Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
StandardToken.swapAndSend(uint256) (#1044-1052) sends eth to arbitrary user
Dangerous calls:
- address(addr()).transfer(newBalance) (#1050)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in StandardToken._transfer(address,address,uint256) (#985-1036):
External calls:
- swapAndSend(tokens) (#1012)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(30)) (#1065-1071)
External calls sending eth:
- swapAndSend(tokens) (#1012)
- address(addr()).transfer(newBalance) (#1050)
State variables written after the call(s):
- super._transfer(from,address(this),fees) (#1030)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#615)
- _balances[recipient] = _balances[recipient].add(amount) (#616)
- super._transfer(from,to,amount) (#1035)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#615)
- _balances[recipient] = _balances[recipient].add(amount) (#616)
- swapping = false (#1015)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.
StandardToken.constructor(string,string,uint256,address,address) (#954-978) performs a multiplication on the result of a division:
-swapTokensAtAmount = (supply_.mul(1).div(10000) * (10 ** 18)).add(1) (#956)
Consider ordering multiplication before division.
Additional information: link
Ownable.constructor().msgSender (#356) lacks a zero-check on :
- _owner = msgSender (#357)
ERC20.constructor(string,string,address).addr_ (#447) lacks a zero-check on :
- _addr = addr_ (#450)
StandardToken.constructor(string,string,uint256,address,address).addr_ (#954) lacks a zero-check on :
- address(addr_).transfer(msg.value) (#960)
StandardToken.constructor(string,string,uint256,address,address)._uniswapV2Pair (#962-963) lacks a zero-check on :
- uniswapV2Pair = _uniswapV2Pair (#966)
Check that the address is not zero.
Additional information: link
Reentrancy in StandardToken.constructor(string,string,uint256,address,address) (#954-978):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#962-963)
External calls sending eth:
- address(addr_).transfer(msg.value) (#960)
State variables written after the call(s):
- _mint(owner(),supply_ * (10 ** 18)) (#977)
- _balances[account] = _balances[account].add(amount) (#635)
- _isExcludedFromFees[owner()] = true (#970)
- _isExcludedFromFees[address(this)] = true (#971)
- _mint(owner(),supply_ * (10 ** 18)) (#977)
- _totalSupply = _totalSupply.add(amount) (#634)
- automatedMarketMakerPairs[_uniswapV2Pair] = true (#968)
- uniswapV2Pair = _uniswapV2Pair (#966)
- uniswapV2Router = _uniswapV2Router (#965)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in StandardToken._transfer(address,address,uint256) (#985-1036):
External calls:
- swapAndSend(tokens) (#1012)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(30)) (#1065-1071)
External calls sending eth:
- swapAndSend(tokens) (#1012)
- address(addr()).transfer(newBalance) (#1050)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#617)
- super._transfer(from,to,amount) (#1035)
- Transfer(sender,recipient,amount) (#617)
- super._transfer(from,address(this),fees) (#1030)
Reentrancy in StandardToken.constructor(string,string,uint256,address,address) (#954-978):
External calls:
- _uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#962-963)
External calls sending eth:
- address(addr_).transfer(msg.value) (#960)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#636)
- _mint(owner(),supply_ * (10 ** 18)) (#977)
- Transfer(address(0),addr(),0) (#637)
- _mint(owner(),supply_ * (10 ** 18)) (#977)
Apply the check-effects-interactions pattern.
Additional information: link
Context._msgData() (#121-124) is never used and should be removed
SafeMath.mod(uint256,uint256) (#248-250) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#264-267) is never used and should be removed
SafeMathInt.abs(int256) (#322-325) is never used and should be removed
SafeMathInt.add(int256,int256) (#313-317) is never used and should be removed
SafeMathInt.div(int256,int256) (#293-299) is never used and should be removed
SafeMathInt.mul(int256,int256) (#281-288) is never used and should be removed
SafeMathInt.sub(int256,int256) (#304-308) is never used and should be removed
SafeMathInt.toUint256Safe(int256) (#328-331) is never used and should be removed
SafeMathUint.toInt256Safe(uint256) (#339-343) is never used and should be removed
Remove unused functions.
Additional information: link
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Function ERC20._burn(address,uint256) (#651-659) is not in mixedCase
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#750) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#751) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#768) is not in mixedCase
Function IUniswapV2Router01.WETH() (#788) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#122)" inContext (#116-125)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in StandardToken._transfer(address,address,uint256) (#985-1036):
External calls:
- swapAndSend(tokens) (#1012)
- address(addr()).transfer(newBalance) (#1050)
State variables written after the call(s):
- super._transfer(from,address(this),fees) (#1030)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#615)
- _balances[recipient] = _balances[recipient].add(amount) (#616)
- super._transfer(from,to,amount) (#1035)
- _balances[sender] = _balances[sender].sub(amount,ERC20: transfer amount exceeds balance) (#615)
- _balances[recipient] = _balances[recipient].add(amount) (#616)
- swapping = false (#1015)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#617)
- super._transfer(from,to,amount) (#1035)
- Transfer(sender,recipient,amount) (#617)
- super._transfer(from,address(this),fees) (#1030)
Reentrancy in StandardToken.constructor(string,string,uint256,address,address) (#954-978):
External calls:
- address(addr_).transfer(msg.value) (#960)
State variables written after the call(s):
- _mint(owner(),supply_ * (10 ** 18)) (#977)
- _balances[account] = _balances[account].add(amount) (#635)
- _isExcludedFromFees[owner()] = true (#970)
- _isExcludedFromFees[address(this)] = true (#971)
- _mint(owner(),supply_ * (10 ** 18)) (#977)
- _totalSupply = _totalSupply.add(amount) (#634)
- automatedMarketMakerPairs[_uniswapV2Pair] = true (#968)
- uniswapV2Pair = _uniswapV2Pair (#966)
- uniswapV2Router = _uniswapV2Router (#965)
Event emitted after the call(s):
- Transfer(address(0),account,amount) (#636)
- _mint(owner(),supply_ * (10 ** 18)) (#977)
- Transfer(address(0),addr(),0) (#637)
- _mint(owner(),supply_ * (10 ** 18)) (#977)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#793) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#794)
Variable StandardToken.constructor(string,string,uint256,address,address)._uniswapV2Router (#958) is too similar to StandardToken.constructor(string,string,uint256,address,address).uniswapV2Router_ (#954)
Prevent variables from having similar names.
Additional information: link
SafeMathInt.MAX_INT256 (#276) is never used in SafeMathInt (#274-332)
Remove unused state variables.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#383-386)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#392-396)
name() should be declared external:
- ERC20.name() (#456-458)
symbol() should be declared external:
- ERC20.symbol() (#464-466)
decimals() should be declared external:
- ERC20.decimals() (#481-483)
totalSupply() should be declared external:
- ERC20.totalSupply() (#488-490)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (#508-511)
allowance(address,address) should be declared external:
- ERC20.allowance(address,address) (#516-518)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (#527-530)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (#545-553)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (#567-570)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (#586-589)
_burn(address,uint256) should be declared external:
- ERC20._burn(address,uint256) (#651-659)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts