PYRA [PyramiDao] Token

PyramiDaoToken.swapBack() (#644-708) sends eth to arbitrary user
Dangerous calls:
- (success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
- (success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
- router.addLiquidityETH{value: amountETHLiquidity}(address(this),amountToLiquify,0,0,AutoLiquidityReceiver,block.timestamp) (#699-706)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in PyramiDaoToken._transferFrom(address,address,uint256) (#592-627):
External calls:
- _rebase(0) (#605)
- pairContract.sync() (#545)
- swapBack() (#609)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#666-672)
- (success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
- (success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
- router.addLiquidityETH{value: amountETHLiquidity}(address(this),amountToLiquify,0,0,AutoLiquidityReceiver,block.timestamp) (#699-706)
External calls sending eth:
- swapBack() (#609)
- (success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
- (success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
- router.addLiquidityETH{value: amountETHLiquidity}(address(this),amountToLiquify,0,0,AutoLiquidityReceiver,block.timestamp) (#699-706)
State variables written after the call(s):
- _pydBalances[sender] = _pydBalances[sender].sub(pydAmount) (#612)
- _pydBalances[recipient] = _pydBalances[recipient].add(pydAmountReceived) (#617-619)
- pydAmountReceived = takeFee(sender,recipient,pydAmount) (#614-616)
- _pydBalances[address(this)] = _pydBalances[address(this)].add(feeAmount) (#719-721)
Apply the check-effects-interactions pattern.

Additional information: link

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Contract ownership is not renounced (belongs to a wallet)

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

PyramiDaoToken.swapBack().success (#687) is written in both
(success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
(success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
PyramiDaoToken.swapBack().success (#687) is written in both
(success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
success = false (#696)
Fix or remove the writes.

Additional information: link

Variable IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#82) is too similar to IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#83)
Variable PyramiDaoToken.setAutoLiquidityReceiver(address)._AutoLiquidityReceiver (#927) is too similar to PyramiDaoToken.constructor(address,address,address,address,address).autoLiquidityReceiver_ (#483)
Variable PyramiDaoToken.setFeeReceivers(address,address,address)._EgyptTreasury (#853) is too similar to PyramiDaoToken.constructor(address,address,address,address,address).egyptTreasury_ (#484)
Variable PyramiDaoToken.setEgyptTreasury(address)._EgyptTreasury (#931) is too similar to PyramiDaoToken.constructor(address,address,address,address,address).egyptTreasury_ (#484)
Variable PyramiDaoToken.setPharaohsInsurance(address)._PharaohsInsurance (#935) is too similar to PyramiDaoToken.constructor(address,address,address,address,address).pharaohsInsurance_ (#485)
Variable PyramiDaoToken.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#852) is too similar to PyramiDaoToken.constructor(address,address,address,address,address).autoLiquidityReceiver_ (#483)
Variable PyramiDaoToken.setFeeReceivers(address,address,address)._pharaohsInsurance (#854) is too similar to PyramiDaoToken.constructor(address,address,address,address,address).pharaohsInsurance_ (#485)
Prevent variables from having similar names.

Additional information: link

PyramiDaoToken.slitherConstructorVariables() (#406-969) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#439)
PyramiDaoToken.slitherConstructorVariables() (#406-969) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#440)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

SafeMathInt.MAX_INT256 (#222) is never used in SafeMathInt (#220-254)
Remove unused state variables.

Additional information: link

PyramiDaoToken.DEAD (#439) should be constant
PyramiDaoToken.ZERO (#440) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

PyramiDaoToken.setOpenZeppelinRelayer(address) (#861-865) should emit an event for:
- openZeppelinRelayer = openZeppelinRelayer_ (#864)
Emit an event for critical parameter changes.

Additional information: link

PyramiDaoToken.swapBack() (#644-708) ignores return value by router.addLiquidityETH{value: amountETHLiquidity}(address(this),amountToLiquify,0,0,AutoLiquidityReceiver,block.timestamp) (#699-706)
Ensure that all the return values of the function calls are used.

Additional information: link

Low level call in PyramiDaoToken.swapBack() (#644-708):
- (success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
- (success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

ERC20Detailed.constructor(string,string,uint8).name (#48) shadows:
- ERC20Detailed.name() (#57-59) (function)
ERC20Detailed.constructor(string,string,uint8).symbol (#49) shadows:
- ERC20Detailed.symbol() (#61-63) (function)
ERC20Detailed.constructor(string,string,uint8).decimals (#50) shadows:
- ERC20Detailed.decimals() (#65-67) (function)
Rename the local variables that shadow another component.

Additional information: link

PyramiDaoToken.swapBack() (#644-708) performs a multiplication on the result of a division:
-contractTokenBalance = _pydBalances[address(this)].div(_pydsPerFragment) (#651-653)
-amountToLiquify = contractTokenBalance.mul(dynamicLiquidityFee).div(totalFee).div(2) (#654-657)
PyramiDaoToken.setSwapBackSettings(bool,uint256,uint256) (#902-909) performs a multiplication on the result of a division:
-pydSwapThreshold = TOTAL_PYDS.div(_denom).mul(_num) (#908)
PyramiDaoToken.getLiquidityBacking(uint256) (#949-957) performs a multiplication on the result of a division:
-liquidityBalance = _pydBalances[pair].div(_pydsPerFragment) (#954)
-accuracy.mul(liquidityBalance.mul(2)).div(getCirculatingSupply()) (#955-956)
Consider ordering multiplication before division.

Additional information: link

PyramiDaoToken.setPercentInOneRebaseRound(uint256) (#829-834) should emit an event for:
- percentInOneRebaseRound = percentInOneRebaseRound_ (#833)
PyramiDaoToken.setFees(uint256,uint256,uint256,uint256,uint256) (#867-881) should emit an event for:
- liquidityFee = _liquidityFee (#874)
- Insurance = _Insurance (#875)
- Treasury = _Treasury (#876)
- sellFee = _sellFee (#877)
- totalFee = liquidityFee.add(Treasury).add(Insurance) (#878)
- feeDenominator = _feeDenominator (#879)
PyramiDaoToken.setTargetLiquidity(uint256,uint256) (#897-900) should emit an event for:
- targetLiquidity = target (#898)
- targetLiquidityDenominator = accuracy (#899)
PyramiDaoToken.setSwapBackSettings(bool,uint256,uint256) (#902-909) should emit an event for:
- pydSwapThreshold = TOTAL_PYDS.div(_denom).mul(_num) (#908)
Emit an event for critical parameter changes.

Additional information: link

PyramiDaoToken.constructor(address,address,address,address,address).autoLiquidityReceiver_ (#483) lacks a zero-check on :
- AutoLiquidityReceiver = autoLiquidityReceiver_ (#495)
PyramiDaoToken.constructor(address,address,address,address,address).egyptTreasury_ (#484) lacks a zero-check on :
- EgyptTreasury = egyptTreasury_ (#496)
PyramiDaoToken.constructor(address,address,address,address,address).pharaohsInsurance_ (#485) lacks a zero-check on :
- PharaohsInsurance = pharaohsInsurance_ (#497)
PyramiDaoToken.constructor(address,address,address,address,address).openZeppelinRelayer_ (#486) lacks a zero-check on :
- openZeppelinRelayer = openZeppelinRelayer_ (#498)
PyramiDaoToken.clearStuckBalance(uint256,address).adr (#844) lacks a zero-check on :
- address(adr).transfer((amountETH * amountPercentage) / 100) (#846-848)
PyramiDaoToken.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#852) lacks a zero-check on :
- AutoLiquidityReceiver = _autoLiquidityReceiver (#856)
PyramiDaoToken.setFeeReceivers(address,address,address)._EgyptTreasury (#853) lacks a zero-check on :
- EgyptTreasury = _EgyptTreasury (#857)
PyramiDaoToken.setFeeReceivers(address,address,address)._pharaohsInsurance (#854) lacks a zero-check on :
- PharaohsInsurance = _pharaohsInsurance (#858)
PyramiDaoToken.setOpenZeppelinRelayer(address).openZeppelinRelayer_ (#862) lacks a zero-check on :
- openZeppelinRelayer = openZeppelinRelayer_ (#864)
PyramiDaoToken.setAutoLiquidityReceiver(address)._AutoLiquidityReceiver (#927) lacks a zero-check on :
- AutoLiquidityReceiver = _AutoLiquidityReceiver (#928)
PyramiDaoToken.setEgyptTreasury(address)._EgyptTreasury (#931) lacks a zero-check on :
- EgyptTreasury = _EgyptTreasury (#932)
PyramiDaoToken.setPharaohsInsurance(address)._PharaohsInsurance (#935) lacks a zero-check on :
- PharaohsInsurance = _PharaohsInsurance (#936)
Check that the address is not zero.

Additional information: link

Reentrancy in PyramiDaoToken._rebase(int256) (#523-551):
External calls:
- pairContract.sync() (#545)
State variables written after the call(s):
- currentEpoch += 1 (#548)
- lastRebasedTime = block.timestamp (#549)
Reentrancy in PyramiDaoToken.constructor(address,address,address,address,address) (#481-512):
External calls:
- pair = IPancakeFactory(router.factory()).createPair(router.WETH(),address(this)) (#490-493)
State variables written after the call(s):
- AutoLiquidityReceiver = autoLiquidityReceiver_ (#495)
- EgyptTreasury = egyptTreasury_ (#496)
- PharaohsInsurance = pharaohsInsurance_ (#497)
- _allowedFragments[address(this)][address(router)] = uint256(- 1) (#499)
- _isFeeExempt[EgyptTreasury] = true (#507)
- _isFeeExempt[address(this)] = true (#508)
- _transferOwnership(EgyptTreasury) (#510)
- _owner = newOwner (#390)
- _pydBalances[EgyptTreasury] = TOTAL_PYDS (#503)
- _pydsPerFragment = TOTAL_PYDS.div(_totalSupply) (#504)
- _totalSupply = INITIAL_FRAGMENTS_SUPPLY (#502)
- initialDistributionFinished = false (#506)
- openZeppelinRelayer = openZeppelinRelayer_ (#498)
- pairContract = ILiquidityPool(pair) (#500)
- percentInOneRebaseRound = 5287653679 (#509)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in PyramiDaoToken._rebase(int256) (#523-551):
External calls:
- pairContract.sync() (#545)
Event emitted after the call(s):
- LogRebase(currentEpoch,_totalSupply) (#547)
Reentrancy in PyramiDaoToken._transferFrom(address,address,uint256) (#592-627):
External calls:
- _rebase(0) (#605)
- pairContract.sync() (#545)
- swapBack() (#609)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#666-672)
- (success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
- (success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
- router.addLiquidityETH{value: amountETHLiquidity}(address(this),amountToLiquify,0,0,AutoLiquidityReceiver,block.timestamp) (#699-706)
External calls sending eth:
- swapBack() (#609)
- (success) = address(EgyptTreasury).call{gas: 30000,value: amountETHTreasury}() (#687-690)
- (success,None) = address(PharaohsInsurance).call{gas: 30000,value: amountETHInsurance}() (#691-694)
- router.addLiquidityETH{value: amountETHLiquidity}(address(this),amountToLiquify,0,0,AutoLiquidityReceiver,block.timestamp) (#699-706)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount.div(_pydsPerFragment)) (#722)
- pydAmountReceived = takeFee(sender,recipient,pydAmount) (#614-616)
- Transfer(sender,recipient,pydAmountReceived.div(_pydsPerFragment)) (#621-625)
Reentrancy in PyramiDaoToken.constructor(address,address,address,address,address) (#481-512):
External calls:
- pair = IPancakeFactory(router.factory()).createPair(router.WETH(),address(this)) (#490-493)
Event emitted after the call(s):
- OwnershipTransferred(_owner,newOwner) (#389)
- _transferOwnership(EgyptTreasury) (#510)
- Transfer(address(0x0),EgyptTreasury,_totalSupply) (#511)
Apply the check-effects-interactions pattern.

Additional information: link

PyramiDaoToken.shouldRebase() (#514-521) uses timestamp for comparisons
Dangerous comparisons:
- (_totalSupply < MAX_SUPPLY) && msg.sender != pair && ! inSwap && lastRebasedTime > 0 && block.timestamp >= (lastRebasedTime + rebaseTime) (#515-520)
Avoid relying on block.timestamp.

Additional information: link

PyramiDaoToken.transferToAddressETH(address,uint256) (#943-947) is never used and should be removed
SafeMath.mod(uint256,uint256) (#310-313) is never used and should be removed
SafeMathInt.abs(int256) (#250-253) is never used and should be removed
SafeMathInt.add(int256,int256) (#244-248) is never used and should be removed
SafeMathInt.div(int256,int256) (#232-236) is never used and should be removed
SafeMathInt.mul(int256,int256) (#224-230) is never used and should be removed
SafeMathInt.sub(int256,int256) (#238-242) is never used and should be removed
Remove unused functions.

Additional information: link

PyramiDaoToken.totalFee (#426-427) is set pre-construction with a non-constant function or state variable:
- liquidityFee.add(Treasury).add(Insurance)
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Pragma version^0.7.4 (#6) allows old versions
Pragma version^0.7.4 (#40) allows old versions
Pragma version^0.7.4 (#73) allows old versions
Pragma version^0.7.4 (#172) allows old versions
Pragma version^0.7.4 (#218) allows old versions
Pragma version^0.7.4 (#259) allows old versions
Pragma version^0.7.4 (#319) allows old versions
Pragma version^0.7.4 (#340) allows old versions
Pragma version^0.7.4 (#349) allows old versions
Pragma version^0.7.4 (#397) allows old versions
solc-0.7.4 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Function IPancakeRouter01.WETH() (#77) is not in mixedCase
Parameter PyramiDaoToken.checkFeeExempt(address)._addr (#775) is not in mixedCase
Parameter PyramiDaoToken.setLP(address)._address (#814) is not in mixedCase
Parameter PyramiDaoToken.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#852) is not in mixedCase
Parameter PyramiDaoToken.setFeeReceivers(address,address,address)._EgyptTreasury (#853) is not in mixedCase
Parameter PyramiDaoToken.setFeeReceivers(address,address,address)._pharaohsInsurance (#854) is not in mixedCase
Parameter PyramiDaoToken.setFees(uint256,uint256,uint256,uint256,uint256)._liquidityFee (#868) is not in mixedCase
Parameter PyramiDaoToken.setFees(uint256,uint256,uint256,uint256,uint256)._Insurance (#869) is not in mixedCase
Parameter PyramiDaoToken.setFees(uint256,uint256,uint256,uint256,uint256)._Treasury (#870) is not in mixedCase
Parameter PyramiDaoToken.setFees(uint256,uint256,uint256,uint256,uint256)._sellFee (#871) is not in mixedCase
Parameter PyramiDaoToken.setFees(uint256,uint256,uint256,uint256,uint256)._feeDenominator (#872) is not in mixedCase
Parameter PyramiDaoToken.updateBotBlacklist(address,bool)._user (#883) is not in mixedCase
Parameter PyramiDaoToken.updateBotBlacklist(address,bool)._flag (#883) is not in mixedCase
Parameter PyramiDaoToken.setSwapBackSettings(bool,uint256,uint256)._enabled (#903) is not in mixedCase
Parameter PyramiDaoToken.setSwapBackSettings(bool,uint256,uint256)._num (#904) is not in mixedCase
Parameter PyramiDaoToken.setSwapBackSettings(bool,uint256,uint256)._denom (#905) is not in mixedCase
Parameter PyramiDaoToken.enableTransfer(address)._addr (#915) is not in mixedCase
Parameter PyramiDaoToken.setFeeExempt(address)._addr (#919) is not in mixedCase
Parameter PyramiDaoToken.setRebaseTime(uint256)._rebaseTime (#923) is not in mixedCase
Parameter PyramiDaoToken.setAutoLiquidityReceiver(address)._AutoLiquidityReceiver (#927) is not in mixedCase
Parameter PyramiDaoToken.setEgyptTreasury(address)._EgyptTreasury (#931) is not in mixedCase
Parameter PyramiDaoToken.setPharaohsInsurance(address)._PharaohsInsurance (#935) is not in mixedCase
Variable PyramiDaoToken.Treasury (#423) is not in mixedCase
Variable PyramiDaoToken.Insurance (#424) is not in mixedCase
Variable PyramiDaoToken.DEAD (#439) is not in mixedCase
Variable PyramiDaoToken.ZERO (#440) is not in mixedCase
Variable PyramiDaoToken.AutoLiquidityReceiver (#441) is not in mixedCase
Variable PyramiDaoToken.EgyptTreasury (#442) is not in mixedCase
Variable PyramiDaoToken.PharaohsInsurance (#443) is not in mixedCase
Variable PyramiDaoToken._isFeeExempt (#454) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

name() should be declared external:
- ERC20Detailed.name() (#57-59)
symbol() should be declared external:
- ERC20Detailed.symbol() (#61-63)
decimals() should be declared external:
- ERC20Detailed.decimals() (#65-67)
owner() should be declared external:
- Ownable.owner() (#365-367)
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#378-381)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#383-385)
setLastRebasedTime(uint256) should be declared external:
- PyramiDaoToken.setLastRebasedTime(uint256) (#822-827)
setPercentInOneRebaseRound(uint256) should be declared external:
- PyramiDaoToken.setPercentInOneRebaseRound(uint256) (#829-834)
rescueToken(address,uint256) should be declared external:
- PyramiDaoToken.rescueToken(address,uint256) (#836-842)
updateBotBlacklist(address,bool) should be declared external:
- PyramiDaoToken.updateBotBlacklist(address,bool) (#883-885)
Use the external attribute for functions never called from the contract.

Additional information: link

Contract has 5% buy tax and 20% sell tax.
Taxes are suspiciously high (over 10%) and contract ownership is not renounced. Token has a high risk of becoming a honeypot.

Token is deployed only at one blockchain

Token has only one trading pair

BscScan page for the token does not contain additional info: website, socials, description, etc.

Additional information: link

Unable to find token on CoinGecko

Additional information: link

Unable to find audit link on the website

Unable to find whitepaper link on the website

Unable to find token on CoinHunt

Additional information: link

Token is not listed at Mobula.Finance

Additional information: link

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of scam / price dump / death

Young tokens have high risks of scam / price dump / death

Token has no active CoinGecko listing / rank

Token has relatively low CoinMarketCap rank