SpaceXMoon Token

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

SpaceXMoon.addLiquidity(uint256,uint256) (#611-624) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Reentrancy in SpaceXMoon._transfer(address,address,uint256) (#500-547):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#538)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
- swapAndLiquify(swapTokensAtAmount,taxes) (#539)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#538)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- swapAndLiquify(swapTokensAtAmount,taxes) (#539)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#546)
- _rOwned[address(this)] += rDev (#408)
- _rOwned[address(this)] += rMarketing (#398)
- _rOwned[address(this)] += rBuyback (#419)
- _rOwned[address(this)] += rLiquidity (#388)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#562)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#563)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#546)
- _rTotal -= rRfi (#377)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#546)
- _tOwned[address(this)] += tMarketing (#396)
- _tOwned[address(this)] += tBuyback (#417)
- _tOwned[address(this)] += tLiquidity (#386)
- _tOwned[sender] = _tOwned[sender] - tAmount (#556)
- _tOwned[address(this)] += tDev (#406)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#559)
Apply the check-effects-interactions pattern.

Additional information: link

SpaceXMoon.rescueAnyBEP20Tokens(address,address,uint256) (#712-714) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#713)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.

Additional information: link

Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

SpaceXMoon.swapAndLiquify(uint256,SpaceXMoon.Taxes) (#577-609) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#587)
-bnbToAddLiquidityWith = unitBalance * temp.liquidity (#588)
SpaceXMoon.swapAndLiquify(uint256,SpaceXMoon.Taxes) (#577-609) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#587)
-marketingAmt = unitBalance * 2 * temp.marketing (#595)
SpaceXMoon.swapAndLiquify(uint256,SpaceXMoon.Taxes) (#577-609) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#587)
-devAmt = unitBalance * 2 * temp.dev (#599)
SpaceXMoon.swapAndLiquify(uint256,SpaceXMoon.Taxes) (#577-609) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#587)
-buybackAmt = unitBalance * 2 * temp.buyback (#604)
Consider ordering multiplication before division.

Additional information: link

SpaceXMoon.addLiquidity(uint256,uint256) (#611-624) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
Ensure that all the return values of the function calls are used.

Additional information: link

SpaceXMoon.allowance(address,address).owner (#263) shadows:
- Ownable.owner() (#58-60) (function)
SpaceXMoon._approve(address,address,uint256).owner (#493) shadows:
- Ownable.owner() (#58-60) (function)
Rename the local variables that shadow another component.

Additional information: link

SpaceXMoon.updateCooldown(bool,uint256) (#663-666) should emit an event for:
- coolDownTime = time * 1 (#664)
SpaceXMoon.updateSwapTokensAtAmount(uint256) (#668-670) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#669)
SpaceXMoon.updateMaxTxLimit(uint256,uint256) (#691-694) should emit an event for:
- maxBuyLimit = maxBuy * 10 ** decimals() (#692)
- maxSellLimit = maxSell * 10 ** decimals() (#693)
SpaceXMoon.updateMaxWalletlimit(uint256) (#696-698) should emit an event for:
- maxWalletLimit = amount * 10 ** decimals() (#697)
Emit an event for critical parameter changes.

Additional information: link

SpaceXMoon.constructor(address)._pair (#217-218) lacks a zero-check on :
- pair = _pair (#221)
SpaceXMoon.updateWenMarketing(address).newWallet (#651) lacks a zero-check on :
- WenMarketing = newWallet (#652)
SpaceXMoon.updateDevWallet(address).newWallet (#655) lacks a zero-check on :
- devWallet = newWallet (#656)
SpaceXMoon.updatebuyBurnAddLiQ(address).newWallet (#659) lacks a zero-check on :
- buyBurnAddLiQ = newWallet (#660)
SpaceXMoon.updateRouterAndPair(address,address).newPair (#700) lacks a zero-check on :
- pair = newPair (#702)
Check that the address is not zero.

Additional information: link

Reentrancy in SpaceXMoon._transfer(address,address,uint256) (#500-547):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#538)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
- swapAndLiquify(swapTokensAtAmount,taxes) (#539)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#538)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- swapAndLiquify(swapTokensAtAmount,taxes) (#539)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#546)
- totFeesPaid.buyback += tBuyback (#413)
- totFeesPaid.liquidity += tLiquidity (#382)
- totFeesPaid.dev += tDev (#402)
- totFeesPaid.marketing += tMarketing (#392)
- totFeesPaid.rfi += tRfi (#378)
Reentrancy in SpaceXMoon.constructor(address) (#215-240):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#217-218)
State variables written after the call(s):
- excludeFromReward(pair) (#223)
- _excluded.push(account) (#336)
- excludeFromReward(pair) (#223)
- _isExcluded[account] = true (#335)
- _isExcludedFromFee[address(this)] = true (#226)
- _isExcludedFromFee[owner()] = true (#227)
- _isExcludedFromFee[WenMarketing] = true (#228)
- _isExcludedFromFee[devWallet] = true (#229)
- _isExcludedFromFee[buyBurnAddLiQ] = true (#230)
- _rOwned[owner()] = _rTotal (#225)
- excludeFromReward(pair) (#223)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#333)
- allowedTransfer[address(this)] = true (#232)
- allowedTransfer[owner()] = true (#233)
- allowedTransfer[pair] = true (#234)
- allowedTransfer[WenMarketing] = true (#235)
- allowedTransfer[devWallet] = true (#236)
- allowedTransfer[buyBurnAddLiQ] = true (#237)
- pair = _pair (#221)
- router = _router (#220)
Reentrancy in SpaceXMoon.swapAndLiquify(uint256,SpaceXMoon.Taxes) (#577-609):
External calls:
- swapTokensForBNB(toSwap) (#584)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#592)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#592)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#592)
- _allowances[owner][spender] = amount (#496)
Reentrancy in SpaceXMoon.transferFrom(address,address,uint256) (#272-280):
External calls:
- _transfer(sender,recipient,amount) (#273)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
External calls sending eth:
- _transfer(sender,recipient,amount) (#273)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#277)
- _allowances[owner][spender] = amount (#496)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in SpaceXMoon._transfer(address,address,uint256) (#500-547):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#538)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
- swapAndLiquify(swapTokensAtAmount,taxes) (#539)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#538)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- swapAndLiquify(swapTokensAtAmount,taxes) (#539)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
Event emitted after the call(s):
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing + s.tDev + s.tBuyback) (#568)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#546)
- Transfer(sender,recipient,s.tTransferAmount) (#573)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#546)
Reentrancy in SpaceXMoon.constructor(address) (#215-240):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#217-218)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#239)
Reentrancy in SpaceXMoon.swapAndLiquify(uint256,SpaceXMoon.Taxes) (#577-609):
External calls:
- swapTokensForBNB(toSwap) (#584)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#592)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#592)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#497)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#592)
Reentrancy in SpaceXMoon.transferFrom(address,address,uint256) (#272-280):
External calls:
- _transfer(sender,recipient,amount) (#273)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#635-641)
- address(WenMarketing).sendValue(marketingAmt) (#597)
- address(devWallet).sendValue(devAmt) (#601)
- address(buyBurnAddLiQ).sendValue(buybackAmt) (#606)
External calls sending eth:
- _transfer(sender,recipient,amount) (#273)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#616-623)
- (success) = recipient.call{value: amount}() (#111)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#497)
- _approve(sender,_msgSender(),currentAllowance - amount) (#277)
Apply the check-effects-interactions pattern.

Additional information: link

SpaceXMoon._transfer(address,address,uint256) (#500-547) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(timePassed >= coolDownTime,Cooldown enabled) (#527)
Avoid relying on block.timestamp.

Additional information: link

SpaceXMoon.setTradingStatus(bool) (#317-321) compares to a boolean constant:
-state == true && genesis_block == 0 (#320)
Remove the equality to the boolean constant.

Additional information: link

SpaceXMoon.includeInReward(address) (#339-350) has costly operations inside a loop:
- _excluded.pop() (#346)
Use a local variable to hold the loop computation result.

Additional information: link

Context._msgData() (#43-46) is never used and should be removed
Remove unused functions.

Additional information: link

SpaceXMoon._rTotal (#153) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#108-113):
- (success) = recipient.call{value: amount}() (#111)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IRouter.WETH() (#89) is not in mixedCase
Struct SpaceXMoon.valuesFromGetValues (#190-204) is not in CapWords
Parameter SpaceXMoon.setTaxes(uint256,uint256,uint256,uint256,uint256)._rfi (#366) is not in mixedCase
Parameter SpaceXMoon.setTaxes(uint256,uint256,uint256,uint256,uint256)._marketing (#366) is not in mixedCase
Parameter SpaceXMoon.setTaxes(uint256,uint256,uint256,uint256,uint256)._liquidity (#366) is not in mixedCase
Parameter SpaceXMoon.setTaxes(uint256,uint256,uint256,uint256,uint256)._dev (#366) is not in mixedCase
Parameter SpaceXMoon.setTaxes(uint256,uint256,uint256,uint256,uint256)._buyback (#366) is not in mixedCase
Parameter SpaceXMoon.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._rfi (#371) is not in mixedCase
Parameter SpaceXMoon.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._marketing (#371) is not in mixedCase
Parameter SpaceXMoon.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._liquidity (#371) is not in mixedCase
Parameter SpaceXMoon.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._dev (#371) is not in mixedCase
Parameter SpaceXMoon.setSellTaxes(uint256,uint256,uint256,uint256,uint256)._buyback (#371) is not in mixedCase
Parameter SpaceXMoon.updateSwapEnabled(bool)._enabled (#672) is not in mixedCase
Parameter SpaceXMoon.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#712) is not in mixedCase
Parameter SpaceXMoon.rescueAnyBEP20Tokens(address,address,uint256)._to (#712) is not in mixedCase
Parameter SpaceXMoon.rescueAnyBEP20Tokens(address,address,uint256)._amount (#712) is not in mixedCase
Constant SpaceXMoon._decimals (#149) is not in UPPER_CASE_WITH_UNDERSCORES
Variable SpaceXMoon.genesis_block (#160) is not in mixedCase
Variable SpaceXMoon.WenMarketing (#162) is not in mixedCase
Constant SpaceXMoon._name (#166) is not in UPPER_CASE_WITH_UNDERSCORES
Constant SpaceXMoon._symbol (#167) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#44)" inContext (#38-47)
Remove redundant statements if they congest code but offer no value.

Additional information: link

SpaceXMoon._tTotal (#152) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#67-69)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#71-74)
name() should be declared external:
- SpaceXMoon.name() (#243-245)
symbol() should be declared external:
- SpaceXMoon.symbol() (#246-248)
totalSupply() should be declared external:
- SpaceXMoon.totalSupply() (#254-256)
allowance(address,address) should be declared external:
- SpaceXMoon.allowance(address,address) (#263-265)
approve(address,uint256) should be declared external:
- SpaceXMoon.approve(address,uint256) (#267-270)
transferFrom(address,address,uint256) should be declared external:
- SpaceXMoon.transferFrom(address,address,uint256) (#272-280)
increaseAllowance(address,uint256) should be declared external:
- SpaceXMoon.increaseAllowance(address,uint256) (#282-285)
decreaseAllowance(address,uint256) should be declared external:
- SpaceXMoon.decreaseAllowance(address,uint256) (#287-293)
transfer(address,uint256) should be declared external:
- SpaceXMoon.transfer(address,uint256) (#295-299)
isExcludedFromReward(address) should be declared external:
- SpaceXMoon.isExcludedFromReward(address) (#301-303)
reflectionFromToken(uint256,bool) should be declared external:
- SpaceXMoon.reflectionFromToken(uint256,bool) (#305-314)
excludeFromFee(address) should be declared external:
- SpaceXMoon.excludeFromFee(address) (#353-355)
includeInFee(address) should be declared external:
- SpaceXMoon.includeInFee(address) (#357-359)
isExcludedFromFee(address) should be declared external:
- SpaceXMoon.isExcludedFromFee(address) (#362-364)
setTaxes(uint256,uint256,uint256,uint256,uint256) should be declared external:
- SpaceXMoon.setTaxes(uint256,uint256,uint256,uint256,uint256) (#366-369)
setSellTaxes(uint256,uint256,uint256,uint256,uint256) should be declared external:
- SpaceXMoon.setSellTaxes(uint256,uint256,uint256,uint256,uint256) (#371-374)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- SpaceXMoon.rescueAnyBEP20Tokens(address,address,uint256) (#712-714)
Use the external attribute for functions never called from the contract.

Additional information: link

Token seems to be untradeable: there is no PancakeSwap trading pair and no trading volumes. Ignore for presale.

Unable to find website, listings and other project-related information

Young tokens have high risks of scam / price dump / death

Token has no active CoinGecko listing / rank

Token has no active CoinMarketCap listing / rank