Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
SmokingInu.swapBack() (#367-408) sends eth to arbitrary user
Dangerous calls:
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in SmokingInu._transferFrom(address,address,uint256) (#291-320):
External calls:
- swapBack() (#309)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#378-384)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
External calls sending eth:
- swapBack() (#309)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#313)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#316)
- amountReceived = takeFee(sender,recipient,amount) (#315)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#346)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
SmokingInu.slitherConstructorVariables() (#187-504) performs a multiplication on the result of a division:
-swapThreshold = _totalSupply / 1000 * 3 (#228)
Consider ordering multiplication before division.
Additional information: link
SmokingInu.swapBack() (#367-408) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
Ensure that all the return values of the function calls are used.
Additional information: link
SmokingInu.setFees(uint256,uint256,uint256,uint256) (#437-444) should emit an event for:
- liquidityFee = _liquidityFee (#438)
- marketingFee = _marketingFee (#439)
- buybackFee = _buybackFee (#440)
- totalFee = _liquidityFee.add(_marketingFee).add(_buybackFee) (#441)
- feeDenominator = _feeDenominator (#442)
SmokingInu.setSellMultiplier(uint256) (#459-461) should emit an event for:
- _sellMultiplier = multiplier (#460)
SmokingInu.setTxLimit(uint256) (#467-470) should emit an event for:
- _maxTxAmount = amountBuy (#468)
Emit an event for critical parameter changes.
Additional information: link
Auth.transferOwnership(address).adr (#126) lacks a zero-check on :
- owner = adr (#127)
SmokingInu.setFeeReceiver(address,address)._marketingFeeReceiver (#462) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#463)
SmokingInu.setFeeReceiver(address,address)._buybackFeeReceiver (#462) lacks a zero-check on :
- buybackFeeReceiver = _buybackFeeReceiver (#464)
Check that the address is not zero.
Additional information: link
Reentrancy in SmokingInu._transferFrom(address,address,uint256) (#291-320):
External calls:
- swapBack() (#309)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#378-384)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
External calls sending eth:
- swapBack() (#309)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
State variables written after the call(s):
- launch() (#311)
- launchedAt = block.number (#428)
Reentrancy in SmokingInu.constructor() (#237-257):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#239)
State variables written after the call(s):
- _allowances[address(this)][address(router)] = type()(uint256).max (#240)
- _balances[_owner] = _totalSupply (#255)
- isFeeExempt[msg.sender] = true (#243)
- isTimelockExempt[msg.sender] = true (#250)
- isTimelockExempt[DEAD] = true (#251)
- isTimelockExempt[address(this)] = true (#252)
- isTxLimitExempt[msg.sender] = true (#245)
- isTxLimitExempt[address(this)] = true (#246)
- isTxLimitExempt[routerAddress] = true (#247)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in SmokingInu._transferFrom(address,address,uint256) (#291-320):
External calls:
- swapBack() (#309)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#378-384)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
External calls sending eth:
- swapBack() (#309)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#347)
- amountReceived = takeFee(sender,recipient,amount) (#315)
- Transfer(sender,recipient,amountReceived) (#318)
Reentrancy in SmokingInu.constructor() (#237-257):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#239)
Event emitted after the call(s):
- Transfer(address(0),_owner,_totalSupply) (#256)
Reentrancy in SmokingInu.swapBack() (#367-408):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#378-384)
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
External calls sending eth:
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,marketingFeeReceiver,block.timestamp) (#398-405)
Event emitted after the call(s):
- AutoLiquify(amountBNBLiquidity,amountToLiquify) (#406)
Apply the check-effects-interactions pattern.
Additional information: link
SmokingInu._transferFrom(address,address,uint256) (#291-320) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(cooldownTimer[recipient] < block.timestamp,Please wait for 1min between two operations) (#306)
Avoid relying on block.timestamp.
Additional information: link
SmokingInu.buyTokens(uint256,address) (#410-421) is never used and should be removed
Remove unused functions.
Additional information: link
SmokingInu._maxTxAmount (#200) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 100) / 100
SmokingInu._maxWalletSize (#201) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 2) / 100
SmokingInu.swapThreshold (#228) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 1000 * 3
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.8.11 (#8) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in SmokingInu.swapBack() (#367-408):
- (MarketingSuccess) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#392)
- (BuyBackSuccess) = address(buybackFeeReceiver).call{gas: 30000,value: amountBNBbuyback}() (#394)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable Auth._intAddr (#73) is not in mixedCase
Function IDEXRouter.WETH() (#141) is not in mixedCase
Parameter SmokingInu.tradingStatus(bool)._status (#353) is not in mixedCase
Parameter SmokingInu.setFees(uint256,uint256,uint256,uint256)._liquidityFee (#437) is not in mixedCase
Parameter SmokingInu.setFees(uint256,uint256,uint256,uint256)._marketingFee (#437) is not in mixedCase
Parameter SmokingInu.setFees(uint256,uint256,uint256,uint256)._buybackFee (#437) is not in mixedCase
Parameter SmokingInu.setFees(uint256,uint256,uint256,uint256)._feeDenominator (#437) is not in mixedCase
Parameter SmokingInu.cooldownEnabled(bool,uint8)._status (#446) is not in mixedCase
Parameter SmokingInu.cooldownEnabled(bool,uint8)._interval (#446) is not in mixedCase
Parameter SmokingInu.setFeeReceiver(address,address)._marketingFeeReceiver (#462) is not in mixedCase
Parameter SmokingInu.setFeeReceiver(address,address)._buybackFeeReceiver (#462) is not in mixedCase
Parameter SmokingInu.setSwapBackSettings(bool,uint256)._enabled (#471) is not in mixedCase
Parameter SmokingInu.setSwapBackSettings(bool,uint256)._amount (#471) is not in mixedCase
Parameter SmokingInu.blacklistAddress(address,bool)._address (#476) is not in mixedCase
Parameter SmokingInu.blacklistAddress(address,bool)._value (#476) is not in mixedCase
Parameter SmokingInu.transferForeignToken(address)._token (#484) is not in mixedCase
Variable SmokingInu.WBNB (#190) is not in mixedCase
Variable SmokingInu.DEAD (#191) is not in mixedCase
Variable SmokingInu.ZERO (#192) is not in mixedCase
Constant SmokingInu._name (#195) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SmokingInu._symbol (#196) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SmokingInu._decimals (#197) is not in UPPER_CASE_WITH_UNDERSCORES
Variable SmokingInu._totalSupply (#199) is not in mixedCase
Variable SmokingInu._maxTxAmount (#200) is not in mixedCase
Variable SmokingInu._maxWalletSize (#201) is not in mixedCase
Variable SmokingInu._balances (#203) is not in mixedCase
Variable SmokingInu._allowances (#204) is not in mixedCase
Variable SmokingInu._sellMultiplier (#216) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#146) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#147)
Prevent variables from having similar names.
Additional information: link
SmokingInu.slitherConstructorVariables() (#187-504) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#191)
SmokingInu.slitherConstructorVariables() (#187-504) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#192)
SmokingInu.slitherConstructorVariables() (#187-504) uses literals with too many digits:
- _totalSupply = 10000000 * (10 ** _decimals) (#199)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SmokingInu.DEAD (#191) should be constant
SmokingInu.WBNB (#190) should be constant
SmokingInu.ZERO (#192) should be constant
SmokingInu._totalSupply (#199) should be constant
SmokingInu.routerAddress (#193) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
authorize(address) should be declared external:
- Auth.authorize(address) (#97-99)
unauthorize(address) should be declared external:
- Auth.unauthorize(address) (#105-107)
transferOwnership(address) should be declared external:
- Auth.transferOwnership(address) (#126-130)
tradingStatus(bool) should be declared external:
- SmokingInu.tradingStatus(bool) (#353-358)
cooldownEnabled(bool,uint8) should be declared external:
- SmokingInu.cooldownEnabled(bool,uint8) (#446-449)
blacklistAddress(address,bool) should be declared external:
- SmokingInu.blacklistAddress(address,bool) (#476-478)
transferForeignToken(address) should be declared external:
- SmokingInu.transferForeignToken(address) (#484-488)
isOverLiquified(uint256,uint256) should be declared external:
- SmokingInu.isOverLiquified(uint256,uint256) (#498-500)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts