A Decentralized Token that created a Crypto EcoVERSE!
SymBULL, RIDE, CHARGE — BullSwap — Innovative Reward System — BullRUN NFT Game — The SymBULL EcoVerse!
SymBULL is a deflationary token designed to become more scarce over time. All holders of SymBULL will earn 8% reward from every Buy/Sell Transaction in Binance pegged BUSD, which is automatically sent to your wallet by simply holding SymBULL.
SymBULL.buyTokens(uint256,address) (#668-679) sends eth to arbitrary user
Dangerous calls:
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in SymBULL._transferFrom(address,address,uint256) (#522-545):
External calls:
- swapBack() (#527)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(amountToSwap,0,path,address(this),block.timestamp) (#607-613)
- distributor.deposit{value: amountBNBReflection}() (#623)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
- triggerAutoBuyback() (#528)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
External calls sending eth:
- swapBack() (#527)
- distributor.deposit{value: amountBNBReflection}() (#623)
- address(marketingFeeReceiver).transfer(amountBNBMarketing) (#624)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
- triggerAutoBuyback() (#528)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#532)
- _balances[recipient] = _balances[recipient].add(amountReceived) (#536)
- amountReceived = takeFee(sender,recipient,amount) (#534)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#584)
- triggerAutoBuyback() (#528)
- inSwap = true (#461)
- inSwap = false (#461)
Apply the check-effects-interactions pattern.
Additional information: link
BountyDistributor.distributeBounty(address) (#353-364) ignores return value by BUSD.transfer(keeper,amount) (#359)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
BountyDistributor.process(uint256) (#322-346) has costly operations inside a loop:
- currentIndex ++ (#343)
Use a local variable to hold the loop computation result.
Additional information: link
SymBULL.launched() (#697-699) is never used and should be removed
Remove unused functions.
Additional information: link
Reentrancy in BountyDistributor.setShare(address,uint256) (#286-300):
External calls:
- distributeBounty(keeper) (#288)
- BUSD.transfer(keeper,amount) (#359)
State variables written after the call(s):
- shares[keeper].amount = amount (#298)
- shares[keeper].totalExcluded = getCumulativeBountys(shares[keeper].amount) (#299)
Apply the check-effects-interactions pattern.
Additional information: link
SymBULL.swapBack() (#597-639) ignores return value by router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
Ensure that all the return values of the function calls are used.
Additional information: link
SymBULL.setTargetLiquidity(uint256,uint256) (#750-753) should emit an event for:
- targetLiquidity = _target (#751)
- targetLiquidityDenominator = _denominator (#752)
Emit an event for critical parameter changes.
Additional information: link
SymBULL.setFeeReceivers(address,address)._marketingFeeReceiver (#740) lacks a zero-check on :
- marketingFeeReceiver = _marketingFeeReceiver (#742)
Check that the address is not zero.
Additional information: link
Reentrancy in SymBULL.triggerBullRun(uint256,bool) (#649-655):
External calls:
- buyTokens(amount,DEAD) (#650)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
State variables written after the call(s):
- buybackMultiplierTriggeredAt = block.timestamp (#652)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in SymBULL.triggerBullRun(uint256,bool) (#649-655):
External calls:
- buyTokens(amount,DEAD) (#650)
- router.swapExactETHForTokensSupportingFeeOnTransferTokens{value: amount}(0,path,to,block.timestamp) (#673-678)
Event emitted after the call(s):
- BuybackMultiplierActive(buybackMultiplierLength) (#653)
Apply the check-effects-interactions pattern.
Additional information: link
SymBULL.isOverLiquified(uint256,uint256) (#772-774) uses timestamp for comparisons
Dangerous comparisons:
- getLiquidityBacking(accuracy) > target (#773)
Avoid relying on block.timestamp.
Additional information: link
SymBULL.onlyBuybacker() (#496) compares to a boolean constant:
-require(bool,string)(buyBacker[msg.sender] == true,) (#496)
Remove the equality to the boolean constant.
Additional information: link
SymBULL.swapThreshold (#459) is set pre-construction with a non-constant function or state variable:
- _totalSupply / 2000
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
solc-0.8.1 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Variable SymBULL._allowances (#415) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Reentrancy in SymBULL.swapBack() (#597-639):
External calls:
- address(marketingFeeReceiver).transfer(amountBNBMarketing) (#624)
External calls sending eth:
- distributor.deposit{value: amountBNBReflection}() (#623)
- address(marketingFeeReceiver).transfer(amountBNBMarketing) (#624)
- router.addLiquidityETH{value: amountBNBLiquidity}(address(this),amountToLiquify,0,0,autoLiquidityReceiver,block.timestamp) (#629-636)
Event emitted after the call(s):
- AutoLiquify(amountBNBLiquidity,amountToLiquify) (#637)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#183) is too similar to IDEXRouter.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#184)
Prevent variables from having similar names.
Additional information: link
SymBULL.slitherConstructorVariables() (#397-779) uses literals with too many digits:
- distributorGas = 500000 (#456)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SymBULL.DEAD_NON_CHECKSUM (#405) is never used in SymBULL (#397-779)
Remove unused state variables.
Additional information: link
SymBULL._totalSupply (#411) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
launch() should be declared external:
- SymBULL.launch() (#701-705)
Use the external attribute for functions never called from the contract.
Additional information: link
Young tokens have high risks of price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of price dump / death
Token has relatively low CoinGecko rank
Token has relatively low CoinMarketCap rank
Twitter account link seems to be invalid
Unable to find Youtube account
Unable to find Discord account