Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
SketeDavidson.swapBack() (#344-378) sends eth to arbitrary user
Dangerous calls:
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in SketeDavidson._transferFrom(address,address,uint256) (#278-298):
External calls:
- swapBack() (#287)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#355-361)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
External calls sending eth:
- swapBack() (#287)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#291)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#294)
- amountReceived = takeFee(sender,recipient,amount) (#293)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#331)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
SketeDavidson.slitherConstructorVariables() (#191-477) performs a multiplication on the result of a division:
-swapThreshold = _totalSupply / 1000 * 3 (#229)
Consider ordering multiplication before division.
Additional information: link
SketeDavidson.addLiquidity(uint256,uint256) (#380-392) ignores return value by router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
Ensure that all the return values of the function calls are used.
Additional information: link
SketeDavidson.setTxLimit(uint256) (#415-418) should emit an event for:
- _maxTxAmount = amount (#417)
SketeDavidson.setFees(uint256,uint256,uint256,uint256,uint256) (#433-440) should emit an event for:
- liquidityFee = _liquidityFee (#434)
- buybackFee = _buybackFee (#436)
- marketingFee = _marketingFee (#437)
- totalFee = _liquidityFee.add(_buybackFee).add(_marketingFee) (#438)
- feeDenominator = _feeDenominator (#439)
Emit an event for critical parameter changes.
Additional information: link
Auth.transferOwnership(address).adr (#130) lacks a zero-check on :
- owner = adr (#131)
SketeDavidson.setFeeReceiver(address,address)._marketingFeeReceiver (#442) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#443)
SketeDavidson.setFeeReceiver(address,address)._buybackFeeReceiver (#442) lacks a zero-check on :
- buybackFeeReceiver = _buybackFeeReceiver (#444)
Check that the address is not zero.
Additional information: link
Reentrancy in SketeDavidson._transferFrom(address,address,uint256) (#278-298):
External calls:
- swapBack() (#287)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#355-361)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
External calls sending eth:
- swapBack() (#287)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
State variables written after the call(s):
- launch() (#289)
- launchedAt = block.number (#412)
Reentrancy in SketeDavidson.constructor() (#233-244):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#235)
State variables written after the call(s):
- _allowances[address(this)][address(router)] = type()(uint256).max (#236)
- _balances[_owner] = _totalSupply (#242)
- isFeeExempt[_owner] = true (#239)
- isTxLimitExempt[_owner] = true (#240)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in SketeDavidson._transferFrom(address,address,uint256) (#278-298):
External calls:
- swapBack() (#287)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#355-361)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
External calls sending eth:
- swapBack() (#287)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#332)
- amountReceived = takeFee(sender,recipient,amount) (#293)
- Transfer(sender,recipient,amountReceived) (#296)
Reentrancy in SketeDavidson.addLiquidity(uint256,uint256) (#380-392):
External calls:
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
Event emitted after the call(s):
- AutoLiquify(BNBAmount,tokenAmount) (#390)
Reentrancy in SketeDavidson.constructor() (#233-244):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#235)
Event emitted after the call(s):
- Transfer(address(0),_owner,_totalSupply) (#243)
Reentrancy in SketeDavidson.swapBack() (#344-378):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#355-361)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
- addLiquidity(amountToLiquify,amountBNBLiquidity) (#377)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
External calls sending eth:
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
- addLiquidity(amountToLiquify,amountBNBLiquidity) (#377)
- router.addLiquidityETH{value: BNBAmount}(address(this),tokenAmount,0,0,address(this),block.timestamp) (#382-389)
Event emitted after the call(s):
- AutoLiquify(BNBAmount,tokenAmount) (#390)
- addLiquidity(amountToLiquify,amountBNBLiquidity) (#377)
Apply the check-effects-interactions pattern.
Additional information: link
SketeDavidson.AntiDumpMultiplier() (#321-326) uses timestamp for comparisons
Dangerous comparisons:
- time_since_start > 1 * hour (#324)
Avoid relying on block.timestamp.
Additional information: link
SketeDavidson.buyTokens(uint256,address) (#394-405) is never used and should be removed
Remove unused functions.
Additional information: link
SketeDavidson._maxTxAmount (#203) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 3) / 100
SketeDavidson._maxWalletSize (#204) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 3) / 100
SketeDavidson.swapThreshold (#229) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 1000 * 3
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in SketeDavidson.swapBack() (#344-378):
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#370)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#372)
- (DevSuccess) = address(DevFeeReceiver).call{gas: 30000,value: amountBNBDev}() (#374)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IDEXRouter.WETH() (#145) is not in mixedCase
Function SketeDavidson.AntiDumpMultiplier() (#321-326) is not in mixedCase
Parameter SketeDavidson.addLiquidity(uint256,uint256).BNBAmount (#380) is not in mixedCase
Parameter SketeDavidson.setFees(uint256,uint256,uint256,uint256,uint256)._liquidityFee (#433) is not in mixedCase
Parameter SketeDavidson.setFees(uint256,uint256,uint256,uint256,uint256)._buybackFee (#433) is not in mixedCase
Parameter SketeDavidson.setFees(uint256,uint256,uint256,uint256,uint256)._devFee (#433) is not in mixedCase
Parameter SketeDavidson.setFees(uint256,uint256,uint256,uint256,uint256)._marketingFee (#433) is not in mixedCase
Parameter SketeDavidson.setFees(uint256,uint256,uint256,uint256,uint256)._feeDenominator (#433) is not in mixedCase
Parameter SketeDavidson.setFeeReceiver(address,address)._marketingFeeReceiver (#442) is not in mixedCase
Parameter SketeDavidson.setFeeReceiver(address,address)._buybackFeeReceiver (#442) is not in mixedCase
Parameter SketeDavidson.setSwapBackSettings(bool,uint256)._enabled (#447) is not in mixedCase
Parameter SketeDavidson.setSwapBackSettings(bool,uint256)._amount (#447) is not in mixedCase
Parameter SketeDavidson.transferForeignToken(address)._token (#457) is not in mixedCase
Variable SketeDavidson.WBNB (#194) is not in mixedCase
Variable SketeDavidson.DEAD (#195) is not in mixedCase
Variable SketeDavidson.ZERO (#196) is not in mixedCase
Constant SketeDavidson._name (#198) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SketeDavidson._symbol (#199) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SketeDavidson._decimals (#200) is not in UPPER_CASE_WITH_UNDERSCORES
Variable SketeDavidson._totalSupply (#202) is not in mixedCase
Variable SketeDavidson._maxTxAmount (#203) is not in mixedCase
Variable SketeDavidson._maxWalletSize (#204) is not in mixedCase
Variable SketeDavidson._balances (#206) is not in mixedCase
Variable SketeDavidson._allowances (#207) is not in mixedCase
Variable SketeDavidson.DevFeeReceiver (#221) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#150) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#151)
Prevent variables from having similar names.
Additional information: link
SketeDavidson.slitherConstructorVariables() (#191-477) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#195)
SketeDavidson.slitherConstructorVariables() (#191-477) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#196)
SketeDavidson.slitherConstructorVariables() (#191-477) uses literals with too many digits:
- _totalSupply = 10000000 * (10 ** _decimals) (#202)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SketeDavidson.DEAD (#195) should be constant
SketeDavidson.DevFeeReceiver (#221) should be constant
SketeDavidson.WBNB (#194) should be constant
SketeDavidson.ZERO (#196) should be constant
SketeDavidson._totalSupply (#202) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
authorize(address) should be declared external:
- Auth.authorize(address) (#102-104)
unauthorize(address) should be declared external:
- Auth.unauthorize(address) (#109-111)
transferOwnership(address) should be declared external:
- Auth.transferOwnership(address) (#130-134)
transferForeignToken(address) should be declared external:
- SketeDavidson.transferForeignToken(address) (#457-461)
isOverLiquified(uint256,uint256) should be declared external:
- SketeDavidson.isOverLiquified(uint256,uint256) (#471-473)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts