Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
PUMPIN.addLiquidity(uint256,uint256) (#730-743) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in PUMPIN._transfer(address,address,uint256) (#642-682):
External calls:
- swapAndLiquify(contractTokenBalance) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#666)
- recipient.transfer(amount) (#609)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#669)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#677)
- finalAmount = takeFee(sender,recipient,amount) (#671-672)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#750)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract name (BTC IS PUMPIN BITCHES, FINALLY A FIRST SIGN OF ME MAKING SOME MONEY AFTER BUYING THE TOP AND SELLING) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
Contract name (BTC IS PUMPIN BITCHES, FINALLY A FIRST SIGN OF ME MAKING SOME MONEY AFTER BUYING THE TOP AND SELLING) has length of 100 chars.
Not a direct threat, but may indicate unreliable intentions of developer.
PUMPIN.swapAndLiquify(uint256) (#691-708) performs a multiplication on the result of a division:
-tokensForLP = tAmount.div(_totalTaxIfBuying).mul(_liquidityFee).div(2) (#693)
Consider ordering multiplication before division.
Additional information: link
PUMPIN.addLiquidity(uint256,uint256) (#730-743) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
Ensure that all the return values of the function calls are used.
Additional information: link
PUMPIN.allowance(address,address).owner (#518) shadows:
- Ownable.owner() (#166-168) (function)
PUMPIN._approve(address,address,uint256).owner (#541) shadows:
- Ownable.owner() (#166-168) (function)
Rename the local variables that shadow another component.
Additional information: link
PUMPIN.setTaxes(uint256,uint256,uint256,uint256) (#557-565) should emit an event for:
- _liquidityFee = newLiquidityTax (#558)
- _buyBackFee = newBuyBackTax (#560)
- _totalTaxIfBuying = _liquidityFee.add(_marketingFee).add(_buyBackFee) (#563)
- _totalTaxIfSelling = _totalTaxIfBuying.add(_extraFeeOnSell) (#564)
PUMPIN.setMaxTxAmount(uint256) (#567-569) should emit an event for:
- _maxTxAmount = maxTxAmount (#568)
PUMPIN.setWalletLimit(uint256) (#579-581) should emit an event for:
- _walletMax = newLimit (#580)
PUMPIN.setNumTokensBeforeSwap(uint256) (#583-585) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#584)
Emit an event for critical parameter changes.
Additional information: link
PUMPIN.setMarketingWalletAddress(address).newAddress (#587) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#588)
PUMPIN.setbuyBackWalletAddress(address).newAddress (#591) lacks a zero-check on :
- buyBackWalletAddress = address(newAddress) (#592)
Check that the address is not zero.
Additional information: link
Reentrancy in PUMPIN.changeRouterVersion(address) (#612-626):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#620-621)
State variables written after the call(s):
- uniswapV2Pair = newPairAddress (#624)
- uniswapV2Router = _uniswapV2Router (#625)
Reentrancy in PUMPIN.constructor() (#472-496):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#476-477)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#480)
- _balances[_msgSender()] = _totalSupply (#494)
- _totalTaxIfBuying = _liquidityFee.add(_marketingFee).add(_buyBackFee) (#485)
- _totalTaxIfSelling = _totalTaxIfBuying.add(_extraFeeOnSell) (#486)
- isExcludedFromFee[owner()] = true (#482)
- isExcludedFromFee[address(this)] = true (#483)
- isWalletLimitExempt[owner()] = true (#488)
- isWalletLimitExempt[address(uniswapV2Pair)] = true (#489)
- isWalletLimitExempt[address(this)] = true (#491)
- isWalletLimitExempt[0x000000000000000000000000000000000000dEaD] = true (#492)
- uniswapV2Router = _uniswapV2Router (#479)
Reentrancy in PUMPIN.swapAndLiquify(uint256) (#691-708):
External calls:
- swapTokensForEth(tokensForSwap) (#696)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#705)
- recipient.transfer(amount) (#609)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#706)
- recipient.transfer(amount) (#609)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- _allowances[owner][spender] = amount (#545)
Reentrancy in PUMPIN.transferFrom(address,address,uint256) (#636-640):
External calls:
- _transfer(sender,recipient,amount) (#637)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
External calls sending eth:
- _transfer(sender,recipient,amount) (#637)
- recipient.transfer(amount) (#609)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#638)
- _allowances[owner][spender] = amount (#545)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in PUMPIN._transfer(address,address,uint256) (#642-682):
External calls:
- swapAndLiquify(contractTokenBalance) (#666)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#666)
- recipient.transfer(amount) (#609)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#751)
- finalAmount = takeFee(sender,recipient,amount) (#671-672)
- Transfer(sender,recipient,finalAmount) (#679)
Reentrancy in PUMPIN.constructor() (#472-496):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#476-477)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#495)
Reentrancy in PUMPIN.swapAndLiquify(uint256) (#691-708):
External calls:
- swapTokensForEth(tokensForSwap) (#696)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#705)
- recipient.transfer(amount) (#609)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#706)
- recipient.transfer(amount) (#609)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
Reentrancy in PUMPIN.swapTokensForEth(uint256) (#710-728):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#727)
Reentrancy in PUMPIN.transferFrom(address,address,uint256) (#636-640):
External calls:
- _transfer(sender,recipient,amount) (#637)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#719-725)
External calls sending eth:
- _transfer(sender,recipient,amount) (#637)
- recipient.transfer(amount) (#609)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#638)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#201-206) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#203)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#97-106) uses assembly
- INLINE ASM (#104)
Address._functionCallWithValue(address,bytes,uint256,string) (#133-150) uses assembly
- INLINE ASM (#142-145)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#133-150) is never used and should be removed
Address.functionCall(address,bytes) (#116-118) is never used and should be removed
Address.functionCall(address,bytes,string) (#120-122) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#124-126) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#128-131) is never used and should be removed
Address.isContract(address) (#97-106) is never used and should be removed
Address.sendValue(address,uint256) (#108-114) is never used and should be removed
Context._msgData() (#24-27) is never used and should be removed
SafeMath.mod(uint256,uint256) (#85-87) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#89-92) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#108-114):
- (success) = recipient.call{value: amount}() (#112)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#133-150):
- (success,returndata) = target.call{value: weiValue}(data) (#136)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#240) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#241) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#257) is not in mixedCase
Function IUniswapV2Router01.WETH() (#276) is not in mixedCase
Parameter PUMPIN.setSwapAndLiquifyEnabled(bool)._enabled (#595) is not in mixedCase
Variable PUMPIN._balances (#422) is not in mixedCase
Variable PUMPIN._liquidityFee (#429) is not in mixedCase
Variable PUMPIN._marketingFee (#430) is not in mixedCase
Variable PUMPIN._buyBackFee (#431) is not in mixedCase
Variable PUMPIN._extraFeeOnSell (#432) is not in mixedCase
Variable PUMPIN._totalTaxIfBuying (#433) is not in mixedCase
Variable PUMPIN._totalTaxIfSelling (#434) is not in mixedCase
Variable PUMPIN._maxTxAmount (#437) is not in mixedCase
Variable PUMPIN._walletMax (#438) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#25)" inContext (#18-28)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in PUMPIN._transfer(address,address,uint256) (#642-682):
External calls:
- swapAndLiquify(contractTokenBalance) (#666)
- recipient.transfer(amount) (#609)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#666)
- recipient.transfer(amount) (#609)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#669)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#677)
- finalAmount = takeFee(sender,recipient,amount) (#671-672)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#750)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#751)
- finalAmount = takeFee(sender,recipient,amount) (#671-672)
- Transfer(sender,recipient,finalAmount) (#679)
Reentrancy in PUMPIN.swapAndLiquify(uint256) (#691-708):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#705)
- recipient.transfer(amount) (#609)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#706)
- recipient.transfer(amount) (#609)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#705)
- recipient.transfer(amount) (#609)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#706)
- recipient.transfer(amount) (#609)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
- _allowances[owner][spender] = amount (#545)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#707)
Reentrancy in PUMPIN.transferFrom(address,address,uint256) (#636-640):
External calls:
- _transfer(sender,recipient,amount) (#637)
- recipient.transfer(amount) (#609)
External calls sending eth:
- _transfer(sender,recipient,amount) (#637)
- recipient.transfer(amount) (#609)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#735-742)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#638)
- _allowances[owner][spender] = amount (#545)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#638)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#281) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#282)
Prevent variables from having similar names.
Additional information: link
PUMPIN.constructor() (#472-496) uses literals with too many digits:
- isWalletLimitExempt[0x000000000000000000000000000000000000dEaD] = true (#492)
PUMPIN.slitherConstructorVariables() (#409-757) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#420)
PUMPIN.slitherConstructorVariables() (#409-757) uses literals with too many digits:
- _totalSupply = 1000000000000000 * 10 ** 9 (#436)
PUMPIN.slitherConstructorVariables() (#409-757) uses literals with too many digits:
- _maxTxAmount = 25000000000000 * 10 ** 9 (#437)
PUMPIN.slitherConstructorVariables() (#409-757) uses literals with too many digits:
- _walletMax = 40000000000000 * 10 ** 9 (#438)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
PUMPIN._decimals (#416) should be constant
PUMPIN._name (#414) should be constant
PUMPIN._symbol (#415) should be constant
PUMPIN._totalSupply (#436) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#175-178)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#180-184)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#186-188)
getTime() should be declared external:
- Ownable.getTime() (#190-192)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#194-199)
unlock() should be declared external:
- Ownable.unlock() (#201-206)
name() should be declared external:
- PUMPIN.name() (#498-500)
symbol() should be declared external:
- PUMPIN.symbol() (#502-504)
decimals() should be declared external:
- PUMPIN.decimals() (#506-508)
totalSupply() should be declared external:
- PUMPIN.totalSupply() (#510-512)
allowance(address,address) should be declared external:
- PUMPIN.allowance(address,address) (#518-520)
increaseAllowance(address,uint256) should be declared external:
- PUMPIN.increaseAllowance(address,uint256) (#522-525)
decreaseAllowance(address,uint256) should be declared external:
- PUMPIN.decreaseAllowance(address,uint256) (#527-530)
minimumTokensBeforeSwapAmount() should be declared external:
- PUMPIN.minimumTokensBeforeSwapAmount() (#532-534)
approve(address,uint256) should be declared external:
- PUMPIN.approve(address,uint256) (#536-539)
blacklistAddress(address,bool) should be declared external:
- PUMPIN.blacklistAddress(address,bool) (#549-551)
setIsExcludedFromFee(address,bool) should be declared external:
- PUMPIN.setIsExcludedFromFee(address,bool) (#553-555)
setSwapAndLiquifyEnabled(bool) should be declared external:
- PUMPIN.setSwapAndLiquifyEnabled(bool) (#595-598)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- PUMPIN.setSwapAndLiquifyByLimitOnly(bool) (#600-602)
getCirculatingSupply() should be declared external:
- PUMPIN.getCirculatingSupply() (#604-606)
changeRouterVersion(address) should be declared external:
- PUMPIN.changeRouterVersion(address) (#612-626)
transfer(address,uint256) should be declared external:
- PUMPIN.transfer(address,uint256) (#631-634)
transferFrom(address,address,uint256) should be declared external:
- PUMPIN.transferFrom(address,address,uint256) (#636-640)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts