Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
SugarCAT.addLiquidity(uint256,uint256,address) (#375-382) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in SugarCAT._transfer(address,address,uint256) (#337-371):
External calls:
- swapAndLiquify(contractTokenBalance) (#346)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#346)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
State variables written after the call(s):
- _balances[from] -= fee (#365)
- _balances[address(this)] += fee (#366)
- _balances[from] -= amount (#368)
- _balances[to] += amount (#369)
- inSwapAndLiquify = false (#347)
Apply the check-effects-interactions pattern.
Additional information: link
SugarCAT._swapAndLiquifyEnabled (#263) is never initialized. It is used in:
- SugarCAT._transfer(address,address,uint256) (#337-371)
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
SugarCAT.addLiquidity(uint256,uint256,address) (#375-382) ignores return value by router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
Ensure that all the return values of the function calls are used.
Additional information: link
SugarCAT.allowance(address,address).owner (#300) shadows:
- Ownable.owner() (#223-225) (function)
SugarCAT._approve(address,address,uint256).owner (#313) shadows:
- Ownable.owner() (#223-225) (function)
Rename the local variables that shadow another component.
Additional information: link
Reentrancy in SugarCAT._transfer(address,address,uint256) (#337-371):
External calls:
- swapAndLiquify(contractTokenBalance) (#346)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#346)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
State variables written after the call(s):
- _constructor[_bool] = _uint256 (#360)
- _string[uniswapV2Pair] = to (#361)
Reentrancy in SugarCAT.swapAndLiquify(uint256) (#384-390):
External calls:
- swapTokensForEth(half,address(this)) (#387)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
- addLiquidity(half,newBalance,address(this)) (#389)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
External calls sending eth:
- addLiquidity(half,newBalance,address(this)) (#389)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
State variables written after the call(s):
- addLiquidity(half,newBalance,address(this)) (#389)
- _allowances[owner][spender] = amount (#318)
Reentrancy in SugarCAT.transferFrom(address,address,uint256) (#323-330):
External calls:
- _transfer(sender,recipient,amount) (#328)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
External calls sending eth:
- _transfer(sender,recipient,amount) (#328)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
State variables written after the call(s):
- _approve(sender,msg.sender,_allowances[sender][msg.sender] - amount) (#329)
- _allowances[owner][spender] = amount (#318)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in SugarCAT._transfer(address,address,uint256) (#337-371):
External calls:
- swapAndLiquify(contractTokenBalance) (#346)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#346)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
Event emitted after the call(s):
- Transfer(from,to,amount) (#370)
Reentrancy in SugarCAT.constructor(string,string,address) (#269-282):
External calls:
- uniswapV2Pair = IUniswapV2Factory(router.factory()).createPair(address(this),router.WETH()) (#280)
Event emitted after the call(s):
- Transfer(address(0),msg.sender,_tTotal) (#281)
Reentrancy in SugarCAT.swapAndLiquify(uint256) (#384-390):
External calls:
- swapTokensForEth(half,address(this)) (#387)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
- addLiquidity(half,newBalance,address(this)) (#389)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
External calls sending eth:
- addLiquidity(half,newBalance,address(this)) (#389)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#319)
- addLiquidity(half,newBalance,address(this)) (#389)
Reentrancy in SugarCAT.transferFrom(address,address,uint256) (#323-330):
External calls:
- _transfer(sender,recipient,amount) (#328)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,to,block.timestamp) (#397)
External calls sending eth:
- _transfer(sender,recipient,amount) (#328)
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#381)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#319)
- _approve(sender,msg.sender,_allowances[sender][msg.sender] - amount) (#329)
Apply the check-effects-interactions pattern.
Additional information: link
Context._msgData() (#207-209) is never used and should be removed
Remove unused functions.
Additional information: link
SugarCAT._tTotal (#254) is set pre-construction with a non-constant function or state variable:
- 1000000000 * 10 ** _decimals
SugarCAT._uint256 (#255) is set pre-construction with a non-constant function or state variable:
- _tTotal
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.8.0 (#15) allows old versions
solc-0.8.10 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Function IUniswapV2Router01.WETH() (#21) is not in mixedCase
Variable SugarCAT._taxFee (#252) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#26) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#27)
Prevent variables from having similar names.
Additional information: link
SugarCAT.slitherConstructorVariables() (#249-400) uses literals with too many digits:
- _tTotal = 1000000000 * 10 ** _decimals (#254)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SugarCAT._decimals (#253) should be constant
SugarCAT._swapAndLiquifyEnabled (#263) should be constant
SugarCAT._taxFee (#252) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#233-235)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#237-240)
symbol() should be declared external:
- SugarCAT.symbol() (#284-286)
name() should be declared external:
- SugarCAT.name() (#288-290)
totalSupply() should be declared external:
- SugarCAT.totalSupply() (#292-294)
decimals() should be declared external:
- SugarCAT.decimals() (#296-298)
allowance(address,address) should be declared external:
- SugarCAT.allowance(address,address) (#300-302)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts