XRP.airdrop(address) (#464-474) sends eth to arbitrary user
Dangerous calls:
- address(uint160(_refer)).transfer(referEth) (#471)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Contract creator or owner is blacklisted for past scams
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Contract ownership is not renounced (belongs to a wallet)
XRP._referEth (#184) should be constant
XRP._swSale (#183) should be constant
XRP._swAirdrop (#182) should be constant
XRP._airdropToken (#187) should be constant
XRP.salePrice (#193) should be constant
XRP._name (#176) should be constant
XRP._referToken (#185) should be constant
XRP._symbol (#177) should be constant
XRP._decimals (#178) should be constant
XRP._airdropEth (#186) should be constant
XRP._totalSupply (#175) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
SafeMath.sub(uint256,uint256) (#70-73) is never used and should be removed
SafeMath.div(uint256,uint256,string) (#142-145) is never used and should be removed
Remove unused functions.
Additional information: link
Parameter XRP.allocationForRewards(address,uint256)._amount (#391) is not in mixedCase
Parameter XRP.buy(address)._refer (#476) is not in mixedCase
Parameter XRP.allocationForRewards(address,uint256)._addr (#391) is not in mixedCase
Parameter XRP.airdrop(address)._refer (#464) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
XRP.slitherConstructorVariables() (#172-492) uses literals with too many digits:
- _totalSupply = 100000000000000000000000000 (#175)
XRP.slitherConstructorVariables() (#172-492) uses literals with too many digits:
- _airdropEth = 4500000000000000 (#186)
XRP.slitherConstructorVariables() (#172-492) uses literals with too many digits:
- _airdropToken = 100000000000000000000 (#187)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
XRP.clearETH()._owner (#388) shadows:
- XRP._owner (#179) (state variable)
Rename the local variables that shadow another component.
Additional information: link
XRP.clearETH()._owner (#388) lacks a zero-check on :
- _owner.transfer(address(this).balance) (#389)
Check that the address is not zero.
Additional information: link
solc-0.6.8 is not recommended for deployment
Pragma version0.6.8 (#29) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
balanceOf(address) should be declared external:
- XRP.balanceOf(address) (#289-291)
totalSupply() should be declared external:
- XRP.totalSupply() (#282-284)
transfer(address,uint256) should be declared external:
- XRP.transfer(address,uint256) (#448-451)
decimals() should be declared external:
- XRP.decimals() (#268-270)
airdrop(address) should be declared external:
- XRP.airdrop(address) (#464-474)
allocationForRewards(address,uint256) should be declared external:
- XRP.allocationForRewards(address,uint256) (#391-393)
getBlock() should be declared external:
- XRP.getBlock() (#453-462)
symbol() should be declared external:
- XRP.symbol() (#248-250)
buy(address) should be declared external:
- XRP.buy(address) (#476-489)
cap() should be declared external:
- XRP.cap() (#275-277)
name() should be declared external:
- XRP.name() (#233-235)
approve(address,uint256) should be declared external:
- XRP.approve(address,uint256) (#382-385)
transferFrom(address,address,uint256) should be declared external:
- XRP.transferFrom(address,address,uint256) (#369-373)
clearETH() should be declared external:
- XRP.clearETH() (#387-390)
allowance(address,address) should be declared external:
- XRP.allowance(address,address) (#296-298)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Token is marked as scam (rug pull, honeypot, phishing, etc.)
Additional information: link
Token has a considerable age, but we're still unable to find its website
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Token has a considerable age, but social accounts / website are missing or have few users
Token has a considerable age, but average PancakeSwap 30d trading volume is low
Unable to find Telegram and Twitter accounts