SmoKingSon Token

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

SmoKingSon.clearBalance() (#432-435) sends eth to arbitrary user
Dangerous calls:
- (success) = address(autoLiquidityReceiver).call{gas: 30000,value: address(this).balance}() (#433)
SmoKingSon.swapBack() (#444-491) sends eth to arbitrary user
Dangerous calls:
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in SmoKingSon._transferFrom(address,address,uint256) (#377-395):
External calls:
- swapBack() (#386)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#455-461)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
External calls sending eth:
- swapBack() (#386)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#388)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#391)
- amountReceived = takeFee(sender,recipient,amount) (#390)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#415)
Reentrancy in SmoKingSon.launch() (#319-324):
External calls:
- addLiquidity() (#321)
- router.addLiquidityETH{value: amountETH}(address(this),_balances[address(this)],_balances[address(this)],amountETH,autoLiquidityReceiver,block.timestamp) (#328-335)
State variables written after the call(s):
- timeLaunched = block.timestamp (#322)
Reentrancy in SmoKingSon.swapBack() (#444-491):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#455-461)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
External calls sending eth:
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
State variables written after the call(s):
- swapThreshold = swapThreshold (#490)
- swapThreshold = largeSwapThreshold (#490)
- swapThreshold = smallSwapThreshold (#490)
Apply the check-effects-interactions pattern.

Additional information: link

SmoKingSon.launch() (#319-324) uses a dangerous strict equality:
- timeLaunched == 0 (#320)
Don't use strict equality to determine if an account has enough Ether or tokens.

Additional information: link

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.

SmoKingSon.swapBack().success_scope_0 (#473) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.

Additional information: link

SmoKingSon.addLiquidity() (#326-336) ignores return value by router.addLiquidityETH{value: amountETH}(address(this),_balances[address(this)],_balances[address(this)],amountETH,autoLiquidityReceiver,block.timestamp) (#328-335)
SmoKingSon.swapBack() (#444-491) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
Ensure that all the return values of the function calls are used.

Additional information: link

SmoKingSon.setTargetLiquidity(uint256,uint256) (#421-424) should emit an event for:
- targetLiquidity = _target (#422)
- targetLiquidityDenominator = _denominator (#423)
SmoKingSon.setSwapBackSettings(bool,uint256,uint256,bool) (#501-507) should emit an event for:
- smallSwapThreshold = _amountS (#504)
- largeSwapThreshold = _amountL (#505)
- swapThreshold = smallSwapThreshold (#506)
Emit an event for critical parameter changes.

Additional information: link

SmoKingSon.constructor().deployer (#301) lacks a zero-check on :
- autoLiquidityReceiver = deployer (#311)
- giveawayFeeReceiver = deployer (#312)
- marketingFeeReceiver = deployer (#313)
SmoKingSon.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#533) lacks a zero-check on :
- autoLiquidityReceiver = _autoLiquidityReceiver (#534)
SmoKingSon.setFeeReceivers(address,address,address)._giveawayFeeReceiver (#533) lacks a zero-check on :
- giveawayFeeReceiver = _giveawayFeeReceiver (#535)
SmoKingSon.setFeeReceivers(address,address,address)._marketingFeeReceiver (#533) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#536)
Check that the address is not zero.

Additional information: link

SmoKingSon.swapBack() (#444-491) has external calls inside a loop: router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#455-461)
SmoKingSon.swapBack() (#444-491) has external calls inside a loop: (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
SmoKingSon.swapBack() (#444-491) has external calls inside a loop: router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
SmoKingSon.swapBack() (#444-491) has external calls inside a loop: (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
SmoKingSon.swapBack() (#444-491) has external calls inside a loop: (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
Favor pull over push strategy for external calls.

Additional information: link

Variable 'SmoKingSon.swapBack().success (#470)' in SmoKingSon.swapBack() (#444-491) potentially used before declaration: (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.

Additional information: link

Reentrancy in SmoKingSon.constructor() (#299-317):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#303)
State variables written after the call(s):
- _allowances[address(this)][address(router)] = type()(uint256).max (#304)
- _allowances[address(this)][deployer] = type()(uint256).max (#305)
- _balances[address(this)] = _totalSupply (#315)
- autoLiquidityReceiver = deployer (#311)
- giveawayFeeReceiver = deployer (#312)
- isFeeExempt[deployer] = true (#310)
- isTxLimitExempt[address(this)] = true (#307)
- isTxLimitExempt[address(router)] = true (#308)
- isTxLimitExempt[deployer] = true (#309)
- marketingFeeReceiver = deployer (#313)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in SmoKingSon._transferFrom(address,address,uint256) (#377-395):
External calls:
- swapBack() (#386)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#455-461)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
External calls sending eth:
- swapBack() (#386)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#416)
- amountReceived = takeFee(sender,recipient,amount) (#390)
- Transfer(sender,recipient,amountReceived) (#393)
Reentrancy in SmoKingSon.constructor() (#299-317):
External calls:
- pair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#303)
Event emitted after the call(s):
- Transfer(address(0),address(this),_totalSupply) (#316)
Reentrancy in SmoKingSon.swapBack() (#444-491):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#455-461)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
External calls sending eth:
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#479-486)
Event emitted after the call(s):
- AutoLiquify(amountBNBLiquidity,amountToLiquify) (#487)
Apply the check-effects-interactions pattern.

Additional information: link

SmoKingSon.launch() (#319-324) uses timestamp for comparisons
Dangerous comparisons:
- timeLaunched == 0 (#320)
Avoid relying on block.timestamp.

Additional information: link

SmoKingSon.swapping() (#297) has costly operations inside a loop:
- inSwap = true (#297)
SmoKingSon.swapping() (#297) has costly operations inside a loop:
- inSwap = false (#297)
SmoKingSon.swapBack() (#444-491) has costly operations inside a loop:
- swapThreshold = swapThreshold (#490)
SmoKingSon.swapBack() (#444-491) has costly operations inside a loop:
- swapThreshold = largeSwapThreshold (#490)
SmoKingSon.swapBack() (#444-491) has costly operations inside a loop:
- swapThreshold = smallSwapThreshold (#490)
Use a local variable to hold the loop computation result.

Additional information: link

Context._msgData() (#134-137) is never used and should be removed
Remove unused functions.

Additional information: link

SmoKingSon._transferLimit (#262) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 5) / 1000
SmoKingSon._maxWalletSize (#263) is set pre-construction with a non-constant function or state variable:
- (_totalSupply * 20) / 1000
SmoKingSon.smallSwapThreshold (#292) is set pre-construction with a non-constant function or state variable:
- _totalSupply.mul(419493726).div(100000000000)
SmoKingSon.largeSwapThreshold (#293) is set pre-construction with a non-constant function or state variable:
- _totalSupply.mul(513945130).div(100000000000)
SmoKingSon.swapThreshold (#295) is set pre-construction with a non-constant function or state variable:
- smallSwapThreshold
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Pragma version^0.8.11 (#17) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Low level call in SmoKingSon.clearBalance() (#432-435):
- (success) = address(autoLiquidityReceiver).call{gas: 30000,value: address(this).balance}() (#433)
Low level call in SmoKingSon.swapBack() (#444-491):
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing.add(amountBNBGiveaway)}() (#470)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#473)
- (success2) = address(giveawayFeeReceiver).call{gas: 30000,value: amountBNBGiveaway}() (#474)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IDEXRouter.WETH() (#151) is not in mixedCase
Parameter SmoKingSon.setTargetLiquidity(uint256,uint256)._target (#421) is not in mixedCase
Parameter SmoKingSon.setTargetLiquidity(uint256,uint256)._denominator (#421) is not in mixedCase
Parameter SmoKingSon.setSwapBackSettings(bool,uint256,uint256,bool)._enabled (#501) is not in mixedCase
Parameter SmoKingSon.setSwapBackSettings(bool,uint256,uint256,bool)._amountS (#501) is not in mixedCase
Parameter SmoKingSon.setSwapBackSettings(bool,uint256,uint256,bool)._amountL (#501) is not in mixedCase
Parameter SmoKingSon.setSwapBackSettings(bool,uint256,uint256,bool)._alternate (#501) is not in mixedCase
Parameter SmoKingSon.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#533) is not in mixedCase
Parameter SmoKingSon.setFeeReceivers(address,address,address)._marketingFeeReceiver (#533) is not in mixedCase
Parameter SmoKingSon.setFeeReceivers(address,address,address)._giveawayFeeReceiver (#533) is not in mixedCase
Constant SmoKingSon.mainnetRouter (#252) is not in UPPER_CASE_WITH_UNDERSCORES
Variable SmoKingSon._name (#257) is not in mixedCase
Variable SmoKingSon._symbol (#258) is not in mixedCase
Constant SmoKingSon._decimals (#259) is not in UPPER_CASE_WITH_UNDERSCORES
Variable SmoKingSon._totalSupply (#261) is not in mixedCase
Variable SmoKingSon._transferLimit (#262) is not in mixedCase
Variable SmoKingSon._maxWalletSize (#263) is not in mixedCase
Variable SmoKingSon._balances (#265) is not in mixedCase
Variable SmoKingSon._allowances (#266) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#135)" inContext (#129-138)
Remove redundant statements if they congest code but offer no value.

Additional information: link

Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#156) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#157)
Prevent variables from having similar names.

Additional information: link

SmoKingSon.slitherConstructorVariables() (#249-541) uses literals with too many digits:
- _totalSupply = 1000000 * (10 ** _decimals) (#261)
SmoKingSon.slitherConstructorVariables() (#249-541) uses literals with too many digits:
- smallSwapThreshold = _totalSupply.mul(419493726).div(100000000000) (#292)
SmoKingSon.slitherConstructorVariables() (#249-541) uses literals with too many digits:
- largeSwapThreshold = _totalSupply.mul(513945130).div(100000000000) (#293)
SmoKingSon.slitherConstructorConstantVariables() (#249-541) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#254)
SmoKingSon.slitherConstructorConstantVariables() (#249-541) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#255)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

SmoKingSon._name (#257) should be constant
SmoKingSon._symbol (#258) should be constant
SmoKingSon._totalSupply (#261) should be constant
SmoKingSon.charityFee (#275) should be constant
SmoKingSon.devFee (#276) should be constant
SmoKingSon.feeDenominator (#278) should be constant
SmoKingSon.giveawayFee (#274) should be constant
SmoKingSon.liquidityFee (#273) should be constant
SmoKingSon.marketingFee (#272) should be constant
SmoKingSon.totalFee (#277) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#233-236)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#242-246)
transferLiquidity(address,uint256) should be declared external:
- SmoKingSon.transferLiquidity(address,uint256) (#372-375)
Use the external attribute for functions never called from the contract.

Additional information: link