SPƆRTY [Sporty] Token
About SPƆRTY
Listings
Website
SPORTY is a platform with many improvements, help you Bet, Stake NFT, Buy NFT, Play Casino Game in the simplest way. Previous projects of Dev Team 10x + Insurance NFT - When you bet but if you lose - while you hold NFT Insurance - We can refund the money back, depends on the NFT Tier you hold. Boosted Win Rate NFT - When you bet you can choose nft for boot your win rate if you belive this team will win this match.
Social
Laser Scorebeta Last Audit: 1 September 2022
Sporty.swapBack() (#380-433) sends eth to arbitrary user
Dangerous calls:
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in Sporty._transferFrom(address,address,uint256) (#292-318):
External calls:
- swapBack() (#303)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#391-432)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
External calls sending eth:
- swapBack() (#303)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#307)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#312)
- amountReceived = takeFee(sender,recipient,amount) (#309-310)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#359)
Apply the check-effects-interactions pattern.
Additional information: link
Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains
Sporty.swapBack().success (#407) is written in both
(success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
(success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
Fix or remove the writes.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ownership is not renounced (belongs to a wallet)
Contract ticker (SPƆRTY) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
Reentrancy in Sporty._transferFrom(address,address,uint256) (#292-318):
External calls:
- swapBack() (#303)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#391-432)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
External calls sending eth:
- swapBack() (#303)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
State variables written after the call(s):
- launch() (#305)
- launchedAt = block.number (#478)
Reentrancy in Sporty.constructor() (#239-258):
External calls:
- pancakeV2BNBPair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#241)
State variables written after the call(s):
- SportyInsurancePoolFeeReceiver = 0xCfBFcdb09aB63F8A40D9EE0Ede8e115177a4C30B (#254)
- _allowances[address(this)][address(router)] = ~ uint256(0) (#242)
- _balances[owner_] = _totalSupply (#256)
- autoLiquidityReceiver = 0x61455A1540492b426E78CEB39eE3A12A8Ee34A33 (#252)
- isFeeExempt[owner_] = true (#248)
- isFeeExempt[address(this)] = true (#250)
- isTxLimitExempt[owner_] = true (#249)
- isTxLimitExempt[address(this)] = true (#251)
- marketingFeeReceiver = 0x8de3a3734294524828B7Bf6b2a45e6E32A053a78 (#253)
- pairs.push(pancakeV2BNBPair) (#244)
Reentrancy in Sporty.triggerBuyback(uint256,bool) (#435-441):
External calls:
- buyTokens(amount,Staking) (#436)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#452-463)
State variables written after the call(s):
- buybackMultiplierTriggeredAt = block.timestamp (#438)
Apply the check-effects-interactions pattern.
Additional information: link
Pragma version^0.8.15 (#30) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.15 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Sporty.swapBack() (#380-433):
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IDEXRouter.WETH() (#91) is not in mixedCase
Parameter Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._liquidityFee (#496) is not in mixedCase
Parameter Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._StakingFee (#496) is not in mixedCase
Parameter Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._marketingFee (#496) is not in mixedCase
Parameter Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._SportyInsurancePool (#496) is not in mixedCase
Parameter Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._feeDenominator (#496) is not in mixedCase
Parameter Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256)._totalSellFee (#496) is not in mixedCase
Parameter Sporty.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#508) is not in mixedCase
Parameter Sporty.setFeeReceivers(address,address,address)._marketingFeeReceiver (#508) is not in mixedCase
Parameter Sporty.setFeeReceivers(address,address,address)._SportyInsurancePoolFeeReceiver (#508) is not in mixedCase
Parameter Sporty.setSwapBackSettings(bool,uint256)._enabled (#514) is not in mixedCase
Parameter Sporty.setSwapBackSettings(bool,uint256)._amount (#514) is not in mixedCase
Parameter Sporty.setTargetLiquidity(uint256,uint256)._target (#519) is not in mixedCase
Parameter Sporty.setTargetLiquidity(uint256,uint256)._denominator (#519) is not in mixedCase
Parameter Sporty.setFeesOnNormalTransfers(bool)._enabled (#544) is not in mixedCase
Parameter Sporty.clearStuckBalance(uint256,address)._ReceiverStuck (#560) is not in mixedCase
Variable Sporty.WBNB (#184) is not in mixedCase
Variable Sporty.DEAD (#185) is not in mixedCase
Variable Sporty.ZERO (#186) is not in mixedCase
Variable Sporty.Staking (#187) is not in mixedCase
Constant Sporty._name (#189) is not in UPPER_CASE_WITH_UNDERSCORES
Constant Sporty._symbol (#190) is not in UPPER_CASE_WITH_UNDERSCORES
Constant Sporty._decimals (#191) is not in UPPER_CASE_WITH_UNDERSCORES
Variable Sporty._totalSupply (#193) is not in mixedCase
Variable Sporty._maxTxAmount (#194) is not in mixedCase
Variable Sporty._balances (#196) is not in mixedCase
Variable Sporty._allowances (#197) is not in mixedCase
Variable Sporty.StakingFee (#203) is not in mixedCase
Variable Sporty.SportyInsurancePool (#205) is not in mixedCase
Variable Sporty.SportyInsurancePoolFeeReceiver (#213) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#96) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#97)
Prevent variables from having similar names.
Additional information: link
Sporty.swapBack().e (#428) is a local variable never initialized
Sporty.buyTokens(uint256,address).reason (#459) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Sporty.swapBack() (#380-433) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
Ensure that all the return values of the function calls are used.
Additional information: link
Sporty.setBuybackMultiplierSettings(uint256,uint256,uint256) (#466-471) should emit an event for:
- buybackMultiplierNumerator = numerator (#468)
- buybackMultiplierDenominator = denominator (#469)
- buybackMultiplierLength = length (#470)
Sporty.setTxLimit(uint256) (#482-485) should emit an event for:
- _maxTxAmount = amount (#484)
Sporty.setFees(uint256,uint256,uint256,uint256,uint256,uint256) (#496-506) should emit an event for:
- liquidityFee = _liquidityFee (#497)
- StakingFee = _StakingFee (#498)
- marketingFee = _marketingFee (#499)
- SportyInsurancePool = _SportyInsurancePool (#500)
- totalBuyFee = _liquidityFee + _StakingFee + _marketingFee + _SportyInsurancePool (#501)
- feeDenominator = _feeDenominator (#502)
- totalSellFee = _totalSellFee (#503)
Sporty.setSwapBackSettings(bool,uint256) (#514-517) should emit an event for:
- swapThreshold = _amount (#516)
Sporty.setTargetLiquidity(uint256,uint256) (#519-522) should emit an event for:
- targetLiquidity = _target (#520)
- targetLiquidityDenominator = _denominator (#521)
Sporty.setLaunchedAt(uint256) (#549-551) should emit an event for:
- launchedAt = launched_ (#550)
Emit an event for critical parameter changes.
Additional information: link
Auth.transferOwnership(address).adr (#170) lacks a zero-check on :
- owner = adr (#171)
Sporty.setFeeReceivers(address,address,address)._autoLiquidityReceiver (#508) lacks a zero-check on :
- autoLiquidityReceiver = _autoLiquidityReceiver (#509)
Sporty.setFeeReceivers(address,address,address)._marketingFeeReceiver (#508) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#510)
Sporty.setFeeReceivers(address,address,address)._SportyInsurancePoolFeeReceiver (#508) lacks a zero-check on :
- SportyInsurancePoolFeeReceiver = _SportyInsurancePoolFeeReceiver (#511)
Sporty.clearStuckBalance(uint256,address)._ReceiverStuck (#560) lacks a zero-check on :
- address(_ReceiverStuck).transfer(amountBNB * amountPercentage / 100) (#562)
Check that the address is not zero.
Additional information: link
Variable 'Sporty.swapBack().e (#428)' in Sporty.swapBack() (#380-433) potentially used before declaration: SwapBackFailed(string(abi.encodePacked(SwapBack failed with error ,e))) (#429)
Variable 'Sporty.buyTokens(uint256,address).reason (#459)' in Sporty.buyTokens(uint256,address) (#447-464) potentially used before declaration: revert(string)(string(abi.encodePacked(Buyback failed with error ,reason))) (#460)
Move all variable declarations prior to any usage of the variable, and ensure that reaching a variable declaration does not depend on some conditional if it is used unconditionally.
Additional information: link
Reentrancy in Sporty._transferFrom(address,address,uint256) (#292-318):
External calls:
- swapBack() (#303)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#391-432)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
External calls sending eth:
- swapBack() (#303)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
Event emitted after the call(s):
- Launched(block.number,block.timestamp) (#479)
- launch() (#305)
- Transfer(sender,address(this),feeAmount) (#360)
- amountReceived = takeFee(sender,recipient,amount) (#309-310)
- Transfer(sender,recipient,amountReceived) (#316)
Reentrancy in Sporty.buyTokens(uint256,address) (#447-464):
External calls:
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#452-463)
Event emitted after the call(s):
- BoughtBack(amount,to) (#458)
Reentrancy in Sporty.constructor() (#239-258):
External calls:
- pancakeV2BNBPair = IDEXFactory(router.factory()).createPair(WBNB,address(this)) (#241)
Event emitted after the call(s):
- Transfer(address(0),owner_,_totalSupply) (#257)
Reentrancy in Sporty.swapBack() (#380-433):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#391-432)
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
External calls sending eth:
- (success) = address(marketingFeeReceiver).call{gas: 30000,value: amountBNBMarketing}() (#407)
- (success,None) = address(SportyInsurancePoolFeeReceiver).call{gas: 30000,value: amountSportyInsurancePool}() (#408)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#413-424)
Event emitted after the call(s):
- AutoLiquify(amountToLiquify,amountBNBLiquidity) (#421)
- AutoLiquify(0,0) (#423)
- SwapBackSuccess(amountToSwap) (#427)
Reentrancy in Sporty.swapBack() (#380-433):
External calls:
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#391-432)
Event emitted after the call(s):
- SwapBackFailed(string(abi.encodePacked(SwapBack failed with error ,e))) (#429)
- SwapBackFailed(SwapBack failed without an error message from pancakeSwap) (#431)
Reentrancy in Sporty.triggerBuyback(uint256,bool) (#435-441):
External calls:
- buyTokens(amount,Staking) (#436)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#452-463)
Event emitted after the call(s):
- BuybackMultiplierActive(buybackMultiplierLength) (#439)
Apply the check-effects-interactions pattern.
Additional information: link
Sporty._transferFrom(address,address,uint256) (#292-318) uses timestamp for comparisons
Dangerous comparisons:
- require(bool)(_balances[sender] > 0) (#305)
Sporty.getTotalFee(bool) (#343-347) uses timestamp for comparisons
Dangerous comparisons:
- selling && buybackMultiplierTriggeredAt.add(buybackMultiplierLength) > block.timestamp (#345)
Sporty.shouldSwapBack() (#373-378) uses timestamp for comparisons
Dangerous comparisons:
- msg.sender != pancakeV2BNBPair && ! inSwap && swapEnabled && _balances[address(this)] >= swapThreshold (#374-377)
Sporty.isOverLiquified(uint256,uint256) (#531-533) uses timestamp for comparisons
Dangerous comparisons:
- getLiquidityBacking(accuracy) > target (#532)
Avoid relying on block.timestamp.
Additional information: link
Sporty._maxTxAmount (#194) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 10
Sporty.totalBuyFee (#207) is set pre-construction with a non-constant function or state variable:
- liquidityFee + StakingFee + marketingFee + SportyInsurancePool
Sporty.swapThreshold (#235) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 334
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Sporty.slitherConstructorVariables() (#181-578) uses literals with too many digits:
- DEAD = 0x000000000000000000000000000000000000dEaD (#185)
Sporty.slitherConstructorVariables() (#181-578) uses literals with too many digits:
- ZERO = 0x0000000000000000000000000000000000000000 (#186)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Sporty.DEAD (#185) should be constant
Sporty.Staking (#187) should be constant
Sporty.WBNB (#184) should be constant
Sporty.ZERO (#186) should be constant
Sporty._totalSupply (#193) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
authorize(address) should be declared external:
- Auth.authorize(address) (#154-156)
unauthorize(address) should be declared external:
- Auth.unauthorize(address) (#158-160)
transferOwnership(address) should be declared external:
- Auth.transferOwnership(address) (#170-174)
Use the external attribute for functions never called from the contract.
Additional information: link
Average 30d PancakeSwap liquidity is low.
Contract has 2% buy tax and 6% sell tax.
Taxes are low but contract ownership is not renounced. Token has a high risk of becoming a honeypot.
Token is deployed only at one blockchain
BscScan page for the token does not contain additional info: website, socials, description, etc.
Additional information: link
Token is not listed at Mobula.Finance
Additional information: link
Unable to find token on CoinHunt
Additional information: link
Unable to find code repository for the project
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Price for SPƆRTY
LASER DESK beta
Unable to find Youtube account
Unable to find Discord account
Twitter account has few posts