RHINO Token

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

Rhino.addLiquidity(uint256,uint256) (#764-777) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in Rhino._transfer(address,address,uint256) (#664-706):
External calls:
- swapAndLiquify(contractTokenBalance) (#690)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#690)
- recipient.transfer(amount) (#624)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#693)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#701)
- finalAmount = takeFee(sender,recipient,amount) (#695-696)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#791)
Apply the check-effects-interactions pattern.

Additional information: link

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Rhino.addLiquidity(uint256,uint256) (#764-777) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
Ensure that all the return values of the function calls are used.

Additional information: link

Rhino.allowance(address,address).owner (#508) shadows:
- Ownable.owner() (#146-148) (function)
Rhino._approve(address,address,uint256).owner (#531) shadows:
- Ownable.owner() (#146-148) (function)
Rename the local variables that shadow another component.

Additional information: link

Rhino.setBuyTaxes(uint256,uint256,uint256) (#558-564) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#563)
Rhino.setSelTaxes(uint256,uint256,uint256) (#566-572) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#571)
Rhino.setDistributionSettings(uint256,uint256,uint256) (#574-580) should emit an event for:
- _liquidityShare = newLiquidityShare (#575)
- _teamShare = newTeamShare (#577)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#579)
Rhino.setMaxTxAmount(uint256) (#582-584) should emit an event for:
- _maxTxAmount = maxTxAmount (#583)
Rhino.setWalletLimit(uint256) (#594-596) should emit an event for:
- _walletMax = newLimit (#595)
Rhino.setNumTokensBeforeSwap(uint256) (#598-600) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#599)
Emit an event for critical parameter changes.

Additional information: link

Rhino.setMarketingWalletAddress(address).newAddress (#602) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#603)
Rhino.setTeamWalletAddress(address).newAddress (#606) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#607)
Check that the address is not zero.

Additional information: link

Reentrancy in Rhino.changeRouterVersion(address) (#627-644):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#635-636)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#643)
- isWalletLimitExempt[address(uniswapPair)] = true (#642)
- uniswapPair = newPairAddress (#639)
- uniswapV2Router = _uniswapV2Router (#640)
Reentrancy in Rhino.constructor() (#457-486):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#461-462)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#465)
- _balances[_msgSender()] = _totalSupply (#483)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#472)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#470)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#471)
- isExcludedFromFee[owner()] = true (#467)
- isExcludedFromFee[address(this)] = true (#468)
- isMarketPair[address(uniswapPair)] = true (#481)
- isTxLimitExempt[owner()] = true (#478)
- isTxLimitExempt[address(this)] = true (#479)
- isWalletLimitExempt[owner()] = true (#474)
- isWalletLimitExempt[address(uniswapPair)] = true (#475)
- isWalletLimitExempt[address(this)] = true (#476)
- premarket_user[owner()] = true (#484)
- uniswapV2Router = _uniswapV2Router (#464)
Reentrancy in Rhino.swapAndLiquify(uint256) (#715-742):
External calls:
- swapTokensForEth(tokensForSwap) (#720)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#624)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#624)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- _allowances[owner][spender] = amount (#535)
Reentrancy in Rhino.transferFrom(address,address,uint256) (#658-662):
External calls:
- _transfer(sender,recipient,amount) (#659)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
External calls sending eth:
- _transfer(sender,recipient,amount) (#659)
- recipient.transfer(amount) (#624)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#660)
- _allowances[owner][spender] = amount (#535)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in Rhino._transfer(address,address,uint256) (#664-706):
External calls:
- swapAndLiquify(contractTokenBalance) (#690)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#690)
- recipient.transfer(amount) (#624)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#792)
- finalAmount = takeFee(sender,recipient,amount) (#695-696)
- Transfer(sender,recipient,finalAmount) (#703)
Reentrancy in Rhino.constructor() (#457-486):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#461-462)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#485)
Reentrancy in Rhino.swapAndLiquify(uint256) (#715-742):
External calls:
- swapTokensForEth(tokensForSwap) (#720)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
Event emitted after the call(s):
- eventSwapAndLiquify(amountReceived) (#722)
- liquidityGetBnb(amountBNBLiquidity) (#732)
- marketingGetBnb(amountBNBMarketing) (#731)
- teamGetBnb(amountBNBTeam) (#730)
Reentrancy in Rhino.swapAndLiquify(uint256) (#715-742):
External calls:
- swapTokensForEth(tokensForSwap) (#720)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#624)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#624)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#536)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
Reentrancy in Rhino.swapTokensForEth(uint256) (#744-762):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#761)
Reentrancy in Rhino.transferFrom(address,address,uint256) (#658-662):
External calls:
- _transfer(sender,recipient,amount) (#659)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#753-759)
External calls sending eth:
- _transfer(sender,recipient,amount) (#659)
- recipient.transfer(amount) (#624)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#536)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#660)
Apply the check-effects-interactions pattern.

Additional information: link

Address.isContract(address) (#81-86) uses assembly
- INLINE ASM (#84)
Address._functionCallWithValue(address,bytes,uint256,string) (#113-130) uses assembly
- INLINE ASM (#122-125)
Do not use evm assembly.

Additional information: link

Address._functionCallWithValue(address,bytes,uint256,string) (#113-130) is never used and should be removed
Address.functionCall(address,bytes) (#96-98) is never used and should be removed
Address.functionCall(address,bytes,string) (#100-102) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#104-106) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#108-111) is never used and should be removed
Address.isContract(address) (#81-86) is never used and should be removed
Address.sendValue(address,uint256) (#88-94) is never used and should be removed
Context._msgData() (#9-12) is never used and should be removed
SafeMath.mod(uint256,uint256) (#69-71) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#73-76) is never used and should be removed
Remove unused functions.

Additional information: link

Rhino._totalSupply (#412) is set pre-construction with a non-constant function or state variable:
- 50000000000000 * 10 ** _decimals
Rhino._maxTxAmount (#413) is set pre-construction with a non-constant function or state variable:
- 50000000000000 * 10 ** _decimals
Rhino._walletMax (#414) is set pre-construction with a non-constant function or state variable:
- 30000000000000 * 10 ** _decimals
Rhino.minimumTokensBeforeSwap (#415) is set pre-construction with a non-constant function or state variable:
- 2000000000000 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#88-94):
- (success) = recipient.call{value: amount}() (#92)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#113-130):
- (success,returndata) = target.call{value: weiValue}(data) (#116)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#203) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#204) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#220) is not in mixedCase
Function IUniswapV2Router01.WETH() (#239) is not in mixedCase
Event RhinoinSwapAndLiquifyStatus(bool) (#442) is not in CapWords
Event RhinostepLiquify(bool,bool,bool,bool) (#443) is not in CapWords
Event RhinostepFee(bool) (#444) is not in CapWords
Event RhinoteamGetBnb(uint256) (#446) is not in CapWords
Event RhinomarketingGetBnb(uint256) (#447) is not in CapWords
Event RhinoliquidityGetBnb(uint256) (#448) is not in CapWords
Event RhinoeventSwapAndLiquify(uint256) (#449) is not in CapWords
Function Rhino.activate_market(bool) (#551-553) is not in mixedCase
Function Rhino.edit_premarket_user(address,bool) (#554-556) is not in mixedCase
Parameter Rhino.edit_premarket_user(address,bool)._address (#554) is not in mixedCase
Parameter Rhino.setSwapAndLiquifyEnabled(bool)._enabled (#610) is not in mixedCase
Function Rhino.edit_blacklistAddress(address,bool) (#646-648) is not in mixedCase
Variable Rhino.market_active (#380) is not in mixedCase
Variable Rhino._isBlacklisted (#381) is not in mixedCase
Variable Rhino.premarket_user (#382) is not in mixedCase
Variable Rhino._balances (#388) is not in mixedCase
Variable Rhino._buyLiquidityFee (#396) is not in mixedCase
Variable Rhino._buyMarketingFee (#397) is not in mixedCase
Variable Rhino._buyTeamFee (#398) is not in mixedCase
Variable Rhino._sellLiquidityFee (#400) is not in mixedCase
Variable Rhino._sellMarketingFee (#401) is not in mixedCase
Variable Rhino._sellTeamFee (#402) is not in mixedCase
Variable Rhino._liquidityShare (#404) is not in mixedCase
Variable Rhino._marketingShare (#405) is not in mixedCase
Variable Rhino._teamShare (#406) is not in mixedCase
Variable Rhino._totalTaxIfBuying (#408) is not in mixedCase
Variable Rhino._totalTaxIfSelling (#409) is not in mixedCase
Variable Rhino._totalDistributionShares (#410) is not in mixedCase
Variable Rhino._maxTxAmount (#413) is not in mixedCase
Variable Rhino._walletMax (#414) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#10)" inContext (#3-13)
Remove redundant statements if they congest code but offer no value.

Additional information: link

Reentrancy in Rhino._transfer(address,address,uint256) (#664-706):
External calls:
- swapAndLiquify(contractTokenBalance) (#690)
- recipient.transfer(amount) (#624)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#690)
- recipient.transfer(amount) (#624)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#693)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#701)
- finalAmount = takeFee(sender,recipient,amount) (#695-696)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#791)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#792)
- finalAmount = takeFee(sender,recipient,amount) (#695-696)
- Transfer(sender,recipient,finalAmount) (#703)
Reentrancy in Rhino.swapAndLiquify(uint256) (#715-742):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#624)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#624)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#735)
- recipient.transfer(amount) (#624)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#738)
- recipient.transfer(amount) (#624)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
- _allowances[owner][spender] = amount (#535)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#536)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#741)
Reentrancy in Rhino.transferFrom(address,address,uint256) (#658-662):
External calls:
- _transfer(sender,recipient,amount) (#659)
- recipient.transfer(amount) (#624)
External calls sending eth:
- _transfer(sender,recipient,amount) (#659)
- recipient.transfer(amount) (#624)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#769-776)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#660)
- _allowances[owner][spender] = amount (#535)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#536)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#660)
Apply the check-effects-interactions pattern.

Additional information: link

Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#244) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#245)
Prevent variables from having similar names.

Additional information: link

Ownable.waiveOwnership() (#155-158) uses literals with too many digits:
- OwnershipTransferred(_owner,address(0x000000000000000000000000000000000000dEaD)) (#156)
Ownable.waiveOwnership() (#155-158) uses literals with too many digits:
- _owner = address(0x000000000000000000000000000000000000dEaD) (#157)
Rhino.slitherConstructorVariables() (#372-799) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#386)
Rhino.slitherConstructorVariables() (#372-799) uses literals with too many digits:
- _totalSupply = 50000000000000 * 10 ** _decimals (#412)
Rhino.slitherConstructorVariables() (#372-799) uses literals with too many digits:
- _maxTxAmount = 50000000000000 * 10 ** _decimals (#413)
Rhino.slitherConstructorVariables() (#372-799) uses literals with too many digits:
- _walletMax = 30000000000000 * 10 ** _decimals (#414)
Rhino.slitherConstructorVariables() (#372-799) uses literals with too many digits:
- minimumTokensBeforeSwap = 2000000000000 * 10 ** _decimals (#415)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

Ownable.asdasd (#135) is never used in Rhino (#372-799)
Ownable._lockTime (#136) is never used in Rhino (#372-799)
Remove unused state variables.

Additional information: link

Ownable._lockTime (#136) should be constant
Ownable.asdasd (#135) should be constant
Rhino._decimals (#379) should be constant
Rhino._name (#377) should be constant
Rhino._symbol (#378) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#155-158)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#160-164)
getTime() should be declared external:
- Ownable.getTime() (#166-168)
name() should be declared external:
- Rhino.name() (#488-490)
symbol() should be declared external:
- Rhino.symbol() (#492-494)
decimals() should be declared external:
- Rhino.decimals() (#496-498)
totalSupply() should be declared external:
- Rhino.totalSupply() (#500-502)
allowance(address,address) should be declared external:
- Rhino.allowance(address,address) (#508-510)
increaseAllowance(address,uint256) should be declared external:
- Rhino.increaseAllowance(address,uint256) (#512-515)
decreaseAllowance(address,uint256) should be declared external:
- Rhino.decreaseAllowance(address,uint256) (#517-520)
minimumTokensBeforeSwapAmount() should be declared external:
- Rhino.minimumTokensBeforeSwapAmount() (#522-524)
approve(address,uint256) should be declared external:
- Rhino.approve(address,uint256) (#526-529)
setMarketPairStatus(address,bool) should be declared external:
- Rhino.setMarketPairStatus(address,bool) (#539-541)
setIsExcludedFromFee(address,bool) should be declared external:
- Rhino.setIsExcludedFromFee(address,bool) (#547-549)
setSwapAndLiquifyEnabled(bool) should be declared external:
- Rhino.setSwapAndLiquifyEnabled(bool) (#610-613)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- Rhino.setSwapAndLiquifyByLimitOnly(bool) (#615-617)
getCirculatingSupply() should be declared external:
- Rhino.getCirculatingSupply() (#619-621)
changeRouterVersion(address) should be declared external:
- Rhino.changeRouterVersion(address) (#627-644)
transfer(address,uint256) should be declared external:
- Rhino.transfer(address,uint256) (#653-656)
transferFrom(address,address,uint256) should be declared external:
- Rhino.transferFrom(address,address,uint256) (#658-662)
Use the external attribute for functions never called from the contract.

Additional information: link

Attempt to swap token was unsuccessful. For some reason it is untradeable. If token is not in presale stage and is not traded outside PancakeSwap, then it's a scam

Additional information: link

Average 30d PancakeSwap liquidity is low.

Token is deployed only at one blockchain

Token has only one trading pair

Unable to find website, listings and other project-related information

Token is marked as scam (rug pull, honeypot, phishing, etc.)

Additional information: link

Young tokens have high risks of scam / price dump / death

Token has no active CoinGecko listing / rank

Token has no active CoinMarketCap listing / rank