🐶 ShibAnime is new generation Ai powered NFT Marketplace where everyone can generate stunning anime-style artwork from a simple text prompt 😉Backed by ShibArmy 💪 ✅SAFU ✅KYC ✅Audit⚙️ Mobile App live on Playstore 📠 NFT Minting 🎁50% Minting Fee will be airdropped to NFT holders in 🐶$Shib 🔥STAKING 💎 DIAMOND HAND NFTs FOR BUYS OVER 5 BNB 💸GOLDEN HAND NFTs FOR BUYS OVER 2 BNB 🤩No Private Sale 💥No Team Token 💰10% CASHBACK FOR BUYS OVER 10BNB 🌐CMC & CG Listing 🚀 0% Tax 🔥BIGGEST BUYER REWARD 5 BNB 🔥
SplashShiba.contractSwap(uint256) (#525-559) sends eth to arbitrary user
Dangerous calls:
- (success,None) = _taxWallets.marketing.call{gas: 55000,value: marketingBalance}() (#554)
- (success,None) = _taxWallets.development.call{gas: 55000,value: developmentBalance}() (#557)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in SplashShiba._transfer(address,address,uint256) (#482-523):
External calls:
- contractSwap(contractTokenBalance) (#517)
- dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(contractTokenBalance,0,path,address(this),block.timestamp) (#539-547)
- (success,None) = _taxWallets.marketing.call{gas: 55000,value: marketingBalance}() (#554)
- (success,None) = _taxWallets.development.call{gas: 55000,value: developmentBalance}() (#557)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- protections.checkUser(from,to,amount) (#614-615)
External calls sending eth:
- contractSwap(contractTokenBalance) (#517)
- (success,None) = _taxWallets.marketing.call{gas: 55000,value: marketingBalance}() (#554)
- (success,None) = _taxWallets.development.call{gas: 55000,value: developmentBalance}() (#557)
State variables written after the call(s):
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- _liquidityHolders[from] = true (#564)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- _tOwned[from] -= amount (#622)
- _tOwned[address(this)] += feeAmount (#650)
- _tOwned[to] += amountReceived (#624)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- contractSwapEnabled = true (#570)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- protections = Protections(address(this)) (#568)
Apply the check-effects-interactions pattern.
Additional information: link
SplashShiba.sweepExternalTokens(address) (#596-602) ignores return value by TOKEN.transfer(_owner,TOKEN.balanceOf(address(this))) (#601)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains
Contract ownership is not renounced (belongs to a wallet)
SplashShiba._checkLiquidityAdd(address,address) (#561-573) has costly operations inside a loop:
- protections = Protections(address(this)) (#568)
SplashShiba._checkLiquidityAdd(address,address) (#561-573) has costly operations inside a loop:
- _hasLiqBeenAdded = true (#566)
SplashShiba._checkLiquidityAdd(address,address) (#561-573) has costly operations inside a loop:
- contractSwapEnabled = true (#570)
Use a local variable to hold the loop computation result.
Additional information: link
Pragma version>=0.6.0<0.9.0 (#2) is too complex
solc-0.8.19 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Reentrancy in SplashShiba.transferOwner(address) (#237-251):
External calls:
- finalizeTransfer(_owner,newOwner,balanceOf(_owner),false,false,true) (#244)
- protections.checkUser(from,to,amount) (#614-615)
State variables written after the call(s):
- _owner = newOwner (#248)
Reentrancy in SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool) (#612-633):
External calls:
- protections.checkUser(from,to,amount) (#614-615)
State variables written after the call(s):
- _checkLiquidityAdd(from,to) (#627)
- _liquidityHolders[from] = true (#564)
- _checkLiquidityAdd(from,to) (#627)
- protections = Protections(address(this)) (#568)
Reentrancy in SplashShiba.enableTrading() (#575-589):
External calls:
- protections.setLaunch(lpPair,uint32(block.number),uint64(block.timestamp),_decimals) (#581)
- protections.getInits(balanceOf(lpPair)) (#582-585)
State variables written after the call(s):
- tradingEnabled = true (#586)
Apply the check-effects-interactions pattern.
Additional information: link
SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool).check (#614) is a local variable never initialized
SplashShiba.enableTrading().initSwapAmount (#582) is a local variable never initialized
SplashShiba.enableTrading().initThreshold (#582) is a local variable never initialized
SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool).checked (#613) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool) (#612-633) ignores return value by protections.checkUser(from,to,amount) (#614-615)
SplashShiba.enableTrading() (#575-589) ignores return value by protections.getInits(balanceOf(lpPair)) (#582-585)
Ensure that all the return values of the function calls are used.
Additional information: link
SplashShiba.setPriceImpactSwapAmount(uint256) (#438-441) should emit an event for:
- piSwapPercent = priceImpactSwapPercent (#440)
SplashShiba.setSwapSettings(uint256,uint256,uint256,uint256) (#429-436) should emit an event for:
- swapThreshold = (_tTotal * thresholdPercent) / thresholdDivisor (#430)
- swapAmount = (_tTotal * amountPercent) / amountDivisor (#431)
Emit an event for critical parameter changes.
Additional information: link
SplashShiba.setOperator(address).newOperator (#265) lacks a zero-check on :
- operator = newOperator (#272)
Check that the address is not zero.
Additional information: link
SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool) (#612-633) has external calls inside a loop: protections.checkUser(from,to,amount) (#614-615)
Favor pull over push strategy for external calls.
Additional information: link
Variable 'SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool).check (#614)' in SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool) (#612-633) potentially used before declaration: checked = check (#615)
Variable 'SplashShiba.enableTrading().initThreshold (#582)' in SplashShiba.enableTrading() (#575-589) potentially used before declaration: swapThreshold = initThreshold (#583)
Variable 'SplashShiba.enableTrading().initSwapAmount (#582)' in SplashShiba.enableTrading() (#575-589) potentially used before declaration: swapAmount = initSwapAmount (#584)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
Reentrancy in SplashShiba.setNewRouter(address) (#329-343):
External calls:
- lpPair = IFactoryV2(_newRouter.factory()).createPair(address(this),_newRouter.WETH()) (#335)
State variables written after the call(s):
- _approve(address(this),address(dexRouter),type()(uint256).max) (#342)
- _allowances[sender][spender] = amount (#312)
- dexRouter = _newRouter (#340)
- lpPairs[lpPair] = true (#341)
Reentrancy in SplashShiba.enableTrading() (#575-589):
External calls:
- protections.setLaunch(lpPair,uint32(block.number),uint64(block.timestamp),_decimals) (#581)
- protections.getInits(balanceOf(lpPair)) (#582-585)
State variables written after the call(s):
- allowedPresaleExclusion = false (#587)
- launchStamp = block.timestamp (#588)
- swapAmount = initSwapAmount (#584)
- swapThreshold = initThreshold (#583)
Reentrancy in SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool) (#612-633):
External calls:
- protections.checkUser(from,to,amount) (#614-615)
State variables written after the call(s):
- _checkLiquidityAdd(from,to) (#627)
- _hasLiqBeenAdded = true (#566)
- _checkLiquidityAdd(from,to) (#627)
- _isExcludedFromFees[from] = true (#565)
- _tOwned[from] -= amount (#622)
- _tOwned[to] += amountReceived (#624)
- amountReceived = takeTaxes(from,buy,sell,amount) (#623)
- _tOwned[address(this)] += feeAmount (#650)
- _checkLiquidityAdd(from,to) (#627)
- contractSwapEnabled = true (#570)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in SplashShiba.finalizeTransfer(address,address,uint256,bool,bool,bool) (#612-633):
External calls:
- protections.checkUser(from,to,amount) (#614-615)
Event emitted after the call(s):
- ContractSwapEnabledUpdated(true) (#571)
- _checkLiquidityAdd(from,to) (#627)
- Transfer(from,address(this),feeAmount) (#651)
- amountReceived = takeTaxes(from,buy,sell,amount) (#623)
- Transfer(from,to,amountReceived) (#625)
Reentrancy in SplashShiba.setNewRouter(address) (#329-343):
External calls:
- lpPair = IFactoryV2(_newRouter.factory()).createPair(address(this),_newRouter.WETH()) (#335)
Event emitted after the call(s):
- Approval(sender,spender,amount) (#313)
- _approve(address(this),address(dexRouter),type()(uint256).max) (#342)
Reentrancy in SplashShiba.transferOwner(address) (#237-251):
External calls:
- finalizeTransfer(_owner,newOwner,balanceOf(_owner),false,false,true) (#244)
- protections.checkUser(from,to,amount) (#614-615)
Event emitted after the call(s):
- OwnershipTransferred(oldOwner,newOwner) (#249)
Reentrancy in SplashShiba._transfer(address,address,uint256) (#482-523):
External calls:
- contractSwap(contractTokenBalance) (#517)
- dexRouter.swapExactTokensForETHSupportingFeeOnTransferTokens(contractTokenBalance,0,path,address(this),block.timestamp) (#539-547)
- (success,None) = _taxWallets.marketing.call{gas: 55000,value: marketingBalance}() (#554)
- (success,None) = _taxWallets.development.call{gas: 55000,value: developmentBalance}() (#557)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- protections.checkUser(from,to,amount) (#614-615)
External calls sending eth:
- contractSwap(contractTokenBalance) (#517)
- (success,None) = _taxWallets.marketing.call{gas: 55000,value: marketingBalance}() (#554)
- (success,None) = _taxWallets.development.call{gas: 55000,value: developmentBalance}() (#557)
Event emitted after the call(s):
- ContractSwapEnabledUpdated(true) (#571)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- Transfer(from,address(this),feeAmount) (#651)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
- Transfer(from,to,amountReceived) (#625)
- finalizeTransfer(from,to,amount,buy,sell,other) (#522)
Apply the check-effects-interactions pattern.
Additional information: link
SplashShiba.setLpPair(address,bool) (#345-358) uses timestamp for comparisons
Dangerous comparisons:
- timeSinceLastPair != 0 (#350)
- require(bool,string)(block.timestamp - timeSinceLastPair > 259200,3 Day cooldown.) (#351)
Avoid relying on block.timestamp.
Additional information: link
Low level call in SplashShiba.contractSwap(uint256) (#525-559):
- (success,None) = _taxWallets.marketing.call{gas: 55000,value: marketingBalance}() (#554)
- (success,None) = _taxWallets.development.call{gas: 55000,value: developmentBalance}() (#557)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Constant SplashShiba._decimals (#115) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba._tTotal (#116) is not in UPPER_CASE_WITH_UNDERSCORES
Variable SplashShiba._taxWallets (#158-161) is not in mixedCase
Variable SplashShiba._hasLiqBeenAdded (#171) is not in mixedCase
Function IRouter01.WETH() (#33) is not in mixedCase
Constant SplashShiba.masterTaxDivisor (#146) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba.maxTransferTaxes (#144) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba.maxSellTaxes (#143) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba.maxBuyTaxes (#142) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba._symbol (#114) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba.startingSupply (#112) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba.maxRoundtripTaxes (#145) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SplashShiba._name (#113) is not in UPPER_CASE_WITH_UNDERSCORES
Parameter SplashShiba.setProtectionSettings(bool,bool)._antiBlock (#390) is not in mixedCase
Variable SplashShiba._taxRates (#130-134) is not in mixedCase
Parameter SplashShiba.setProtectionSettings(bool,bool)._antiSnipe (#390) is not in mixedCase
Variable SplashShiba._ratios (#136-140) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#45) is too similar to IRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#46)
Prevent variables from having similar names.
Additional information: link
SplashShiba.slitherConstructorConstantVariables() (#101-657) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#151)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
transfer(address,uint256) should be declared external:
- SplashShiba.transfer(address,uint256) (#298-301)
getCirculatingSupply() should be declared external:
- SplashShiba.getCirculatingSupply() (#382-384)
enableTrading() should be declared external:
- SplashShiba.enableTrading() (#575-589)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Young tokens have high risks of price dump / death
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account