Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
RaceOfTheApes.addLiquidity(uint256,uint256) (#749-761) sends eth to arbitrary user
Dangerous calls:
- pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
RaceOfTheApes._transfer(address,address,uint256) (#663-698) uses a dangerous strict equality:
- cd[to] == 0 (#674)
RaceOfTheApes._transfer(address,address,uint256) (#663-698) uses a dangerous strict equality:
- (block.number.sub(cd[from]) < 2) || (block.number.sub(cd[from]) == 100) (#681)
Don't use strict equality to determine if an account has enough Ether or tokens.
Additional information: link
Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.
RaceOfTheApes.addLiquidity(uint256,uint256) (#749-761) ignores return value by pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
Ensure that all the return values of the function calls are used.
Additional information: link
RaceOfTheApes.allowance(address,address).owner (#514) shadows:
- Ownable.owner() (#149-151) (function)
RaceOfTheApes._approve(address,address,uint256).owner (#541) shadows:
- Ownable.owner() (#149-151) (function)
Rename the local variables that shadow another component.
Additional information: link
RaceOfTheApes.setBuyTaxes(uint256,uint256,uint256) (#561-567) should emit an event for:
- _buyLiquidityFee = newLiquidityTax (#562)
- _buyMarketingFee = newMarketingTax (#563)
- _buyBurnedFee = newBurnedTax (#564)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyBurnedFee) (#566)
RaceOfTheApes.setSellTaxes(uint256,uint256,uint256) (#569-575) should emit an event for:
- _sellLiquidityFee = newLiquidityTax (#570)
- _sellMarketingFee = newMarketingTax (#571)
- _sellBurnedFee = newBurnedTax (#572)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellBurnedFee) (#574)
RaceOfTheApes.setDistributionSettings(uint256,uint256,uint256) (#577-583) should emit an event for:
- _liquidityShare = newLiquidityShare (#578)
- _BurnedShare = newBurnedShare (#580)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_BurnedShare) (#582)
RaceOfTheApes.setNumTokensBeforeSwap(uint256) (#601-603) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#602)
Emit an event for critical parameter changes.
Additional information: link
RaceOfTheApes.setMarketingWalletAddress(address).newAddress (#605) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#606)
RaceOfTheApes.setBurnedWalletAddress(address).newAddress (#609) lacks a zero-check on :
- BurnedWalletAddress = address(newAddress) (#610)
Check that the address is not zero.
Additional information: link
Reentrancy in RaceOfTheApes.changeRouterVersion(address) (#630-647):
External calls:
- newPairAddress = IUniswapV2Factory(_pancakeRouter.factory()).createPair(address(this),_pancakeRouter.WETH()) (#638-639)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#646)
- isWalletLimitExempt[address(uniswapPair)] = true (#645)
- pancakeRouter = _pancakeRouter (#643)
- uniswapPair = newPairAddress (#642)
Reentrancy in RaceOfTheApes.constructor() (#465-492):
External calls:
- uniswapPair = IUniswapV2Factory(_pancakeRouter.factory()).createPair(address(this),_pancakeRouter.WETH()) (#468-469)
State variables written after the call(s):
- _allowances[address(this)][address(pancakeRouter)] = _totalSupply (#472)
- _balances[_msgSender()] = _totalSupply (#490)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_BurnedShare) (#479)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyBurnedFee) (#477)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellBurnedFee) (#478)
- isExcludedFromFee[owner()] = true (#474)
- isExcludedFromFee[address(this)] = true (#475)
- isMarketPair[address(uniswapPair)] = true (#488)
- isTxLimitExempt[owner()] = true (#485)
- isTxLimitExempt[address(this)] = true (#486)
- isWalletLimitExempt[owner()] = true (#481)
- isWalletLimitExempt[address(uniswapPair)] = true (#482)
- isWalletLimitExempt[address(this)] = true (#483)
- pancakeRouter = _pancakeRouter (#471)
Reentrancy in RaceOfTheApes.swapAndLiquify(uint256) (#707-729):
External calls:
- swapTokensForEth(tokensForSwap) (#712)
- pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#738-744)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#722)
- recipient.transfer(amount) (#627)
- transferToAddressETH(BurnedWalletAddress,amountBNBBurned) (#725)
- recipient.transfer(amount) (#627)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- _allowances[owner][spender] = amount (#545)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in RaceOfTheApes.constructor() (#465-492):
External calls:
- uniswapPair = IUniswapV2Factory(_pancakeRouter.factory()).createPair(address(this),_pancakeRouter.WETH()) (#468-469)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#491)
Reentrancy in RaceOfTheApes.swapAndLiquify(uint256) (#707-729):
External calls:
- swapTokensForEth(tokensForSwap) (#712)
- pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#738-744)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#722)
- recipient.transfer(amount) (#627)
- transferToAddressETH(BurnedWalletAddress,amountBNBBurned) (#725)
- recipient.transfer(amount) (#627)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
Reentrancy in RaceOfTheApes.swapTokensForEth(uint256) (#731-747):
External calls:
- pancakeRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#738-744)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#746)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#184-189) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#186)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#83-90) uses assembly
- INLINE ASM (#88)
Address._functionCallWithValue(address,bytes,uint256,string) (#116-133) uses assembly
- INLINE ASM (#125-128)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#116-133) is never used and should be removed
Address.functionCall(address,bytes) (#99-101) is never used and should be removed
Address.functionCall(address,bytes,string) (#103-105) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#107-109) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#111-114) is never used and should be removed
Address.isContract(address) (#83-90) is never used and should be removed
Address.sendValue(address,uint256) (#92-97) is never used and should be removed
Context._msgData() (#10-13) is never used and should be removed
RaceOfTheApes.addLiquidity(uint256,uint256) (#749-761) is never used and should be removed
RaceOfTheApes.swapAndLiquify(uint256) (#707-729) is never used and should be removed
RaceOfTheApes.swapTokensForEth(uint256) (#731-747) is never used and should be removed
RaceOfTheApes.takeFee(address,address,uint256) (#763-780) is never used and should be removed
RaceOfTheApes.transferToAddressETH(address,uint256) (#626-628) is never used and should be removed
SafeMath.mod(uint256,uint256) (#71-73) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#75-78) is never used and should be removed
Remove unused functions.
Additional information: link
RaceOfTheApes._liquidityShare (#419) is set pre-construction with a non-constant function or state variable:
- _buyLiquidityFee.add(_sellLiquidityFee)
RaceOfTheApes._marketingShare (#420) is set pre-construction with a non-constant function or state variable:
- _buyMarketingFee.add(_sellMarketingFee)
RaceOfTheApes._BurnedShare (#421) is set pre-construction with a non-constant function or state variable:
- _buyBurnedFee.add(_sellBurnedFee)
RaceOfTheApes._totalSupply (#427) is set pre-construction with a non-constant function or state variable:
- 100000000000 * 10 ** _decimals
RaceOfTheApes._maxTxAmount (#428) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(1)
RaceOfTheApes._walletMax (#429) is set pre-construction with a non-constant function or state variable:
- _totalSupply.div(1)
RaceOfTheApes.minimumTokensBeforeSwap (#430) is set pre-construction with a non-constant function or state variable:
- 100 * 10 ** 2 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#92-97):
- (success) = recipient.call{value: amount}() (#95)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#116-133):
- (success,returndata) = target.call{value: weiValue}(data) (#119)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#223) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#224) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#240) is not in mixedCase
Function IUniswapV2Router01.WETH() (#259) is not in mixedCase
Parameter RaceOfTheApes.setSwapAndLiquifyEnabled(bool)._enabled (#613) is not in mixedCase
Variable RaceOfTheApes.BurnedWalletAddress (#401) is not in mixedCase
Variable RaceOfTheApes._balances (#404) is not in mixedCase
Variable RaceOfTheApes._buyLiquidityFee (#412) is not in mixedCase
Variable RaceOfTheApes._buyMarketingFee (#413) is not in mixedCase
Variable RaceOfTheApes._buyBurnedFee (#414) is not in mixedCase
Variable RaceOfTheApes._sellLiquidityFee (#415) is not in mixedCase
Variable RaceOfTheApes._sellMarketingFee (#416) is not in mixedCase
Variable RaceOfTheApes._sellBurnedFee (#417) is not in mixedCase
Variable RaceOfTheApes._liquidityShare (#419) is not in mixedCase
Variable RaceOfTheApes._marketingShare (#420) is not in mixedCase
Variable RaceOfTheApes._BurnedShare (#421) is not in mixedCase
Variable RaceOfTheApes._totalTaxIfBuying (#423) is not in mixedCase
Variable RaceOfTheApes._totalTaxIfSelling (#424) is not in mixedCase
Variable RaceOfTheApes._totalDistributionShares (#425) is not in mixedCase
Variable RaceOfTheApes._maxTxAmount (#428) is not in mixedCase
Variable RaceOfTheApes._walletMax (#429) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#11)" inContext (#4-14)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in RaceOfTheApes.swapAndLiquify(uint256) (#707-729):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#722)
- recipient.transfer(amount) (#627)
- transferToAddressETH(BurnedWalletAddress,amountBNBBurned) (#725)
- recipient.transfer(amount) (#627)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#722)
- recipient.transfer(amount) (#627)
- transferToAddressETH(BurnedWalletAddress,amountBNBBurned) (#725)
- recipient.transfer(amount) (#627)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- pancakeRouter.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#753-760)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
- _allowances[owner][spender] = amount (#545)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#546)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#728)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#264) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#265)
Prevent variables from having similar names.
Additional information: link
RaceOfTheApes.slitherConstructorVariables() (#392-783) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#402)
RaceOfTheApes.slitherConstructorVariables() (#392-783) uses literals with too many digits:
- _totalSupply = 100000000000 * 10 ** _decimals (#427)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
RaceOfTheApes._decimals (#398) should be constant
RaceOfTheApes._name (#396) should be constant
RaceOfTheApes._symbol (#397) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#158-161)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#163-167)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#169-171)
getTime() should be declared external:
- Ownable.getTime() (#173-175)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#177-182)
unlock() should be declared external:
- Ownable.unlock() (#184-189)
name() should be declared external:
- RaceOfTheApes.name() (#494-496)
symbol() should be declared external:
- RaceOfTheApes.symbol() (#498-500)
decimals() should be declared external:
- RaceOfTheApes.decimals() (#502-504)
totalSupply() should be declared external:
- RaceOfTheApes.totalSupply() (#506-508)
allowance(address,address) should be declared external:
- RaceOfTheApes.allowance(address,address) (#514-516)
increaseAllowance(address,uint256) should be declared external:
- RaceOfTheApes.increaseAllowance(address,uint256) (#522-525)
decreaseAllowance(address,uint256) should be declared external:
- RaceOfTheApes.decreaseAllowance(address,uint256) (#527-530)
minimumTokensBeforeSwapAmount() should be declared external:
- RaceOfTheApes.minimumTokensBeforeSwapAmount() (#532-534)
approve(address,uint256) should be declared external:
- RaceOfTheApes.approve(address,uint256) (#536-539)
setMarketPairStatus(address,bool) should be declared external:
- RaceOfTheApes.setMarketPairStatus(address,bool) (#549-551)
setIsExcludedFromFee(address,bool) should be declared external:
- RaceOfTheApes.setIsExcludedFromFee(address,bool) (#557-559)
setSwapAndLiquifyEnabled(bool) should be declared external:
- RaceOfTheApes.setSwapAndLiquifyEnabled(bool) (#613-616)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- RaceOfTheApes.setSwapAndLiquifyByLimitOnly(bool) (#618-620)
getCirculatingSupply() should be declared external:
- RaceOfTheApes.getCirculatingSupply() (#622-624)
changeRouterVersion(address) should be declared external:
- RaceOfTheApes.changeRouterVersion(address) (#630-647)
transfer(address,uint256) should be declared external:
- RaceOfTheApes.transfer(address,uint256) (#652-655)
transferFrom(address,address,uint256) should be declared external:
- RaceOfTheApes.transferFrom(address,address,uint256) (#657-661)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts