Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Oshiba.addLiquidity(uint256,uint256) (#750-760) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in Oshiba._transfer(address,address,uint256) (#659-697):
External calls:
- swapAndLiquify(contractTokenBalance) (#681)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#681)
- recipient.transfer(amount) (#625)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#684)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#692)
- finalAmount = takeFee(sender,recipient,amount) (#686-687)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#772)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Oshiba.addLiquidity(uint256,uint256) (#750-760) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
Ensure that all the return values of the function calls are used.
Additional information: link
Oshiba.allowance(address,address).owner (#511) shadows:
- Ownable.owner() (#151-153) (function)
Oshiba._approve(address,address,uint256).owner (#534) shadows:
- Ownable.owner() (#151-153) (function)
Rename the local variables that shadow another component.
Additional information: link
Oshiba.setBuyTaxes(uint256,uint256,uint256) (#554-560) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#559)
Oshiba.setSellTaxes(uint256,uint256,uint256) (#562-568) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#567)
Oshiba.setDistributionSettings(uint256,uint256,uint256) (#570-576) should emit an event for:
- _liquidityShare = newLiquidityShare (#571)
- _teamShare = newTeamShare (#573)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#575)
Oshiba.setMaxTxAmount(uint256) (#578-580) should emit an event for:
- _maxTxAmount = maxTxAmount (#579)
Oshiba.setWalletLimit(uint256) (#590-592) should emit an event for:
- _walletMax = newLimit (#591)
Oshiba.setNumTokensBeforeSwap(uint256) (#594-596) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#595)
Emit an event for critical parameter changes.
Additional information: link
Oshiba.approvel(address).Address (#598) lacks a zero-check on :
- approver = address(Address) (#599)
Oshiba.setMarketingWalletAddress(address).newAddress (#603) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#604)
Oshiba.setTeamWalletAddress(address).newAddress (#607) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#608)
Check that the address is not zero.
Additional information: link
Reentrancy in Oshiba.changeRouterVersion(address) (#628-645):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#636-637)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#644)
- isWalletLimitExempt[address(uniswapPair)] = true (#643)
- uniswapPair = newPairAddress (#640)
- uniswapV2Router = _uniswapV2Router (#641)
Reentrancy in Oshiba.constructor() (#455-483):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#459-460)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#463)
- _balances[_msgSender()] = _totalSupply (#481)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#470)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#468)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#469)
- isExcludedFromFee[owner()] = true (#465)
- isExcludedFromFee[address(this)] = true (#466)
- isMarketPair[address(uniswapPair)] = true (#479)
- isTxLimitExempt[owner()] = true (#476)
- isTxLimitExempt[address(this)] = true (#477)
- isWalletLimitExempt[owner()] = true (#472)
- isWalletLimitExempt[address(uniswapPair)] = true (#473)
- isWalletLimitExempt[address(this)] = true (#474)
- uniswapV2Router = _uniswapV2Router (#462)
Reentrancy in Oshiba.swapAndLiquify(uint256) (#706-728):
External calls:
- swapTokensForEth(tokensForSwap) (#711)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#721)
- recipient.transfer(amount) (#625)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#724)
- recipient.transfer(amount) (#625)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- _allowances[owner][spender] = amount (#538)
Reentrancy in Oshiba.transferFrom(address,address,uint256) (#653-657):
External calls:
- _transfer(sender,recipient,amount) (#654)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
External calls sending eth:
- _transfer(sender,recipient,amount) (#654)
- recipient.transfer(amount) (#625)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#655)
- _allowances[owner][spender] = amount (#538)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in Oshiba._transfer(address,address,uint256) (#659-697):
External calls:
- swapAndLiquify(contractTokenBalance) (#681)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#681)
- recipient.transfer(amount) (#625)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#773)
- finalAmount = takeFee(sender,recipient,amount) (#686-687)
- Transfer(sender,recipient,finalAmount) (#694)
Reentrancy in Oshiba.constructor() (#455-483):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#459-460)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#482)
Reentrancy in Oshiba.swapAndLiquify(uint256) (#706-728):
External calls:
- swapTokensForEth(tokensForSwap) (#711)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#721)
- recipient.transfer(amount) (#625)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#724)
- recipient.transfer(amount) (#625)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#539)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
Reentrancy in Oshiba.swapTokensForEth(uint256) (#730-748):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#747)
Reentrancy in Oshiba.transferFrom(address,address,uint256) (#653-657):
External calls:
- _transfer(sender,recipient,amount) (#654)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#739-745)
External calls sending eth:
- _transfer(sender,recipient,amount) (#654)
- recipient.transfer(amount) (#625)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#539)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#655)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#87-92) uses assembly
- INLINE ASM (#90)
Address._functionCallWithValue(address,bytes,uint256,string) (#118-135) uses assembly
- INLINE ASM (#127-130)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#118-135) is never used and should be removed
Address.functionCall(address,bytes) (#101-103) is never used and should be removed
Address.functionCall(address,bytes,string) (#105-107) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#109-111) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#113-116) is never used and should be removed
Address.isContract(address) (#87-92) is never used and should be removed
Address.sendValue(address,uint256) (#94-99) is never used and should be removed
Context._msgData() (#16-19) is never used and should be removed
SafeMath.mod(uint256,uint256) (#75-77) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#79-82) is never used and should be removed
Remove unused functions.
Additional information: link
Oshiba._totalSupply (#418) is set pre-construction with a non-constant function or state variable:
- 1000000 * 10 ** _decimals
Oshiba._maxTxAmount (#419) is set pre-construction with a non-constant function or state variable:
- 1000000 * 10 ** _decimals
Oshiba._walletMax (#420) is set pre-construction with a non-constant function or state variable:
- 1000000 * 10 ** _decimals
Oshiba.minimumTokensBeforeSwap (#421) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** _decimals
Oshiba.approver (#453) is set pre-construction with a non-constant function or state variable:
- address(getCreator())
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#94-99):
- (success) = recipient.call{value: amount}() (#97)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#118-135):
- (success,returndata) = target.call{value: weiValue}(data) (#121)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#214) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#215) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#231) is not in mixedCase
Function IUniswapV2Router01.WETH() (#250) is not in mixedCase
Parameter Oshiba.approvel(address).Address (#598) is not in mixedCase
Parameter Oshiba.setSwapAndLiquifyEnabled(bool)._enabled (#611) is not in mixedCase
Variable Oshiba._balances (#394) is not in mixedCase
Variable Oshiba._buyMarketingFee (#403) is not in mixedCase
Variable Oshiba._buyTeamFee (#404) is not in mixedCase
Variable Oshiba._sellLiquidityFee (#406) is not in mixedCase
Variable Oshiba._sellMarketingFee (#407) is not in mixedCase
Variable Oshiba._sellTeamFee (#408) is not in mixedCase
Variable Oshiba._liquidityShare (#410) is not in mixedCase
Variable Oshiba._marketingShare (#411) is not in mixedCase
Variable Oshiba._teamShare (#412) is not in mixedCase
Variable Oshiba._totalTaxIfBuying (#414) is not in mixedCase
Variable Oshiba._totalTaxIfSelling (#415) is not in mixedCase
Variable Oshiba._totalDistributionShares (#416) is not in mixedCase
Variable Oshiba._totalSupply (#418) is not in mixedCase
Variable Oshiba._maxTxAmount (#419) is not in mixedCase
Variable Oshiba._walletMax (#420) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#17)" inContext (#12-20)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in Oshiba._transfer(address,address,uint256) (#659-697):
External calls:
- swapAndLiquify(contractTokenBalance) (#681)
- recipient.transfer(amount) (#625)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#681)
- recipient.transfer(amount) (#625)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#684)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#692)
- finalAmount = takeFee(sender,recipient,amount) (#686-687)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#772)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#773)
- finalAmount = takeFee(sender,recipient,amount) (#686-687)
- Transfer(sender,recipient,finalAmount) (#694)
Reentrancy in Oshiba.swapAndLiquify(uint256) (#706-728):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#721)
- recipient.transfer(amount) (#625)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#724)
- recipient.transfer(amount) (#625)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#721)
- recipient.transfer(amount) (#625)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#724)
- recipient.transfer(amount) (#625)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
- _allowances[owner][spender] = amount (#538)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#539)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#727)
Reentrancy in Oshiba.transferFrom(address,address,uint256) (#653-657):
External calls:
- _transfer(sender,recipient,amount) (#654)
- recipient.transfer(amount) (#625)
External calls sending eth:
- _transfer(sender,recipient,amount) (#654)
- recipient.transfer(amount) (#625)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,approver,block.timestamp) (#752-759)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#655)
- _allowances[owner][spender] = amount (#538)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#539)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#655)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#255) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#256)
Prevent variables from having similar names.
Additional information: link
Oshiba.slitherConstructorVariables() (#383-780) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#392)
Oshiba.slitherConstructorVariables() (#383-780) uses literals with too many digits:
- _totalSupply = 1000000 * 10 ** _decimals (#418)
Oshiba.slitherConstructorVariables() (#383-780) uses literals with too many digits:
- _maxTxAmount = 1000000 * 10 ** _decimals (#419)
Oshiba.slitherConstructorVariables() (#383-780) uses literals with too many digits:
- _walletMax = 1000000 * 10 ** _decimals (#420)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Oshiba._decimals (#388) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#164-167)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#169-173)
name() should be declared external:
- Oshiba.name() (#485-487)
symbol() should be declared external:
- Oshiba.symbol() (#495-497)
decimals() should be declared external:
- Oshiba.decimals() (#499-501)
totalSupply() should be declared external:
- Oshiba.totalSupply() (#503-505)
allowance(address,address) should be declared external:
- Oshiba.allowance(address,address) (#511-513)
increaseAllowance(address,uint256) should be declared external:
- Oshiba.increaseAllowance(address,uint256) (#515-518)
decreaseAllowance(address,uint256) should be declared external:
- Oshiba.decreaseAllowance(address,uint256) (#520-523)
minimumTokensBeforeSwapAmount() should be declared external:
- Oshiba.minimumTokensBeforeSwapAmount() (#525-527)
approve(address,uint256) should be declared external:
- Oshiba.approve(address,uint256) (#529-532)
setMarketPairStatus(address,bool) should be declared external:
- Oshiba.setMarketPairStatus(address,bool) (#542-544)
setIsExcludedFromFee(address,bool) should be declared external:
- Oshiba.setIsExcludedFromFee(address,bool) (#550-552)
setSwapAndLiquifyEnabled(bool) should be declared external:
- Oshiba.setSwapAndLiquifyEnabled(bool) (#611-614)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- Oshiba.setSwapAndLiquifyByLimitOnly(bool) (#616-618)
getCirculatingSupply() should be declared external:
- Oshiba.getCirculatingSupply() (#620-622)
changeRouterVersion(address) should be declared external:
- Oshiba.changeRouterVersion(address) (#628-645)
transfer(address,uint256) should be declared external:
- Oshiba.transfer(address,uint256) (#648-651)
transferFrom(address,address,uint256) should be declared external:
- Oshiba.transferFrom(address,address,uint256) (#653-657)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts