553)
Reentrancy in NiFTi._transfer(address,address,uint256) (#507-559):
External calls:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(swapAmt,0,path,address(this),block.timestamp) (#578-584)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
External calls sending eth:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _taxWallets.marketing.transfer(marketingBalance) (#606)
- developmentWallet.transfer(developmentBalance) (#609)
State variables written after the call(s):
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _liquidityHolders[from] = true (#616)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _rOwned[from] -= values.rAmount (#721)
- _rOwned[to] += values.rTransferAmount (#722)
- _rOwned[address(this)] += values.tSwap * values.currentRate (#795)
- _rOwned[_taxWallets.treasury] += values.tTreasury * values.currentRate (#803)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _rTotal -= values.rFee (#732)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _tOwned[from] = _tOwned[from] - tAmount (#725)
- _tOwned[to] = _tOwned[to] + values.tTransferAmount (#728)
- _tOwned[address(this)] += values.tSwap (#797)
- _tOwned[_taxWallets.treasury] += values.tTreasury (#805)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- contractSwapEnabled = true (#621)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ownership is not renounced (belongs to a wallet)
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool).check (#748) is a local variable never initialized
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool).checked (#747) is a local variable never initialized
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool).values (#740) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
NiFTi.setLpPair(address,bool) (#342-354) uses timestamp for comparisons
Dangerous comparisons:
- timeSinceLastPair != 0 (#347)
- require(bool,string)(block.timestamp - timeSinceLastPair > 259200,3 Day cooldown.!) (#348)
NiFTi._transfer(address,address,uint256) (#507-559) uses timestamp for comparisons
Dangerous comparisons:
- lastSwap + contractSwapTimer < block.timestamp (#548)
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) uses timestamp for comparisons
Dangerous comparisons:
- dayTradingPenaltyEnabled && lastSellTime[from] + dayTraderTimeLimit > block.timestamp (#767)
Avoid relying on block.timestamp.
Additional information: link
NiFTi._checkLiquidityAdd(address,address) (#613-624) has costly operations inside a loop:
- _hasLiqBeenAdded = true (#617)
NiFTi._checkLiquidityAdd(address,address) (#613-624) has costly operations inside a loop:
- antiSnipe = AntiSnipe(address(this)) (#619)
NiFTi._checkLiquidityAdd(address,address) (#613-624) has costly operations inside a loop:
- contractSwapEnabled = true (#621)
NiFTi._finalizeTransfer(address,address,uint256,bool,bool,bool,bool) (#711-737) has costly operations inside a loop:
- _rTotal -= values.rFee (#732)
NiFTi.setExcludedFromReward(address,bool) (#656-690) has costly operations inside a loop:
- _excluded.pop() (#684)
Use a local variable to hold the loop computation result.
Additional information: link
Pragma version>=0.6.0<0.9.0 (#2) is too complex
solc-0.8.13 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
renounceOwnership() should be declared external:
- NiFTi.renounceOwnership() (#277-281)
transfer(address,uint256) should be declared external:
- NiFTi.transfer(address,uint256) (#298-301)
approve(address,uint256) should be declared external:
- NiFTi.approve(address,uint256) (#303-306)
approveContractContingency() should be declared external:
- NiFTi.approveContractContingency() (#316-319)
setNewRouter(address) should be declared external:
- NiFTi.setNewRouter(address) (#329-340)
isBlacklisted(address) should be declared external:
- NiFTi.isBlacklisted(address) (#390-392)
getMaxTX() should be declared external:
- NiFTi.getMaxTX() (#453-455)
getMaxWallet() should be declared external:
- NiFTi.getMaxWallet() (#457-459)
enableTrading() should be declared external:
- NiFTi.enableTrading() (#626-637)
isExcludedFromReward(address) should be declared external:
- NiFTi.isExcludedFromReward(address) (#652-654)
Use the external attribute for functions never called from the contract.
Additional information: link
Contract ticker ($NiFTi) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
NiFTi.contractSwap(uint256) (#561-611) performs a multiplication on the result of a division:
-toLiquify = ((contractTokenBalance * ratios.liquidity) / ratios.totalSwap) / 2 (#571)
-liquidityBalance = (amtBalance * toLiquify) / swapAmt (#587)
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) performs a multiplication on the result of a division:
-feeAmount = (tAmount * currentFee) / masterTaxDivisor (#777)
-values.tFee = (feeAmount * ratios.reflection) / total (#779)
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) performs a multiplication on the result of a division:
-feeAmount = (tAmount * currentFee) / masterTaxDivisor (#777)
-values.tTreasury = (feeAmount * ratios.treasury) / total (#780)
Consider ordering multiplication before division.
Additional information: link
Reentrancy in NiFTi._finalizeTransfer(address,address,uint256,bool,bool,bool,bool) (#711-737):
External calls:
- values = takeTaxes(from,to,tAmount,takeFee,buy,sell,other) (#719)
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
State variables written after the call(s):
- _rOwned[from] -= values.rAmount (#721)
- _rOwned[to] += values.rTransferAmount (#722)
- _rTotal -= values.rFee (#732)
- _tOwned[from] = _tOwned[from] - tAmount (#725)
- _tOwned[to] = _tOwned[to] + values.tTransferAmount (#728)
Reentrancy in NiFTi.enableTrading() (#626-637):
External calls:
- antiSnipe.setLaunch(lpPair,uint32(block.number),uint64(block.timestamp),_decimals) (#632)
State variables written after the call(s):
- tradingEnabled = true (#633)
Reentrancy in NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812):
External calls:
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
State variables written after the call(s):
- _rOwned[address(this)] += values.tSwap * values.currentRate (#795)
- _rOwned[_taxWallets.treasury] += values.tTreasury * values.currentRate (#803)
- _tOwned[address(this)] += values.tSwap (#797)
- _tOwned[_taxWallets.treasury] += values.tTreasury (#805)
Reentrancy in NiFTi.transferOwner(address) (#262-275):
External calls:
- _finalizeTransfer(_owner,newOwner,balanceOf(_owner),false,false,false,true) (#269)
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
State variables written after the call(s):
- _owner = newOwner (#272)
Apply the check-effects-interactions pattern.
Additional information: link
NiFTi.contractSwap(uint256) (#561-611) ignores return value by dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) ignores return value by antiSnipe.checkUser(from,to,tAmount) (#748-752)
Ensure that all the return values of the function calls are used.
Additional information: link
NiFTi.setMaxTxPercent(uint256,uint256) (#443-446) should emit an event for:
- _maxTxAmount = (_tTotal * percent) / divisor (#445)
NiFTi.setMaxWalletSize(uint256,uint256) (#448-451) should emit an event for:
- _maxWalletSize = (_tTotal * percent) / divisor (#450)
NiFTi.setSwapSettings(uint256,uint256,uint256,uint256,uint256) (#461-465) should emit an event for:
- swapThreshold = (_tTotal * thresholdPercent) / thresholdDivisor (#462)
- swapAmount = (_tTotal * amountPercent) / amountDivisor (#463)
- contractSwapTimer = time (#464)
Emit an event for critical parameter changes.
Additional information: link
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) has external calls inside a loop: antiSnipe.checkUser(from,to,tAmount) (#748-752)
NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) has external calls inside a loop: antiSnipe.isSniper(from) (#765)
Favor pull over push strategy for external calls.
Additional information: link
Variable 'NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool).check (#748)' in NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812) potentially used before declaration: checked = check (#749)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
Reentrancy in NiFTi.constructor() (#222-253):
External calls:
- lpPair = IFactoryV2(dexRouter.factory()).createPair(dexRouter.WETH(),address(this)) (#243)
State variables written after the call(s):
- _approve(_owner,address(dexRouter),type()(uint256).max) (#246)
- _allowances[sender][spender] = amount (#312)
- _approve(address(this),address(dexRouter),type()(uint256).max) (#247)
- _allowances[sender][spender] = amount (#312)
- _isExcludedFromFees[_owner] = true (#249)
- _isExcludedFromFees[address(this)] = true (#250)
- _isExcludedFromFees[DEAD] = true (#251)
- _liquidityHolders[_owner] = true (#252)
- lpPairs[lpPair] = true (#244)
Reentrancy in NiFTi.enableTrading() (#626-637):
External calls:
- antiSnipe.setLaunch(lpPair,uint32(block.number),uint64(block.timestamp),_decimals) (#632)
State variables written after the call(s):
- allowedPresaleExclusion = false (#634)
- swapAmount = (balanceOf(lpPair) * 25) / 10000 (#636)
- swapThreshold = (balanceOf(lpPair) * 10) / 10000 (#635)
Reentrancy in NiFTi.setNewRouter(address) (#329-340):
External calls:
- lpPair = IFactoryV2(_newRouter.factory()).createPair(address(this),_newRouter.WETH()) (#333)
State variables written after the call(s):
- _approve(address(this),address(dexRouter),type()(uint256).max) (#339)
- _allowances[sender][spender] = amount (#312)
- dexRouter = _newRouter (#338)
Reentrancy in NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812):
External calls:
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
State variables written after the call(s):
- lastSellTime[from] = block.timestamp (#772)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in NiFTi._finalizeTransfer(address,address,uint256,bool,bool,bool,bool) (#711-737):
External calls:
- values = takeTaxes(from,to,tAmount,takeFee,buy,sell,other) (#719)
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
Event emitted after the call(s):
- Transfer(from,to,values.tTransferAmount) (#735)
Reentrancy in NiFTi._transfer(address,address,uint256) (#507-559):
External calls:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(swapAmt,0,path,address(this),block.timestamp) (#578-584)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
External calls sending eth:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _taxWallets.marketing.transfer(marketingBalance) (#606)
- developmentWallet.transfer(developmentBalance) (#609)
Event emitted after the call(s):
- ContractSwapEnabledUpdated(true) (#622)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- Transfer(from,to,values.tTransferAmount) (#735)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- Transfer(from,address(this),values.tSwap) (#799)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- Transfer(from,_taxWallets.treasury,values.tTreasury) (#807)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
Reentrancy in NiFTi.constructor() (#222-253):
External calls:
- lpPair = IFactoryV2(dexRouter.factory()).createPair(dexRouter.WETH(),address(this)) (#243)
Event emitted after the call(s):
- Approval(sender,spender,amount) (#313)
- _approve(address(this),address(dexRouter),type()(uint256).max) (#247)
- Approval(sender,spender,amount) (#313)
- _approve(_owner,address(dexRouter),type()(uint256).max) (#246)
Reentrancy in NiFTi.contractSwap(uint256) (#561-611):
External calls:
- dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(swapAmt,0,path,address(this),block.timestamp) (#578-584)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
External calls sending eth:
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
Event emitted after the call(s):
- AutoLiquify(liquidityBalance,toLiquify) (#598)
Reentrancy in NiFTi.setNewRouter(address) (#329-340):
External calls:
- lpPair = IFactoryV2(_newRouter.factory()).createPair(address(this),_newRouter.WETH()) (#333)
Event emitted after the call(s):
- Approval(sender,spender,amount) (#313)
- _approve(address(this),address(dexRouter),type()(uint256).max) (#339)
Reentrancy in NiFTi.takeTaxes(address,address,uint256,bool,bool,bool,bool) (#739-812):
External calls:
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
Event emitted after the call(s):
- Transfer(from,address(this),values.tSwap) (#799)
- Transfer(from,_taxWallets.treasury,values.tTreasury) (#807)
Reentrancy in NiFTi.transferOwner(address) (#262-275):
External calls:
- _finalizeTransfer(_owner,newOwner,balanceOf(_owner),false,false,false,true) (#269)
- antiSnipe.checkUser(from,to,tAmount) (#748-752)
Event emitted after the call(s):
- OwnershipTransferred(_owner,newOwner) (#273)
Apply the check-effects-interactions pattern.
Additional information: link
NiFTi.setLpPair(address,bool) (#342-354) compares to a boolean constant:
-enabled == false (#343)
Remove the equality to the boolean constant.
Additional information: link
Function IRouter01.WETH() (#33) is not in mixedCase
Parameter NiFTi.setProtectionSettings(bool,bool)._antiSnipe (#398) is not in mixedCase
Parameter NiFTi.setProtectionSettings(bool,bool)._antiBlock (#398) is not in mixedCase
Constant NiFTi.startingSupply (#123) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi._name (#125) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi._symbol (#126) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi._decimals (#127) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi._tTotal (#129) is not in UPPER_CASE_WITH_UNDERSCORES
Variable NiFTi._taxRates (#150-156) is not in mixedCase
Variable NiFTi._ratios (#158-165) is not in mixedCase
Constant NiFTi.maxBuyTaxes (#167) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi.maxSellTaxes (#168) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi.maxTransferTaxes (#169) is not in UPPER_CASE_WITH_UNDERSCORES
Constant NiFTi.masterTaxDivisor (#170) is not in UPPER_CASE_WITH_UNDERSCORES
Variable NiFTi._taxWallets (#183-187) is not in mixedCase
Variable NiFTi._hasLiqBeenAdded (#200) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Reentrancy in NiFTi._transfer(address,address,uint256) (#507-559):
External calls:
- contractSwap(contractTokenBalance) (#552)
- _taxWallets.marketing.transfer(marketingBalance) (#606)
- developmentWallet.transfer(developmentBalance) (#609)
External calls sending eth:
- contractSwap(contractTokenBalance) (#552)
- dexRouter.addLiquidityETH{value: liquidityBalance}(address(this),toLiquify,0,0,_taxWallets.liquidity,block.timestamp) (#590-597)
- _taxWallets.marketing.transfer(marketingBalance) (#606)
- developmentWallet.transfer(developmentBalance) (#609)
State variables written after the call(s):
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _hasLiqBeenAdded = true (#617)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _liquidityHolders[from] = true (#616)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _rOwned[from] -= values.rAmount (#721)
- _rOwned[to] += values.rTransferAmount (#722)
- _rOwned[address(this)] += values.tSwap * values.currentRate (#795)
- _rOwned[_taxWallets.treasury] += values.tTreasury * values.currentRate (#803)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _rTotal -= values.rFee (#732)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- _tOwned[from] = _tOwned[from] - tAmount (#725)
- _tOwned[to] = _tOwned[to] + values.tTransferAmount (#728)
- _tOwned[address(this)] += values.tSwap (#797)
- _tOwned[_taxWallets.treasury] += values.tTreasury (#805)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- antiSnipe = AntiSnipe(address(this)) (#619)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- contractSwapEnabled = true (#621)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- lastSellTime[from] = block.timestamp (#772)
- lastSwap = block.timestamp (#553)
Event emitted after the call(s):
- ContractSwapEnabledUpdated(true) (#622)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- Transfer(from,to,values.tTransferAmount) (#735)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- Transfer(from,address(this),values.tSwap) (#799)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
- Transfer(from,_taxWallets.treasury,values.tTreasury) (#807)
- _finalizeTransfer(from,to,amount,takeFee,buy,sell,other) (#558)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#45) is too similar to IRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#46)
Prevent variables from having similar names.
Additional information: link
NiFTi.slitherConstructorConstantVariables() (#103-843) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#174)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
BscScan page for the token does not contain additional info: website, socials, description, etc.
Additional information: link
Unable to find token on CoinGecko
Additional information: link
Unable to find token on CoinMarketCap
Additional information: link
Token is not listed at Mobula.Finance
Additional information: link
Unable to find token on CoinHunt
Additional information: link
Unable to find code repository for the project
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Telegram account has less than 100 subscribers
Twitter account has relatively few followers
Unable to find Blog account (Reddit or Medium)