Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
tigerkin.addLiquidity(uint256,uint256) (#775-788) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in tigerkin._transfer(address,address,uint256) (#684-722):
External calls:
- swapAndLiquify(contractTokenBalance) (#706)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#706)
- recipient.transfer(amount) (#648)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#709)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#717)
- finalAmount = takeFee(sender,recipient,amount) (#711-712)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#802)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
tigerkin.addLiquidity(uint256,uint256) (#775-788) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
Ensure that all the return values of the function calls are used.
Additional information: link
tigerkin.allowance(address,address).owner (#539) shadows:
- Ownable.owner() (#172-174) (function)
tigerkin._approve(address,address,uint256).owner (#562) shadows:
- Ownable.owner() (#172-174) (function)
Rename the local variables that shadow another component.
Additional information: link
tigerkin.setBuyTaxes(uint256,uint256,uint256) (#582-588) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#587)
tigerkin.setSellTaxes(uint256,uint256,uint256) (#590-596) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#595)
tigerkin.setDistributionSettings(uint256,uint256,uint256) (#598-604) should emit an event for:
- _liquidityShare = newLiquidityShare (#599)
- _teamShare = newTeamShare (#601)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#603)
tigerkin.setMaxTxAmount(uint256) (#606-608) should emit an event for:
- _maxTxAmount = maxTxAmount (#607)
tigerkin.setWalletLimit(uint256) (#618-620) should emit an event for:
- _walletMax = newLimit (#619)
tigerkin.setNumTokensBeforeSwap(uint256) (#622-624) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#623)
Emit an event for critical parameter changes.
Additional information: link
tigerkin.setMarketingWalletAddress(address).newAddress (#626) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#627)
tigerkin.setTeamWalletAddress(address).newAddress (#630) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#631)
Check that the address is not zero.
Additional information: link
Reentrancy in tigerkin.changeRouterVersion(address) (#651-668):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#659-660)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#667)
- isWalletLimitExempt[address(uniswapPair)] = true (#666)
- uniswapPair = newPairAddress (#663)
- uniswapV2Router = _uniswapV2Router (#664)
Reentrancy in tigerkin.constructor() (#489-517):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#493-494)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#497)
- _balances[_msgSender()] = _totalSupply (#515)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#504)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#502)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#503)
- isExcludedFromFee[owner()] = true (#499)
- isExcludedFromFee[address(this)] = true (#500)
- isMarketPair[address(uniswapPair)] = true (#513)
- isTxLimitExempt[owner()] = true (#510)
- isTxLimitExempt[address(this)] = true (#511)
- isWalletLimitExempt[owner()] = true (#506)
- isWalletLimitExempt[address(uniswapPair)] = true (#507)
- isWalletLimitExempt[address(this)] = true (#508)
- uniswapV2Router = _uniswapV2Router (#496)
Reentrancy in tigerkin.swapAndLiquify(uint256) (#731-753):
External calls:
- swapTokensForEth(tokensForSwap) (#736)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#746)
- recipient.transfer(amount) (#648)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#749)
- recipient.transfer(amount) (#648)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- _allowances[owner][spender] = amount (#566)
Reentrancy in tigerkin.transferFrom(address,address,uint256) (#678-682):
External calls:
- _transfer(sender,recipient,amount) (#679)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
External calls sending eth:
- _transfer(sender,recipient,amount) (#679)
- recipient.transfer(amount) (#648)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#680)
- _allowances[owner][spender] = amount (#566)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in tigerkin._transfer(address,address,uint256) (#684-722):
External calls:
- swapAndLiquify(contractTokenBalance) (#706)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#706)
- recipient.transfer(amount) (#648)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#803)
- finalAmount = takeFee(sender,recipient,amount) (#711-712)
- Transfer(sender,recipient,finalAmount) (#719)
Reentrancy in tigerkin.constructor() (#489-517):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#493-494)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#516)
Reentrancy in tigerkin.swapAndLiquify(uint256) (#731-753):
External calls:
- swapTokensForEth(tokensForSwap) (#736)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#746)
- recipient.transfer(amount) (#648)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#749)
- recipient.transfer(amount) (#648)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#567)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
Reentrancy in tigerkin.swapTokensForEth(uint256) (#755-773):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#772)
Reentrancy in tigerkin.transferFrom(address,address,uint256) (#678-682):
External calls:
- _transfer(sender,recipient,amount) (#679)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#764-770)
External calls sending eth:
- _transfer(sender,recipient,amount) (#679)
- recipient.transfer(amount) (#648)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#567)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#680)
Apply the check-effects-interactions pattern.
Additional information: link
Ownable.unlock() (#207-212) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(block.timestamp > _lockTime,Contract is locked until 7 days) (#209)
Avoid relying on block.timestamp.
Additional information: link
Address.isContract(address) (#103-112) uses assembly
- INLINE ASM (#110)
Address._functionCallWithValue(address,bytes,uint256,string) (#139-156) uses assembly
- INLINE ASM (#148-151)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#139-156) is never used and should be removed
Address.functionCall(address,bytes) (#122-124) is never used and should be removed
Address.functionCall(address,bytes,string) (#126-128) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#130-132) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#134-137) is never used and should be removed
Address.isContract(address) (#103-112) is never used and should be removed
Address.sendValue(address,uint256) (#114-120) is never used and should be removed
Context._msgData() (#30-33) is never used and should be removed
SafeMath.mod(uint256,uint256) (#91-93) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#95-98) is never used and should be removed
Remove unused functions.
Additional information: link
tigerkin._totalSupply (#453) is set pre-construction with a non-constant function or state variable:
- 10000000000 * 10 ** 6 * 10 ** _decimals
tigerkin._maxTxAmount (#454) is set pre-construction with a non-constant function or state variable:
- 10000000000 * 10 ** 6 * 10 ** _decimals
tigerkin._walletMax (#455) is set pre-construction with a non-constant function or state variable:
- 10000000000 * 10 ** 6 * 10 ** _decimals
tigerkin.minimumTokensBeforeSwap (#456) is set pre-construction with a non-constant function or state variable:
- 10000000000 * 10 ** 1 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#114-120):
- (success) = recipient.call{value: amount}() (#118)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#139-156):
- (success,returndata) = target.call{value: weiValue}(data) (#142)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#246) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#247) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#263) is not in mixedCase
Function IUniswapV2Router01.WETH() (#282) is not in mixedCase
Contract tigerkin (#415-810) is not in CapWords
Parameter tigerkin.setSwapAndLiquifyEnabled(bool)._enabled (#634) is not in mixedCase
Variable tigerkin.OwnerAddress (#426) is not in mixedCase
Variable tigerkin._balances (#429) is not in mixedCase
Variable tigerkin._buyLiquidityFee (#437) is not in mixedCase
Variable tigerkin._buyMarketingFee (#438) is not in mixedCase
Variable tigerkin._buyTeamFee (#439) is not in mixedCase
Variable tigerkin._sellLiquidityFee (#441) is not in mixedCase
Variable tigerkin._sellMarketingFee (#442) is not in mixedCase
Variable tigerkin._sellTeamFee (#443) is not in mixedCase
Variable tigerkin._liquidityShare (#445) is not in mixedCase
Variable tigerkin._marketingShare (#446) is not in mixedCase
Variable tigerkin._teamShare (#447) is not in mixedCase
Variable tigerkin._totalTaxIfBuying (#449) is not in mixedCase
Variable tigerkin._totalTaxIfSelling (#450) is not in mixedCase
Variable tigerkin._totalDistributionShares (#451) is not in mixedCase
Variable tigerkin._maxTxAmount (#454) is not in mixedCase
Variable tigerkin._walletMax (#455) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#31)" inContext (#24-34)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in tigerkin._transfer(address,address,uint256) (#684-722):
External calls:
- swapAndLiquify(contractTokenBalance) (#706)
- recipient.transfer(amount) (#648)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#706)
- recipient.transfer(amount) (#648)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#709)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#717)
- finalAmount = takeFee(sender,recipient,amount) (#711-712)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#802)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#803)
- finalAmount = takeFee(sender,recipient,amount) (#711-712)
- Transfer(sender,recipient,finalAmount) (#719)
Reentrancy in tigerkin.swapAndLiquify(uint256) (#731-753):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#746)
- recipient.transfer(amount) (#648)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#749)
- recipient.transfer(amount) (#648)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#746)
- recipient.transfer(amount) (#648)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#749)
- recipient.transfer(amount) (#648)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
- _allowances[owner][spender] = amount (#566)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#567)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#752)
Reentrancy in tigerkin.transferFrom(address,address,uint256) (#678-682):
External calls:
- _transfer(sender,recipient,amount) (#679)
- recipient.transfer(amount) (#648)
External calls sending eth:
- _transfer(sender,recipient,amount) (#679)
- recipient.transfer(amount) (#648)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,OwnerAddress,block.timestamp) (#780-787)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#680)
- _allowances[owner][spender] = amount (#566)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#567)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#680)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#287) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#288)
Prevent variables from having similar names.
Additional information: link
tigerkin.slitherConstructorVariables() (#415-810) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#427)
tigerkin.slitherConstructorVariables() (#415-810) uses literals with too many digits:
- _totalSupply = 10000000000 * 10 ** 6 * 10 ** _decimals (#453)
tigerkin.slitherConstructorVariables() (#415-810) uses literals with too many digits:
- _maxTxAmount = 10000000000 * 10 ** 6 * 10 ** _decimals (#454)
tigerkin.slitherConstructorVariables() (#415-810) uses literals with too many digits:
- _walletMax = 10000000000 * 10 ** 6 * 10 ** _decimals (#455)
tigerkin.slitherConstructorVariables() (#415-810) uses literals with too many digits:
- minimumTokensBeforeSwap = 10000000000 * 10 ** 1 * 10 ** _decimals (#456)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
tigerkin.OwnerAddress (#426) should be constant
tigerkin._decimals (#422) should be constant
tigerkin._name (#420) should be constant
tigerkin._symbol (#421) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#181-184)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#186-190)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#192-194)
getTime() should be declared external:
- Ownable.getTime() (#196-198)
lock(uint256) should be declared external:
- Ownable.lock(uint256) (#200-205)
unlock() should be declared external:
- Ownable.unlock() (#207-212)
name() should be declared external:
- tigerkin.name() (#519-521)
symbol() should be declared external:
- tigerkin.symbol() (#523-525)
decimals() should be declared external:
- tigerkin.decimals() (#527-529)
totalSupply() should be declared external:
- tigerkin.totalSupply() (#531-533)
allowance(address,address) should be declared external:
- tigerkin.allowance(address,address) (#539-541)
increaseAllowance(address,uint256) should be declared external:
- tigerkin.increaseAllowance(address,uint256) (#543-546)
decreaseAllowance(address,uint256) should be declared external:
- tigerkin.decreaseAllowance(address,uint256) (#548-551)
minimumTokensBeforeSwapAmount() should be declared external:
- tigerkin.minimumTokensBeforeSwapAmount() (#553-555)
approve(address,uint256) should be declared external:
- tigerkin.approve(address,uint256) (#557-560)
setMarketPairStatus(address,bool) should be declared external:
- tigerkin.setMarketPairStatus(address,bool) (#570-572)
setIsExcludedFromFee(address,bool) should be declared external:
- tigerkin.setIsExcludedFromFee(address,bool) (#578-580)
setSwapAndLiquifyEnabled(bool) should be declared external:
- tigerkin.setSwapAndLiquifyEnabled(bool) (#634-637)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- tigerkin.setSwapAndLiquifyByLimitOnly(bool) (#639-641)
getCirculatingSupply() should be declared external:
- tigerkin.getCirculatingSupply() (#643-645)
changeRouterVersion(address) should be declared external:
- tigerkin.changeRouterVersion(address) (#651-668)
transfer(address,uint256) should be declared external:
- tigerkin.transfer(address,uint256) (#673-676)
transferFrom(address,address,uint256) should be declared external:
- tigerkin.transferFrom(address,address,uint256) (#678-682)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts