Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
SDogeKing.addLiquidity(uint256,uint256) (#1019-1032) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in SDogeKing._transfer(address,address,uint256) (#902-955):
External calls:
- swapAndLiquify(contractTokenBalance) (#934)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#934)
- recipient.transfer(amount) (#846)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#937-940)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#950)
- finalAmount = takeFee(sender,recipient,amount) (#942-945)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#1043)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
SDogeKing.swapAndLiquify(uint256) (#971-997) performs a multiplication on the result of a division:
-tokensForLP = tAmount.div(_totalTaxIfBuying).mul(_liquidityFee).div(2) (#972-975)
Consider ordering multiplication before division.
Additional information: link
SDogeKing.addLiquidity(uint256,uint256) (#1019-1032) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
Ensure that all the return values of the function calls are used.
Additional information: link
SDogeKing.allowance(address,address).owner (#714) shadows:
- Ownable.owner() (#221-223) (function)
SDogeKing._approve(address,address,uint256).owner (#766) shadows:
- Ownable.owner() (#221-223) (function)
Rename the local variables that shadow another component.
Additional information: link
SDogeKing.setTaxes(uint256,uint256,uint256,uint256) (#784-797) should emit an event for:
- _liquidityFee = newLiquidityTax (#790)
- _buyBackFee = newBuyBackTax (#792)
- _totalTaxIfBuying = _liquidityFee.add(_marketingFee).add(_buyBackFee) (#795)
- _totalTaxIfSelling = _totalTaxIfBuying.add(_extraFeeOnSell) (#796)
SDogeKing.setMaxTxAmount(uint256) (#799-801) should emit an event for:
- _maxTxAmount = maxTxAmount (#800)
SDogeKing.setWalletLimit(uint256) (#814-816) should emit an event for:
- _walletMax = newLimit (#815)
SDogeKing.setNumTokensBeforeSwap(uint256) (#818-820) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#819)
Emit an event for critical parameter changes.
Additional information: link
SDogeKing.setMarketingWalletAddress(address).newAddress (#822) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#823)
SDogeKing.setbuyBackWalletAddress(address).newAddress (#826) lacks a zero-check on :
- buyBackWalletAddress = address(newAddress) (#827)
Check that the address is not zero.
Additional information: link
Reentrancy in SDogeKing.changeRouterVersion(address) (#849-871):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#865-866)
State variables written after the call(s):
- uniswapV2Pair = newPairAddress (#869)
- uniswapV2Router = _uniswapV2Router (#870)
Reentrancy in SDogeKing.constructor() (#670-692):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#675-676)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#679)
- _balances[_msgSender()] = _totalSupply (#690)
- _totalTaxIfBuying = _liquidityFee.add(_marketingFee).add(_buyBackFee) (#684)
- _totalTaxIfSelling = _totalTaxIfBuying.add(_extraFeeOnSell) (#685)
- isExcludedFromFee[owner()] = true (#681)
- isExcludedFromFee[address(this)] = true (#682)
- isWalletLimitExempt[owner()] = true (#687)
- isWalletLimitExempt[address(uniswapV2Pair)] = true (#688)
- uniswapV2Router = _uniswapV2Router (#678)
Reentrancy in SDogeKing.swapAndLiquify(uint256) (#971-997):
External calls:
- swapTokensForEth(tokensForSwap) (#978)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#994)
- recipient.transfer(amount) (#846)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#995)
- recipient.transfer(amount) (#846)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- _allowances[owner][spender] = amount (#773)
Reentrancy in SDogeKing.transferFrom(address,address,uint256) (#885-900):
External calls:
- _transfer(sender,recipient,amount) (#890)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
External calls sending eth:
- _transfer(sender,recipient,amount) (#890)
- recipient.transfer(amount) (#846)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#891-898)
- _allowances[owner][spender] = amount (#773)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in SDogeKing._transfer(address,address,uint256) (#902-955):
External calls:
- swapAndLiquify(contractTokenBalance) (#934)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#934)
- recipient.transfer(amount) (#846)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#1044)
- finalAmount = takeFee(sender,recipient,amount) (#942-945)
- Transfer(sender,recipient,finalAmount) (#952)
Reentrancy in SDogeKing.constructor() (#670-692):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#675-676)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#691)
Reentrancy in SDogeKing.swapAndLiquify(uint256) (#971-997):
External calls:
- swapTokensForEth(tokensForSwap) (#978)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#994)
- recipient.transfer(amount) (#846)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#995)
- recipient.transfer(amount) (#846)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#774)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
Reentrancy in SDogeKing.swapTokensForEth(uint256) (#999-1017):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#1016)
Reentrancy in SDogeKing.transferFrom(address,address,uint256) (#885-900):
External calls:
- _transfer(sender,recipient,amount) (#890)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1008-1014)
External calls sending eth:
- _transfer(sender,recipient,amount) (#890)
- recipient.transfer(amount) (#846)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#774)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#891-898)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#259-267) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#264)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#110-121) uses assembly
- INLINE ASM (#117-119)
Address._functionCallWithValue(address,bytes,uint256,string) (#179-202) uses assembly
- INLINE ASM (#194-197)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#179-202) is never used and should be removed
Address.functionCall(address,bytes) (#137-142) is never used and should be removed
Address.functionCall(address,bytes,string) (#144-150) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#152-164) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#166-177) is never used and should be removed
Address.isContract(address) (#110-121) is never used and should be removed
Address.sendValue(address,uint256) (#123-135) is never used and should be removed
Context._msgData() (#9-12) is never used and should be removed
SafeMath.mod(uint256,uint256) (#95-97) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#99-106) is never used and should be removed
Remove unused functions.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#123-135):
- (success) = recipient.call{value: amount}() (#130)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#179-202):
- (success,returndata) = target.call{value: weiValue}(data) (#187-189)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#333) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#335) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#365) is not in mixedCase
Function IUniswapV2Router01.WETH() (#409) is not in mixedCase
Parameter SDogeKing.setSwapAndLiquifyEnabled(bool)._enabled (#830) is not in mixedCase
Variable SDogeKing._balances (#627) is not in mixedCase
Variable SDogeKing._liquidityFee (#633) is not in mixedCase
Variable SDogeKing._marketingFee (#634) is not in mixedCase
Variable SDogeKing._buyBackFee (#635) is not in mixedCase
Variable SDogeKing._extraFeeOnSell (#636) is not in mixedCase
Variable SDogeKing._totalTaxIfBuying (#637) is not in mixedCase
Variable SDogeKing._totalTaxIfSelling (#638) is not in mixedCase
Variable SDogeKing._maxTxAmount (#641) is not in mixedCase
Variable SDogeKing._walletMax (#642) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#10)" inContext (#4-13)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in SDogeKing._transfer(address,address,uint256) (#902-955):
External calls:
- swapAndLiquify(contractTokenBalance) (#934)
- recipient.transfer(amount) (#846)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#934)
- recipient.transfer(amount) (#846)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#937-940)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#950)
- finalAmount = takeFee(sender,recipient,amount) (#942-945)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#1043)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#1044)
- finalAmount = takeFee(sender,recipient,amount) (#942-945)
- Transfer(sender,recipient,finalAmount) (#952)
Reentrancy in SDogeKing.swapAndLiquify(uint256) (#971-997):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#994)
- recipient.transfer(amount) (#846)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#995)
- recipient.transfer(amount) (#846)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#994)
- recipient.transfer(amount) (#846)
- transferToAddressETH(buyBackWalletAddress,amountBNBBuyBack) (#995)
- recipient.transfer(amount) (#846)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
- _allowances[owner][spender] = amount (#773)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#774)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#996)
Reentrancy in SDogeKing.transferFrom(address,address,uint256) (#885-900):
External calls:
- _transfer(sender,recipient,amount) (#890)
- recipient.transfer(amount) (#846)
External calls sending eth:
- _transfer(sender,recipient,amount) (#890)
- recipient.transfer(amount) (#846)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#1024-1031)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#891-898)
- _allowances[owner][spender] = amount (#773)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#774)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#891-898)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#414) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#415)
Prevent variables from having similar names.
Additional information: link
SDogeKing.slitherConstructorVariables() (#612-1049) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#624-625)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SDogeKing._decimals (#618) should be constant
SDogeKing._name (#616) should be constant
SDogeKing._symbol (#617) should be constant
SDogeKing._totalSupply (#640) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#230-233)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#235-242)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#244-246)
getTime() should be declared external:
- Ownable.getTime() (#248-250)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#252-257)
unlock() should be declared external:
- Ownable.unlock() (#259-267)
name() should be declared external:
- SDogeKing.name() (#694-696)
symbol() should be declared external:
- SDogeKing.symbol() (#698-700)
decimals() should be declared external:
- SDogeKing.decimals() (#702-704)
totalSupply() should be declared external:
- SDogeKing.totalSupply() (#706-708)
allowance(address,address) should be declared external:
- SDogeKing.allowance(address,address) (#714-721)
increaseAllowance(address,uint256) should be declared external:
- SDogeKing.increaseAllowance(address,uint256) (#723-734)
decreaseAllowance(address,uint256) should be declared external:
- SDogeKing.decreaseAllowance(address,uint256) (#736-750)
minimumTokensBeforeSwapAmount() should be declared external:
- SDogeKing.minimumTokensBeforeSwapAmount() (#752-754)
approve(address,uint256) should be declared external:
- SDogeKing.approve(address,uint256) (#756-763)
setIsExcludedFromFee(address,bool) should be declared external:
- SDogeKing.setIsExcludedFromFee(address,bool) (#777-782)
setSwapAndLiquifyEnabled(bool) should be declared external:
- SDogeKing.setSwapAndLiquifyEnabled(bool) (#830-833)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- SDogeKing.setSwapAndLiquifyByLimitOnly(bool) (#835-837)
getCirculatingSupply() should be declared external:
- SDogeKing.getCirculatingSupply() (#839-841)
changeRouterVersion(address) should be declared external:
- SDogeKing.changeRouterVersion(address) (#849-871)
transfer(address,uint256) should be declared external:
- SDogeKing.transfer(address,uint256) (#876-883)
transferFrom(address,address,uint256) should be declared external:
- SDogeKing.transferFrom(address,address,uint256) (#885-900)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Twitter account
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account