RAINBOW Token

RainbowToken.swapBNBForTokens(uint256) (#1211-1223) sends eth to arbitrary user
Dangerous calls:
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
RainbowToken.addLiquidity(uint256,uint256) (#1228-1242) sends eth to arbitrary user
Dangerous calls:
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

RainbowToken.random() (#823-828) uses a weak PRNG: "r = uint256(uint256(keccak256(bytes)(abi.encodePacked(block.difficulty,block.timestamp,_nonce))) % 1000) (#824)"
Do not use block.timestamp, now or blockhash as a source of randomness

Additional information: link

Reentrancy in RainbowToken._transfer(address,address,uint256) (#962-1069):
External calls:
- swapAndLiquify(tokenBalance) (#994)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
External calls sending eth:
- swapAndLiquify(tokenBalance) (#994)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
State variables written after the call(s):
- _tokenTransfer(from,to,amount) (#1057)
- _lotteryPool = _lotteryPool.add(rLottery) (#1141)
- _tokenTransfer(from,to,amount) (#1057)
- _rOwned[_burnAddress] = _rOwned[_burnAddress].add(rFee) (#1113)
- _rOwned[address(this)] = _rOwned[address(this)].add(rTakeAmount) (#1134)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (#1083)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (#1088)
- _tokenTransfer(from,to,amount) (#1057)
- _rTotal = _rTotal.sub(rFee) (#1124)
- _tokenTransfer(from,to,amount) (#1057)
- _tOwned[_burnAddress] = _tOwned[_burnAddress].add(tFee) (#1115)
- _tOwned[address(this)] = _tOwned[address(this)].add(tTakeAmount) (#1136)
- _tOwned[sender] = _tOwned[sender].sub(tAmount) (#1081)
- _tOwned[recipient] = _tOwned[recipient].add(tTransferAmount) (#1086)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- currentlySwapping = true (#496)
- currentlySwapping = false (#498)
Apply the check-effects-interactions pattern.

Additional information: link

RainbowToken.withdrawForeignToken(address) (#605-608) ignores return value by IERC20(address(token)).transfer(msg.sender,IERC20(token).balanceOf(address(this))) (#607)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.

Additional information: link

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Contract ownership is not renounced (belongs to a wallet)

RainbowToken.swapAndLiquify(uint256) (#1156-1185) performs a multiplication on the result of a division:
-marketingBNB = receivedBNB.div(7).mul(4) (#1179)
Consider ordering multiplication before division.

Additional information: link

RainbowToken.addLiquidity(uint256,uint256) (#1228-1242) ignores return value by _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
Ensure that all the return values of the function calls are used.

Additional information: link

RainbowToken.allowance(address,address).owner (#660) shadows:
- Ownable.owner() (#232-234) (function)
RainbowToken._approve(address,address,uint256).owner (#685) shadows:
- Ownable.owner() (#232-234) (function)
Rename the local variables that shadow another component.

Additional information: link

RainbowToken.setTaxFeePercent(uint256) (#729-731) should emit an event for:
- _taxFee = taxFee (#730)
RainbowToken.setSellTaxFeePerecent(uint256) (#733-735) should emit an event for:
- _sellTaxFee = taxFee (#734)
RainbowToken.setWhaleSellTaxFeePerecent(uint256) (#737-739) should emit an event for:
- _whaleSellTaxFee = taxFee (#738)
RainbowToken.setMaxTxAmount(uint256) (#741-743) should emit an event for:
- _maxTxAmount = maxTxAmount (#742)
RainbowToken.setTokenSwapThreshold(uint256) (#745-747) should emit an event for:
- _tokenSwapThreshold = tokenSwapThreshold (#746)
RainbowToken.setBuybackBNBThreshold(uint256) (#757-759) should emit an event for:
- _buybackBNBThreshold = bnbAmount (#758)
RainbowToken.setBuybackUpperLimit(uint256) (#761-763) should emit an event for:
- _buybackUpperLimit = buybackLimit (#762)
RainbowToken.setBuybackBNBPercentage(uint256) (#765-767) should emit an event for:
- _buybackBNBPercentage = percentage (#766)
RainbowToken.setWhaleSellThreshold(uint256) (#773-775) should emit an event for:
- _whaleSellThreshold = amount (#774)
RainbowToken.setWhaleSellTimer(uint256) (#777-779) should emit an event for:
- _whaleSellTimer = time (#778)
RainbowToken.setLotteryChance(uint256) (#785-787) should emit an event for:
- _lotteryChance = chance (#786)
RainbowToken.setLotteryThreshold(uint256) (#789-791) should emit an event for:
- _lotteryThreshold = threshold (#790)
RainbowToken.setLotteryMinimumSpend(uint256) (#793-795) should emit an event for:
- _lotteryMinimumSpend = minimumSpend (#794)
Emit an event for critical parameter changes.

Additional information: link

RainbowToken.setMarketingAddress(address).marketingAddress (#749) lacks a zero-check on :
- _marketingAddress = address(marketingAddress) (#750)
Check that the address is not zero.

Additional information: link

Reentrancy in RainbowToken._transfer(address,address,uint256) (#962-1069):
External calls:
- swapAndLiquify(tokenBalance) (#994)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
External calls sending eth:
- swapAndLiquify(tokenBalance) (#994)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
State variables written after the call(s):
- _amountSold[from] = newTotal (#1036)
- _amountSold[from] = newTotal (#1039)
- _amountSold[from] = amount (#1043)
- _previousTaxFee = _taxFee (#1047)
- removeAllFees() (#1053)
- _previousTaxFee = _taxFee (#836)
- _taxFee = fee (#1048)
- removeAllFees() (#1053)
- _taxFee = 0 (#837)
- restoreAllFees() (#1061)
- _taxFee = _previousTaxFee (#844)
- _taxFee = _previousTaxFee (#1066)
- _timeSinceFirstSell[from] = block.timestamp (#1042)
- _tokenTransfer(from,to,amount) (#1057)
- _totalReflections = _totalReflections.add(tFee) (#1125)
Reentrancy in RainbowToken.constructor() (#572-587):
External calls:
- _pancakeswapV2LiquidityPair = IUniswapV2Factory(pancakeswapV2Router.factory()).createPair(address(this),pancakeswapV2Router.WETH()) (#582-583)
State variables written after the call(s):
- _pancakeswapV2Router = pancakeswapV2Router (#584)
Reentrancy in RainbowToken.setRouterAddress(address) (#620-632):
External calls:
- newPair = IUniswapV2Factory(newPancakeSwapRouter.factory()).createPair(address(this),newPancakeSwapRouter.WETH()) (#627)
State variables written after the call(s):
- _pancakeswapV2LiquidityPair = newPair (#629)
- _pancakeswapV2Router = newPancakeSwapRouter (#631)
Reentrancy in RainbowToken.swapAndLiquify(uint256) (#1156-1185):
External calls:
- swapTokensForBNB(swapAmount) (#1166)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
External calls sending eth:
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
State variables written after the call(s):
- addLiquidity(eigth,liquidityBNB) (#1175)
- _allowances[owner][spender] = amount (#689)
Reentrancy in RainbowToken.transferFrom(address,address,uint256) (#669-673):
External calls:
- _transfer(sender,recipient,amount) (#670)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
External calls sending eth:
- _transfer(sender,recipient,amount) (#670)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#671)
- _allowances[owner][spender] = amount (#689)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in RainbowToken._transfer(address,address,uint256) (#962-1069):
External calls:
- swapAndLiquify(tokenBalance) (#994)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
External calls sending eth:
- swapAndLiquify(tokenBalance) (#994)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
Event emitted after the call(s):
- Transfer(sender,recipient,tTransferAmount) (#1105)
- _tokenTransfer(from,to,amount) (#1057)
Reentrancy in RainbowToken.constructor() (#572-587):
External calls:
- _pancakeswapV2LiquidityPair = IUniswapV2Factory(pancakeswapV2Router.factory()).createPair(address(this),pancakeswapV2Router.WETH()) (#582-583)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_tTotal) (#586)
Reentrancy in RainbowToken.swapAndLiquify(uint256) (#1156-1185):
External calls:
- swapTokensForBNB(swapAmount) (#1166)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
External calls sending eth:
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#690)
- addLiquidity(eigth,liquidityBNB) (#1175)
Reentrancy in RainbowToken.swapAndLiquify(uint256) (#1156-1185):
External calls:
- swapTokensForBNB(swapAmount) (#1166)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
External calls sending eth:
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- transferBNBToAddress(_marketingAddress,marketingBNB) (#1182)
- recipient.transfer(amount) (#614)
Event emitted after the call(s):
- SwapAndLiquify(swapAmount,liquidityBNB,eigth) (#1184)
Reentrancy in RainbowToken.transferFrom(address,address,uint256) (#669-673):
External calls:
- _transfer(sender,recipient,amount) (#670)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
- _pancakeswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#1199-1205)
External calls sending eth:
- _transfer(sender,recipient,amount) (#670)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#690)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#671)
Apply the check-effects-interactions pattern.

Additional information: link

RainbowToken.calculateLotteryReward() (#850-862) uses timestamp for comparisons
Dangerous comparisons:
- _lastRoll <= _lotteryChance (#857)
RainbowToken._transfer(address,address,uint256) (#962-1069) uses timestamp for comparisons
Dangerous comparisons:
- delta > 0 && delta < _whaleSellTimer && _timeSinceFirstSell[from] != 0 (#1032)
Avoid relying on block.timestamp.

Additional information: link

Address.isContract(address) (#111-121) uses assembly
- INLINE ASM (#117-119)
Address._verifyCallResult(bool,bytes,string) (#193-213) uses assembly
- INLINE ASM (#205-208)
Do not use evm assembly.

Additional information: link

Address._verifyCallResult(bool,bytes,string) (#193-213) is never used and should be removed
Address.functionCall(address,bytes) (#130-132) is never used and should be removed
Address.functionCall(address,bytes,string) (#134-140) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#142-148) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#150-161) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#178-180) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#182-191) is never used and should be removed
Address.functionStaticCall(address,bytes) (#163-165) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#167-176) is never used and should be removed
Address.isContract(address) (#111-121) is never used and should be removed
Address.sendValue(address,uint256) (#123-128) is never used and should be removed
Context._msgData() (#49-51) is never used and should be removed
SafeMath.mod(uint256,uint256) (#99-101) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#103-106) is never used and should be removed
Remove unused functions.

Additional information: link

RainbowToken._rTotal (#523) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#123-128):
- (success) = recipient.call{value: amount}() (#126)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#150-161):
- (success,returndata) = target.call{value: value}(data) (#159)
Low level call in Address.functionStaticCall(address,bytes,string) (#167-176):
- (success,returndata) = target.staticcall(data) (#174)
Low level call in Address.functionDelegateCall(address,bytes,string) (#182-191):
- (success,returndata) = target.delegatecall(data) (#189)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#304) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#305) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#322) is not in mixedCase
Function IUniswapV2Router01.WETH() (#343) is not in mixedCase
Variable RainbowToken._pancakeswapV2Router (#490) is not in mixedCase
Variable RainbowToken._pancakeswapV2LiquidityPair (#491) is not in mixedCase
Variable RainbowToken._marketingAddress (#507) is not in mixedCase
Variable RainbowToken._burnAddress (#508) is not in mixedCase
Variable RainbowToken._taxFee (#527) is not in mixedCase
Variable RainbowToken._sellTaxFee (#528) is not in mixedCase
Variable RainbowToken._whaleSellTaxFee (#529) is not in mixedCase
Variable RainbowToken._maxTxAmount (#533) is not in mixedCase
Variable RainbowToken._tokenSwapThreshold (#534) is not in mixedCase
Variable RainbowToken._whaleSellThreshold (#540) is not in mixedCase
Variable RainbowToken._whaleSellTimer (#541) is not in mixedCase
Variable RainbowToken._enableBuyback (#546) is not in mixedCase
Variable RainbowToken._buybackBNBThreshold (#547) is not in mixedCase
Variable RainbowToken._buybackUpperLimit (#548) is not in mixedCase
Variable RainbowToken._buybackBNBPercentage (#549) is not in mixedCase
Variable RainbowToken._enableLiquidity (#552) is not in mixedCase
Variable RainbowToken._enableLottery (#555) is not in mixedCase
Variable RainbowToken._lotteryChance (#557) is not in mixedCase
Variable RainbowToken._lotteryThreshold (#558) is not in mixedCase
Variable RainbowToken._lotteryMinimumSpend (#559) is not in mixedCase
Variable RainbowToken._previousWinner (#560) is not in mixedCase
Variable RainbowToken._previousWonAmount (#561) is not in mixedCase
Variable RainbowToken._previousWinTime (#562) is not in mixedCase
Variable RainbowToken._lastRoll (#563) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Reentrancy in RainbowToken._transfer(address,address,uint256) (#962-1069):
External calls:
- swapAndLiquify(tokenBalance) (#994)
- recipient.transfer(amount) (#614)
External calls sending eth:
- swapAndLiquify(tokenBalance) (#994)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
State variables written after the call(s):
- _amountSold[from] = newTotal (#1036)
- _amountSold[from] = newTotal (#1039)
- _amountSold[from] = amount (#1043)
- _tokenTransfer(from,to,amount) (#1057)
- _lotteryPool = _lotteryPool.add(rLottery) (#1141)
- _previousTaxFee = _taxFee (#1047)
- removeAllFees() (#1053)
- _previousTaxFee = _taxFee (#836)
- _tokenTransfer(from,to,amount) (#1057)
- _rOwned[_burnAddress] = _rOwned[_burnAddress].add(rFee) (#1113)
- _rOwned[address(this)] = _rOwned[address(this)].add(rTakeAmount) (#1134)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (#1083)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (#1088)
- _tokenTransfer(from,to,amount) (#1057)
- _rTotal = _rTotal.sub(rFee) (#1124)
- _tokenTransfer(from,to,amount) (#1057)
- _tOwned[_burnAddress] = _tOwned[_burnAddress].add(tFee) (#1115)
- _tOwned[address(this)] = _tOwned[address(this)].add(tTakeAmount) (#1136)
- _tOwned[sender] = _tOwned[sender].sub(tAmount) (#1081)
- _tOwned[recipient] = _tOwned[recipient].add(tTransferAmount) (#1086)
- _taxFee = fee (#1048)
- removeAllFees() (#1053)
- _taxFee = 0 (#837)
- restoreAllFees() (#1061)
- _taxFee = _previousTaxFee (#844)
- _taxFee = _previousTaxFee (#1066)
- _timeSinceFirstSell[from] = block.timestamp (#1042)
- _tokenTransfer(from,to,amount) (#1057)
- _totalReflections = _totalReflections.add(tFee) (#1125)
- buyBackTokens(balance.mul(_buybackBNBPercentage).div(100)) (#1010)
- currentlySwapping = true (#496)
- currentlySwapping = false (#498)
Event emitted after the call(s):
- Transfer(sender,recipient,tTransferAmount) (#1105)
- _tokenTransfer(from,to,amount) (#1057)
Reentrancy in RainbowToken.swapAndLiquify(uint256) (#1156-1185):
External calls:
- transferBNBToAddress(_marketingAddress,marketingBNB) (#1182)
- recipient.transfer(amount) (#614)
External calls sending eth:
- addLiquidity(eigth,liquidityBNB) (#1175)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- transferBNBToAddress(_marketingAddress,marketingBNB) (#1182)
- recipient.transfer(amount) (#614)
Event emitted after the call(s):
- SwapAndLiquify(swapAmount,liquidityBNB,eigth) (#1184)
Reentrancy in RainbowToken.transferFrom(address,address,uint256) (#669-673):
External calls:
- _transfer(sender,recipient,amount) (#670)
- recipient.transfer(amount) (#614)
External calls sending eth:
- _transfer(sender,recipient,amount) (#670)
- recipient.transfer(amount) (#614)
- _pancakeswapV2Router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp.add(300)) (#1234-1241)
- _pancakeswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,_burnAddress,block.timestamp.add(300)) (#1217-1222)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#671)
- _allowances[owner][spender] = amount (#689)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#690)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#671)
Apply the check-effects-interactions pattern.

Additional information: link

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#348) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#349)
Variable RainbowToken._tokenTransfer(address,address,uint256).rTransferAmount (#1077) is too similar to RainbowToken._getTValues(uint256).tTransferAmount (#878)
Variable RainbowToken._tokenTransfer(address,address,uint256).rTransferAmount (#1077) is too similar to RainbowToken._getValues(uint256).tTransferAmount (#868)
Variable RainbowToken._getRValues(uint256,uint256,uint256).rTransferAmount (#888) is too similar to RainbowToken._getTValues(uint256).tTransferAmount (#878)
Variable RainbowToken._getRValues(uint256,uint256,uint256).rTransferAmount (#888) is too similar to RainbowToken._getValues(uint256).tTransferAmount (#868)
Variable RainbowToken.reflectionFromToken(uint256,bool).rTransferAmount (#806) is too similar to RainbowToken._getTValues(uint256).tTransferAmount (#878)
Variable RainbowToken.reflectionFromToken(uint256,bool).rTransferAmount (#806) is too similar to RainbowToken._getValues(uint256).tTransferAmount (#868)
Variable RainbowToken._takeTokens(uint256,uint256).rTakeAmount (#1133) is too similar to RainbowToken._takeTokens(uint256,uint256).tTakeAmount (#1131)
Variable RainbowToken._getRValues(uint256,uint256,uint256).rTransferAmount (#888) is too similar to RainbowToken._tokenTransfer(address,address,uint256).tTransferAmount (#1076)
Variable RainbowToken._getValues(uint256).rTransferAmount (#869) is too similar to RainbowToken._tokenTransfer(address,address,uint256).tTransferAmount (#1076)
Variable RainbowToken._getValues(uint256).rTransferAmount (#869) is too similar to RainbowToken._getValues(uint256).tTransferAmount (#868)
Variable RainbowToken._getValues(uint256).rTransferAmount (#869) is too similar to RainbowToken._getTValues(uint256).tTransferAmount (#878)
Variable RainbowToken._tokenTransfer(address,address,uint256).rTransferAmount (#1077) is too similar to RainbowToken._tokenTransfer(address,address,uint256).tTransferAmount (#1076)
Variable RainbowToken.reflectionFromToken(uint256,bool).rTransferAmount (#806) is too similar to RainbowToken._tokenTransfer(address,address,uint256).tTransferAmount (#1076)
Prevent variables from having similar names.

Additional information: link

RainbowToken.slitherConstructorVariables() (#480-1255) uses literals with too many digits:
- _burnAddress = address(0x000000000000000000000000000000000000dEaD) (#508)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

RainbowToken._burnAddress (#508) should be constant
RainbowToken._decimals (#487) should be constant
RainbowToken._name (#485) should be constant
RainbowToken._symbol (#486) should be constant
RainbowToken._tTotal (#522) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#251-253)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#259-262)
withdrawBNB(uint256) should be declared external:
- RainbowToken.withdrawBNB(uint256) (#597-600)
withdrawForeignToken(address) should be declared external:
- RainbowToken.withdrawForeignToken(address) (#605-608)
setRouterAddress(address) should be declared external:
- RainbowToken.setRouterAddress(address) (#620-632)
reflectionFromToken(uint256,bool) should be declared external:
- RainbowToken.reflectionFromToken(uint256,bool) (#800-809)
reflect(uint256) should be declared external:
- RainbowToken.reflect(uint256) (#1247-1253)
Use the external attribute for functions never called from the contract.

Additional information: link

RainbowToken.includeInReward(address) (#930-941) has costly operations inside a loop:
- _excluded.pop() (#937)
Use a local variable to hold the loop computation result.

Additional information: link

Contract has 7% buy tax and 13% sell tax.
Taxes are suspiciously high (over 10%) and contract ownership is not renounced. Token has a high risk of becoming a honeypot.

Token is deployed only at one blockchain

Average 30d number of PancakeSwap swaps is low.

Unable to crawl data from the website

Token is not listed at Mobula.Finance

Additional information: link

Token has a considerable age, but we're still unable to find its website