Salary token ($SLR) is part of the Salary Eco Finance ecosystem. SLR is a ‘Reflection Token’ that operates on the Binance Smart Chain. A percentage of all transactions are taxed and redistributed to all Holders.
All revenue is paid to Holders in USDT, frictionlessly - simply for holding the SLR token in a BSC wallet with Pegged $USDTether enabled.
Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Reentrancy in Salary._transfer(address,address,uint256) (#1645-1752):
External calls:
- swapAndSendDividends(amountRewards) (#1699)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
- swapAndSendMarketing(amountMarketing) (#1707)
- IERC20(USDT).transfer(address(marketingWallet),marketing) (#1780)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
External calls sending eth:
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
State variables written after the call(s):
- super._transfer(from,address(this),fees) (#1734)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#951)
- _balances[recipient] = _balances[recipient].add(amount) (#952)
- super._transfer(from,to,amount) (#1737)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#951)
- _balances[recipient] = _balances[recipient].add(amount) (#952)
- swapping = false (#1710)
Apply the check-effects-interactions pattern.
Additional information: link
Salary.swapAndSendMarketing(uint256) (#1777-1781) ignores return value by IERC20(USDT).transfer(address(marketingWallet),marketing) (#1780)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Salary.liquidityFee (#1296) is never initialized. It is used in:
- Salary.slitherConstructorVariables() (#1277-1862)
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Salary.addLiquidity(uint256,uint256) (#1843-1857) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ownership is not renounced (belongs to a wallet)
Reentrancy in DividendPayingToken._withdrawDividendOfUser(address) (#1172-1188):
External calls:
- success = IERC20(USDT).transfer(user,_withdrawableDividend) (#1177)
State variables written after the call(s):
- withdrawnDividends[user] = withdrawnDividends[user].sub(_withdrawableDividend) (#1180)
Reentrancy in Salary.updateDividendTracker(address) (#1413-1428):
External calls:
- newDividendTracker.excludeFromDividends(address(newDividendTracker)) (#1420)
- newDividendTracker.excludeFromDividends(address(this)) (#1421)
- newDividendTracker.excludeFromDividends(deadWallet) (#1422)
- newDividendTracker.excludeFromDividends(address(uniswapV2Router)) (#1423)
State variables written after the call(s):
- dividendTracker = newDividendTracker (#1427)
Apply the check-effects-interactions pattern.
Additional information: link
Salary._transfer(address,address,uint256).claims (#1745) is a local variable never initialized
Salary._transfer(address,address,uint256).lastProcessedIndex (#1745) is a local variable never initialized
Salary._transfer(address,address,uint256).iterations (#1745) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Salary.claim() (#1625-1627) ignores return value by dividendTracker.processAccount(msg.sender,false) (#1626)
Salary.claimAddress(address) (#1629-1631) ignores return value by dividendTracker.processAccount(address(claimee),false) (#1630)
Salary._transfer(address,address,uint256) (#1645-1752) ignores return value by dividendTracker.process(gas) (#1745-1750)
Salary.addLiquidity(uint256,uint256) (#1843-1857) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
Ensure that all the return values of the function calls are used.
Additional information: link
DividendPayingToken.constructor(string,string)._name (#1146) shadows:
- ERC20._name (#773) (state variable)
DividendPayingToken.constructor(string,string)._symbol (#1146) shadows:
- ERC20._symbol (#774) (state variable)
DividendPayingToken.dividendOf(address)._owner (#1194) shadows:
- Ownable._owner (#289) (state variable)
DividendPayingToken.withdrawableDividendOf(address)._owner (#1201) shadows:
- Ownable._owner (#289) (state variable)
DividendPayingToken.withdrawnDividendOf(address)._owner (#1208) shadows:
- Ownable._owner (#289) (state variable)
DividendPayingToken.accumulativeDividendOf(address)._owner (#1218) shadows:
- Ownable._owner (#289) (state variable)
Rename the local variables that shadow another component.
Additional information: link
Salary.setSwapTokensAtAmount(uint256) (#1458-1460) should emit an event for:
- swapTokensAtAmount = amount (#1459)
Salary.setSwapTokensAtAmountMax(uint256) (#1462-1464) should emit an event for:
- swapTokensAtAmountMax = amount (#1463)
Salary.setFeesSell(uint256,uint256,uint256) (#1474-1480) should emit an event for:
- rewardTokenFeeOnSell = _rewardTokenFeeOnSell (#1475)
- marketingFeeOnSell = _marketingFeeOnSell (#1476)
- liquidityFeeOnSell = _liquidityFeeOnSell (#1477)
- totalFeesOnSell = _rewardTokenFeeOnSell + _marketingFeeOnSell + _liquidityFeeOnSell (#1478)
Salary.setFeesBuy(uint256,uint256,uint256) (#1482-1488) should emit an event for:
- rewardTokenFeeOnBuy = _rewardTokenFeeOnBuy (#1483)
- marketingFeeOnBuy = _marketingFeeOnBuy (#1484)
- liquidityFeeOnBuy = _liquidityFeeOnBuy (#1485)
- totalFeesOnBuy = _rewardTokenFeeOnBuy + _marketingFeeOnBuy + _liquidityFeeOnBuy (#1486)
Salary.setMaxTransferAmountRate(uint256) (#1515-1518) should emit an event for:
- maxTransferAmountRate = _val (#1517)
Salary.setmaxWalletAmountRateDenominator1000(uint256) (#1525-1528) should emit an event for:
- maxWalletRate = _val (#1527)
SalaryDividendTracker.setLastProcessedIndex(uint256) (#1919-1921) should emit an event for:
- lastProcessedIndex = index (#1920)
Emit an event for critical parameter changes.
Additional information: link
Ownable.constructor().msgSender (#297) lacks a zero-check on :
- _owner = msgSender (#298)
Salary.updateUniswapV2Router(address)._uniswapV2Pair (#1434-1435) lacks a zero-check on :
- uniswapV2Pair = _uniswapV2Pair (#1436)
Salary.setMarketingWallet(address).wallet (#1466) lacks a zero-check on :
- marketingWallet = wallet (#1467)
Salary.setLiquidityWallet(address).wallet (#1470) lacks a zero-check on :
- liquidityWallet = wallet (#1471)
Check that the address is not zero.
Additional information: link
Variable 'Salary._transfer(address,address,uint256).lastProcessedIndex (#1745)' in Salary._transfer(address,address,uint256) (#1645-1752) potentially used before declaration: ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1746)
Variable 'Salary._transfer(address,address,uint256).claims (#1745)' in Salary._transfer(address,address,uint256) (#1645-1752) potentially used before declaration: ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1746)
Variable 'Salary._transfer(address,address,uint256).iterations (#1745)' in Salary._transfer(address,address,uint256) (#1645-1752) potentially used before declaration: ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1746)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
Reentrancy in Salary._transfer(address,address,uint256) (#1645-1752):
External calls:
- swapAndSendDividends(amountRewards) (#1699)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
External calls sending eth:
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
State variables written after the call(s):
- swapAndLiquify(amountToLiquify) (#1703)
- _allowances[owner][spender] = amount (#1017)
Reentrancy in Salary._transfer(address,address,uint256) (#1645-1752):
External calls:
- swapAndSendDividends(amountRewards) (#1699)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
- swapAndSendMarketing(amountMarketing) (#1707)
- IERC20(USDT).transfer(address(marketingWallet),marketing) (#1780)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
External calls sending eth:
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
State variables written after the call(s):
- swapAndSendMarketing(amountMarketing) (#1707)
- _allowances[owner][spender] = amount (#1017)
- setFeesOnBuy() (#1726)
- marketingFee = marketingFeeOnBuy (#1762)
- setFeesOnSell() (#1728)
- marketingFee = marketingFeeOnSell (#1756)
- setFeesOnBuy() (#1726)
- rewardTokenFee = rewardTokenFeeOnBuy (#1761)
- setFeesOnSell() (#1728)
- rewardTokenFee = rewardTokenFeeOnSell (#1755)
- setFeesOnBuy() (#1726)
- totalFees = totalFeesOnBuy (#1763)
- setFeesOnSell() (#1728)
- totalFees = totalFeesOnSell (#1757)
Reentrancy in Salary.constructor(address) (#1364-1407):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1370-1371)
State variables written after the call(s):
- uniswapV2Pair = _uniswapV2Pair (#1374)
- uniswapV2Router = _uniswapV2Router (#1373)
Reentrancy in Salary.constructor(address) (#1364-1407):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1370-1371)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#1376)
- dividendTracker.excludeFromDividends(pair) (#1549)
- dividendTracker.excludeFromDividends(address(dividendTracker)) (#1379)
- dividendTracker.excludeFromDividends(address(this)) (#1380)
- dividendTracker.excludeFromDividends(deadWallet) (#1381)
- dividendTracker.excludeFromDividends(address(_uniswapV2Router)) (#1382)
State variables written after the call(s):
- _mint(_newOwner,1000000 * (10 ** 18)) (#1406)
- _balances[account] = _balances[account].add(amount) (#971)
- _isExcludedFromAntiWhale[_newOwner] = true (#1385)
- _isExcludedFromAntiWhale[address(0)] = true (#1386)
- _isExcludedFromAntiWhale[address(this)] = true (#1387)
- _isExcludedFromAntiWhale[deadWallet] = true (#1388)
- excludeFromFees(_newOwner,true) (#1397)
- _isExcludedFromFees[account] = excluded (#1441)
- excludeFromFees(marketingWallet,true) (#1398)
- _isExcludedFromFees[account] = excluded (#1441)
- excludeFromFees(liquidityWallet,true) (#1399)
- _isExcludedFromFees[account] = excluded (#1441)
- excludeFromFees(address(this),true) (#1400)
- _isExcludedFromFees[account] = excluded (#1441)
- _isExcludedFromMaxWallet[_newOwner] = true (#1391)
- _isExcludedFromMaxWallet[address(0)] = true (#1392)
- _isExcludedFromMaxWallet[address(this)] = true (#1393)
- _isExcludedFromMaxWallet[deadWallet] = true (#1394)
- _mint(_newOwner,1000000 * (10 ** 18)) (#1406)
- _totalSupply = _totalSupply.add(amount) (#970)
Reentrancy in SalaryDividendTracker.processAccount(address,bool) (#2069-2079):
External calls:
- amount = _withdrawDividendOfUser(account) (#2070)
- success = IERC20(USDT).transfer(user,_withdrawableDividend) (#1177)
State variables written after the call(s):
- lastClaimTimes[account] = block.timestamp (#2073)
Reentrancy in Salary.swapAndLiquify(uint256) (#1802-1823):
External calls:
- swapTokensForEth(half) (#1814)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
- addLiquidity(otherHalf,newBalance) (#1820)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
External calls sending eth:
- addLiquidity(otherHalf,newBalance) (#1820)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
State variables written after the call(s):
- addLiquidity(otherHalf,newBalance) (#1820)
- _allowances[owner][spender] = amount (#1017)
Reentrancy in Salary.updateUniswapV2Router(address) (#1430-1437):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(uniswapV2Router.factory()).createPair(address(this),uniswapV2Router.WETH()) (#1434-1435)
State variables written after the call(s):
- uniswapV2Pair = _uniswapV2Pair (#1436)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in Salary._setAutomatedMarketMakerPair(address,bool) (#1544-1553):
External calls:
- dividendTracker.excludeFromDividends(pair) (#1549)
Event emitted after the call(s):
- SetAutomatedMarketMakerPair(pair,value) (#1552)
Reentrancy in Salary._transfer(address,address,uint256) (#1645-1752):
External calls:
- swapAndSendDividends(amountRewards) (#1699)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
External calls sending eth:
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#1018)
- swapAndLiquify(amountToLiquify) (#1703)
- SwapAndLiquify(half,newBalance,otherHalf) (#1822)
- swapAndLiquify(amountToLiquify) (#1703)
Reentrancy in Salary._transfer(address,address,uint256) (#1645-1752):
External calls:
- swapAndSendDividends(amountRewards) (#1699)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
- swapAndSendMarketing(amountMarketing) (#1707)
- IERC20(USDT).transfer(address(marketingWallet),marketing) (#1780)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
External calls sending eth:
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#1018)
- swapAndSendMarketing(amountMarketing) (#1707)
- Transfer(sender,recipient,amount) (#953)
- super._transfer(from,to,amount) (#1737)
- Transfer(sender,recipient,amount) (#953)
- super._transfer(from,address(this),fees) (#1734)
Reentrancy in Salary._transfer(address,address,uint256) (#1645-1752):
External calls:
- swapAndSendDividends(amountRewards) (#1699)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
- swapAndSendMarketing(amountMarketing) (#1707)
- IERC20(USDT).transfer(address(marketingWallet),marketing) (#1780)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- dividendTracker.setBalance(address(from),balanceOf(from)) (#1739)
- dividendTracker.setBalance(address(to),balanceOf(to)) (#1740)
- dividendTracker.process(gas) (#1745-1750)
External calls sending eth:
- swapAndLiquify(amountToLiquify) (#1703)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
Event emitted after the call(s):
- ProcessedDividendTracker(iterations,claims,lastProcessedIndex,true,gas,tx.origin) (#1746)
Reentrancy in Salary.constructor(address) (#1364-1407):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1370-1371)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#1376)
- dividendTracker.excludeFromDividends(pair) (#1549)
Event emitted after the call(s):
- SetAutomatedMarketMakerPair(pair,value) (#1552)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#1376)
Reentrancy in Salary.constructor(address) (#1364-1407):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#1370-1371)
- _setAutomatedMarketMakerPair(_uniswapV2Pair,true) (#1376)
- dividendTracker.excludeFromDividends(pair) (#1549)
- dividendTracker.excludeFromDividends(address(dividendTracker)) (#1379)
- dividendTracker.excludeFromDividends(address(this)) (#1380)
- dividendTracker.excludeFromDividends(deadWallet) (#1381)
- dividendTracker.excludeFromDividends(address(_uniswapV2Router)) (#1382)
Event emitted after the call(s):
- ExcludeFromFees(account,excluded) (#1443)
- excludeFromFees(_newOwner,true) (#1397)
- ExcludeFromFees(account,excluded) (#1443)
- excludeFromFees(address(this),true) (#1400)
- ExcludeFromFees(account,excluded) (#1443)
- excludeFromFees(liquidityWallet,true) (#1399)
- ExcludeFromFees(account,excluded) (#1443)
- excludeFromFees(marketingWallet,true) (#1398)
- Transfer(address(0),account,amount) (#972)
- _mint(_newOwner,1000000 * (10 ** 18)) (#1406)
Reentrancy in SalaryDividendTracker.processAccount(address,bool) (#2069-2079):
External calls:
- amount = _withdrawDividendOfUser(account) (#2070)
- success = IERC20(USDT).transfer(user,_withdrawableDividend) (#1177)
Event emitted after the call(s):
- Claim(account,amount,automatic) (#2074)
Reentrancy in Salary.processDividendTracker(uint256) (#1620-1623):
External calls:
- (iterations,claims,lastProcessedIndex) = dividendTracker.process(gas) (#1621)
Event emitted after the call(s):
- ProcessedDividendTracker(iterations,claims,lastProcessedIndex,false,gas,tx.origin) (#1622)
Reentrancy in Salary.swapAndLiquify(uint256) (#1802-1823):
External calls:
- swapTokensForEth(half) (#1814)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1834-1840)
- addLiquidity(otherHalf,newBalance) (#1820)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
External calls sending eth:
- addLiquidity(otherHalf,newBalance) (#1820)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,liquidityWallet,block.timestamp) (#1849-1856)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#1018)
- addLiquidity(otherHalf,newBalance) (#1820)
- SwapAndLiquify(half,newBalance,otherHalf) (#1822)
Reentrancy in Salary.swapAndSendDividends(uint256) (#1766-1775):
External calls:
- swapTokensForUSDT(tokens) (#1767)
- uniswapV2Router.swapExactTokensForTokensSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#1793-1799)
- success = IERC20(USDT).transfer(address(dividendTracker),dividends) (#1769)
- dividendTracker.distributeDividends(dividends) (#1772)
Event emitted after the call(s):
- SendDividends(tokens,dividends) (#1773)
Reentrancy in Salary.updateDividendTracker(address) (#1413-1428):
External calls:
- newDividendTracker.excludeFromDividends(address(newDividendTracker)) (#1420)
- newDividendTracker.excludeFromDividends(address(this)) (#1421)
- newDividendTracker.excludeFromDividends(deadWallet) (#1422)
- newDividendTracker.excludeFromDividends(address(uniswapV2Router)) (#1423)
Event emitted after the call(s):
- UpdateDividendTracker(newAddress,address(dividendTracker)) (#1425)
Apply the check-effects-interactions pattern.
Additional information: link
SalaryDividendTracker.getAccount(address) (#1933-1976) uses timestamp for comparisons
Dangerous comparisons:
- nextClaimTime > block.timestamp (#1973-1975)
SalaryDividendTracker.canAutoClaim(uint256) (#1997-2003) uses timestamp for comparisons
Dangerous comparisons:
- lastClaimTime > block.timestamp (#1998)
- block.timestamp.sub(lastClaimTime) >= claimWait (#2002)
Avoid relying on block.timestamp.
Additional information: link
Salary._transfer(address,address,uint256) (#1645-1752) compares to a boolean constant:
-_isExcludedFromMaxWallet[from] == false && _isExcludedFromMaxWallet[to] == false && to != uniswapV2Pair (#1662-1664)
Salary._transfer(address,address,uint256) (#1645-1752) compares to a boolean constant:
-_isExcludedFromAntiWhale[from] == false && _isExcludedFromAntiWhale[to] == false (#1673-1674)
Remove the equality to the boolean constant.
Additional information: link
Context._msgData() (#20-23) is never used and should be removed
DividendPayingToken._transfer(address,address,uint256) (#1228-1234) is never used and should be removed
SafeMath.mod(uint256,uint256) (#261-263) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#277-280) is never used and should be removed
SafeMathInt.abs(int256) (#124-127) is never used and should be removed
SafeMathInt.div(int256,int256) (#95-101) is never used and should be removed
SafeMathInt.mul(int256,int256) (#83-90) is never used and should be removed
Remove unused functions.
Additional information: link
Function IUniswapV2Router01.WETH() (#347) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#503) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#504) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#521) is not in mixedCase
Parameter DividendPayingToken.dividendOf(address)._owner (#1194) is not in mixedCase
Parameter DividendPayingToken.withdrawableDividendOf(address)._owner (#1201) is not in mixedCase
Parameter DividendPayingToken.withdrawnDividendOf(address)._owner (#1208) is not in mixedCase
Parameter DividendPayingToken.accumulativeDividendOf(address)._owner (#1218) is not in mixedCase
Variable DividendPayingToken.USDT (#1120) is not in mixedCase
Constant DividendPayingToken.magnitude (#1126) is not in UPPER_CASE_WITH_UNDERSCORES
Parameter Salary.setFeesSell(uint256,uint256,uint256)._rewardTokenFeeOnSell (#1474) is not in mixedCase
Parameter Salary.setFeesSell(uint256,uint256,uint256)._marketingFeeOnSell (#1474) is not in mixedCase
Parameter Salary.setFeesSell(uint256,uint256,uint256)._liquidityFeeOnSell (#1474) is not in mixedCase
Parameter Salary.setFeesBuy(uint256,uint256,uint256)._rewardTokenFeeOnBuy (#1482) is not in mixedCase
Parameter Salary.setFeesBuy(uint256,uint256,uint256)._marketingFeeOnBuy (#1482) is not in mixedCase
Parameter Salary.setFeesBuy(uint256,uint256,uint256)._liquidityFeeOnBuy (#1482) is not in mixedCase
Parameter Salary.setTradingIsEnabled(bool)._enabled (#1494) is not in mixedCase
Parameter Salary.setEnableAntiwhale(bool)._val (#1507) is not in mixedCase
Parameter Salary.setMaxTransferAmountRate(uint256)._val (#1515) is not in mixedCase
Parameter Salary.setmaxWalletAmountRateDenominator1000(uint256)._val (#1525) is not in mixedCase
Parameter Salary.setenableMaxWallet(bool)._val (#1534) is not in mixedCase
Variable Salary.USDT (#1289) is not in mixedCase
Parameter SalaryDividendTracker.updateMinimumTokenBalanceForDividends(uint256)._newMinimumBalance (#1897) is not in mixedCase
Parameter SalaryDividendTracker.getAccount(address)._account (#1933) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#324-327)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#333-337)
get(IterableMapping.Map,address) should be declared external:
- IterableMapping.get(IterableMapping.Map,address) (#571-573)
getIndexOfKey(IterableMapping.Map,address) should be declared external:
- IterableMapping.getIndexOfKey(IterableMapping.Map,address) (#575-580)
getKeyAtIndex(IterableMapping.Map,uint256) should be declared external:
- IterableMapping.getKeyAtIndex(IterableMapping.Map,uint256) (#582-584)
size(IterableMapping.Map) should be declared external:
- IterableMapping.size(IterableMapping.Map) (#588-590)
name() should be declared external:
- ERC20.name() (#793-795)
symbol() should be declared external:
- ERC20.symbol() (#801-803)
decimals() should be declared external:
- ERC20.decimals() (#818-820)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#844-847)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#852-854)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#863-866)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#881-889)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#903-906)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#922-925)
distributeDividends(uint256) should be declared external:
- DividendPayingToken.distributeDividends(uint256) (#1151-1162)
withdrawDividend() should be declared external:
- DividendPayingToken.withdrawDividend() (#1166-1168)
- SalaryDividendTracker.withdrawDividend() (#1893-1895)
dividendOf(address) should be declared external:
- DividendPayingToken.dividendOf(address) (#1194-1196)
withdrawnDividendOf(address) should be declared external:
- DividendPayingToken.withdrawnDividendOf(address) (#1208-1210)
updateDividendTracker(address) should be declared external:
- Salary.updateDividendTracker(address) (#1413-1428)
updateUniswapV2Router(address) should be declared external:
- Salary.updateUniswapV2Router(address) (#1430-1437)
isExcludedFromMaxWallet(address) should be declared external:
- Salary.isExcludedFromMaxWallet(address) (#1446-1448)
excludeMultipleAccountsFromFees(address[],bool) should be declared external:
- Salary.excludeMultipleAccountsFromFees(address[],bool) (#1450-1456)
setFeesSell(uint256,uint256,uint256) should be declared external:
- Salary.setFeesSell(uint256,uint256,uint256) (#1474-1480)
setFeesBuy(uint256,uint256,uint256) should be declared external:
- Salary.setFeesBuy(uint256,uint256,uint256) (#1482-1488)
blacklist(address,bool) should be declared external:
- Salary.blacklist(address,bool) (#1490-1492)
isExcludedFromAntiWhale(address) should be declared external:
- Salary.isExcludedFromAntiWhale(address) (#1499-1501)
setExcludedFromAntiWhale(address,bool) should be declared external:
- Salary.setExcludedFromAntiWhale(address,bool) (#1503-1505)
setEnableAntiwhale(bool) should be declared external:
- Salary.setEnableAntiwhale(bool) (#1507-1509)
setMaxTransferAmountRate(uint256) should be declared external:
- Salary.setMaxTransferAmountRate(uint256) (#1515-1518)
setmaxWalletAmountRateDenominator1000(uint256) should be declared external:
- Salary.setmaxWalletAmountRateDenominator1000(uint256) (#1525-1528)
setExcludeFromMaxWallet(address,bool) should be declared external:
- Salary.setExcludeFromMaxWallet(address,bool) (#1530-1532)
setenableMaxWallet(bool) should be declared external:
- Salary.setenableMaxWallet(bool) (#1534-1536)
setAutomatedMarketMakerPair(address,bool) should be declared external:
- Salary.setAutomatedMarketMakerPair(address,bool) (#1538-1542)
updateGasForProcessing(uint256) should be declared external:
- Salary.updateGasForProcessing(uint256) (#1555-1560)
isExcludedFromFees(address) should be declared external:
- Salary.isExcludedFromFees(address) (#1578-1580)
withdrawableDividendOf(address) should be declared external:
- Salary.withdrawableDividendOf(address) (#1582-1584)
dividendTokenBalanceOf(address) should be declared external:
- Salary.dividendTokenBalanceOf(address) (#1586-1588)
burn(uint256) should be declared external:
- Salary.burn(uint256) (#1859-1861)
getAccountAtIndex(uint256) should be declared external:
- SalaryDividendTracker.getAccountAtIndex(uint256) (#1978-1995)
process(uint256) should be declared external:
- SalaryDividendTracker.process(uint256) (#2022-2067)
Use the external attribute for functions never called from the contract.
Additional information: link
Different versions of Solidity is used:
- Version used: ['^0.6.12', '^0.6.2']
- ^0.6.12 (#1)
- ^0.6.2 (#25)
- ^0.6.2 (#70)
- ^0.6.2 (#138)
- ^0.6.2 (#283)
- ^0.6.2 (#343)
- ^0.6.2 (#486)
- ^0.6.2 (#541)
- ^0.6.2 (#560)
- ^0.6.2 (#624)
- ^0.6.2 (#708)
- ^0.6.2 (#739)
- ^0.6.2 (#1044)
- ^0.6.2 (#1070)
- ^0.6.2 (#1107)
- ^0.6.2 (#1273)
Use one Solidity version.
Additional information: link
Salary.totalFees (#1297) is set pre-construction with a non-constant function or state variable:
- rewardTokenFee + marketingFee + liquidityFee
Salary.totalFeesOnBuy (#1302) is set pre-construction with a non-constant function or state variable:
- rewardTokenFeeOnBuy + marketingFeeOnBuy + liquidityFeeOnBuy
Salary.totalFeesOnSell (#1307) is set pre-construction with a non-constant function or state variable:
- rewardTokenFeeOnSell + marketingFeeOnSell + liquidityFeeOnSell
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.6.2 (#25) allows old versions
Pragma version^0.6.2 (#70) allows old versions
Pragma version^0.6.2 (#138) allows old versions
Pragma version^0.6.2 (#283) allows old versions
Pragma version^0.6.2 (#343) allows old versions
Pragma version^0.6.2 (#486) allows old versions
Pragma version^0.6.2 (#541) allows old versions
Pragma version^0.6.2 (#560) allows old versions
Pragma version^0.6.2 (#624) allows old versions
Pragma version^0.6.2 (#708) allows old versions
Pragma version^0.6.2 (#739) allows old versions
Pragma version^0.6.2 (#1044) allows old versions
Pragma version^0.6.2 (#1070) allows old versions
Pragma version^0.6.2 (#1107) allows old versions
Pragma version^0.6.2 (#1273) allows old versions
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Redundant expression "this (#21)" inContext (#15-24)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#352) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#353)
Variable DividendPayingToken._withdrawDividendOfUser(address)._withdrawableDividend (#1173) is too similar to SalaryDividendTracker.getAccount(address).withdrawableDividends (#1938)
Prevent variables from having similar names.
Additional information: link
Salary.constructor(address) (#1364-1407) uses literals with too many digits:
- _mint(_newOwner,1000000 * (10 ** 18)) (#1406)
Salary.updateGasForProcessing(uint256) (#1555-1560) uses literals with too many digits:
- require(bool,string)(newValue >= 200000 && newValue <= 500000,gasForProcessing must be between 200,000 and 500,000) (#1556)
Salary.slitherConstructorVariables() (#1277-1862) uses literals with too many digits:
- deadWallet = 0x000000000000000000000000000000000000dEaD (#1287)
Salary.slitherConstructorVariables() (#1277-1862) uses literals with too many digits:
- gasForProcessing = 300000 (#1316)
SalaryDividendTracker.getAccountAtIndex(uint256) (#1978-1995) uses literals with too many digits:
- (0x0000000000000000000000000000000000000000,- 1,- 1,0,0,0,0,0) (#1989)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SafeMathInt.MAX_INT256 (#78) is never used in SafeMathInt (#76-134)
Remove unused state variables.
Additional information: link
Salary.deadWallet (#1287) should be constant
Salary.liquidityFee (#1296) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
DividendPayingToken._withdrawDividendOfUser(address) (#1172-1188) has external calls inside a loop: success = IERC20(USDT).transfer(user,_withdrawableDividend) (#1177)
Favor pull over push strategy for external calls.
Additional information: link
Unable to find token contract audit
Unable to find KYC or doxxing proof
Unable to find audit link on the website
Token is not listed at Mobula.Finance
Additional information: link
Token has relatively low CoinGecko rank
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Young tokens have high risks of price dump / death
Token has relatively low CoinMarketCap rank