Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
Contract ownership is not renounced (belongs to a wallet)
StepZoroToken.ceil(uint256,uint256) (#753-755) performs a multiplication on the result of a division:
-((a + m - 1) / m) * m (#754)
Consider ordering multiplication before division.
Additional information: link
StepZoroToken.balanceOf(address).owner (#630) shadows:
- Ownable.owner() (#138-140) (function)
StepZoroToken.allowance(address,address).owner (#643) shadows:
- Ownable.owner() (#138-140) (function)
StepZoroToken._approve(address,address,uint256).owner (#662) shadows:
- Ownable.owner() (#138-140) (function)
Rename the local variables that shadow another component.
Additional information: link
StepZoroToken.setPoolReward(uint256) (#735-738) should emit an event for:
- _poolReward = reward (#737)
Emit an event for critical parameter changes.
Additional information: link
StepZoroToken.constructor(address,address)._uniswapV2Pair (#605) lacks a zero-check on :
- uniswapV2Pair = _uniswapV2Pair (#608)
StepZoroToken.constructor(address,address).poolWallet_ (#599) lacks a zero-check on :
- poolWallet = poolWallet_ (#611)
StepZoroToken.setPoolWallet(address).poolWallet_ (#731) lacks a zero-check on :
- poolWallet = poolWallet_ (#732)
Check that the address is not zero.
Additional information: link
Reentrancy in StepZoroToken.constructor(address,address) (#597-612):
External calls:
- _uniswapV2Pair = IPancakeFactory(_pancakeV2Router.factory()).createPair(address(this),_pancakeV2Router.WETH()) (#605)
State variables written after the call(s):
- isExcludedFromFee[msg.sender] = true (#610)
- isPairAddress[_uniswapV2Pair] = true (#607)
- pancakeV2Router = _pancakeV2Router (#609)
- poolWallet = poolWallet_ (#611)
- uniswapV2Pair = _uniswapV2Pair (#608)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#204-214) uses assembly
- INLINE ASM (#210-212)
Address.verifyCallResult(bool,bytes,string) (#373-393) uses assembly
- INLINE ASM (#385-388)
Do not use evm assembly.
Additional information: link
StepZoroToken._transfer(address,address,uint256) (#763-789) compares to a boolean constant:
-isExcludedFromFee[sender] != true (#778)
Remove the equality to the boolean constant.
Additional information: link
Address.functionCall(address,bytes) (#257-259) is never used and should be removed
Address.functionCall(address,bytes,string) (#267-273) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#286-292) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#300-311) is never used and should be removed
Address.functionDelegateCall(address,bytes) (#346-348) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (#356-365) is never used and should be removed
Address.functionStaticCall(address,bytes) (#319-321) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (#329-338) is never used and should be removed
Address.isContract(address) (#204-214) is never used and should be removed
Address.sendValue(address,uint256) (#232-237) is never used and should be removed
Address.verifyCallResult(bool,bytes,string) (#373-393) is never used and should be removed
Context._msgData() (#103-105) is never used and should be removed
StepZoroToken._mint(address,uint256) (#757-761) is never used and should be removed
Remove unused functions.
Additional information: link
Pragma version^0.8.0 (#6) allows old versions
Pragma version^0.8.0 (#86) allows old versions
Pragma version^0.8.0 (#109) allows old versions
Pragma version^0.8.0 (#181) allows old versions
Pragma version^0.8.0 (#400) allows old versions
Pragma version^0.8.0 (#499) allows old versions
Pragma version^0.8.0 (#545) allows old versions
Pragma version^0.8.0 (#566) allows old versions
solc-0.8.0 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#232-237):
- (success) = recipient.call{value: amount}() (#235)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (#300-311):
- (success,returndata) = target.call{value: value}(data) (#309)
Low level call in Address.functionStaticCall(address,bytes,string) (#329-338):
- (success,returndata) = target.staticcall(data) (#336)
Low level call in Address.functionDelegateCall(address,bytes,string) (#356-365):
- (success,returndata) = target.delegatecall(data) (#363)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IPancakeRouter01.WETH() (#404) is not in mixedCase
Constant StepZoroToken._name (#587) is not in UPPER_CASE_WITH_UNDERSCORES
Constant StepZoroToken._symbol (#588) is not in UPPER_CASE_WITH_UNDERSCORES
Constant StepZoroToken._decimals (#589) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
Variable IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#409) is too similar to IPancakeRouter01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#410)
Prevent variables from having similar names.
Additional information: link
StepZoroToken.slitherConstructorVariables() (#573-791) uses literals with too many digits:
- _totalSupply = 100000000000 * 10 ** uint256(_decimals) (#591)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
StepZoroToken._totalSupply (#591) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#157-159)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#165-168)
name() should be declared external:
- StepZoroToken.name() (#614-616)
symbol() should be declared external:
- StepZoroToken.symbol() (#618-620)
decimals() should be declared external:
- StepZoroToken.decimals() (#622-624)
totalSupply() should be declared external:
- StepZoroToken.totalSupply() (#626-628)
balanceOf(address) should be declared external:
- StepZoroToken.balanceOf(address) (#630-632)
allowance(address,address) should be declared external:
- StepZoroToken.allowance(address,address) (#643-650)
approve(address,uint256) should be declared external:
- StepZoroToken.approve(address,uint256) (#652-659)
increaseAllowance(address,uint256) should be declared external:
- StepZoroToken.increaseAllowance(address,uint256) (#673-684)
decreaseAllowance(address,uint256) should be declared external:
- StepZoroToken.decreaseAllowance(address,uint256) (#686-697)
transferFrom(address,address,uint256) should be declared external:
- StepZoroToken.transferFrom(address,address,uint256) (#699-707)
multiTransfer(address[],uint256[]) should be declared external:
- StepZoroToken.multiTransfer(address[],uint256[]) (#719-725)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts