The Troller is the first competition NFT Marketplace , Tournament gaming style and it is dedicated to themed Trolls & Memes NFTs , bringing talented NFT Artists to compete in order to create the best NFT Troll /Meme for the chosen ( Guest ) and win big prizes for the top winners.
Troller.addLiquidity(uint256,uint256) (contracts/Troller.sol#1313-1326) sends eth to arbitrary user
Dangerous calls:
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in Troller._transfer(address,address,uint256) (contracts/Troller.sol#1153-1229):
External calls:
- swapAndLiquify(contractTokenBalance) (contracts/Troller.sol#1211)
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
- pcsV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (contracts/Troller.sol#1287-1293)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (contracts/Troller.sol#1211)
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee) (contracts/Troller.sol#1228)
- _burnFee = _previousBurnFee (contracts/Troller.sol#1136)
- _burnFee = 0 (contracts/Troller.sol#1128)
- _tokenTransfer(from,to,amount,takeFee) (contracts/Troller.sol#1228)
- _liquidityFee = _previousLiquidityFee (contracts/Troller.sol#1135)
- _liquidityFee = 0 (contracts/Troller.sol#1127)
- _tokenTransfer(from,to,amount,takeFee) (contracts/Troller.sol#1228)
- _rOwned[address(this)] = _rOwned[address(this)].add(rLiquidity) (contracts/Troller.sol#1100)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (contracts/Troller.sol#1351)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (contracts/Troller.sol#1360)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (contracts/Troller.sol#1352)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (contracts/Troller.sol#1371)
- _rOwned[sender] = _rOwned[sender].sub(rAmount) (contracts/Troller.sol#1381)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (contracts/Troller.sol#1372)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (contracts/Troller.sol#1362)
- _rOwned[recipient] = _rOwned[recipient].add(rTransferAmount) (contracts/Troller.sol#1383)
- _tokenTransfer(from,to,amount,takeFee) (contracts/Troller.sol#1228)
- _rTotal = _rTotal.sub(rFee) (contracts/Troller.sol#1055)
- _tokenTransfer(from,to,amount,takeFee) (contracts/Troller.sol#1228)
- _tOwned[address(this)] = _tOwned[address(this)].add(tLiquidity) (contracts/Troller.sol#1102)
- _tOwned[sender] = _tOwned[sender].sub(tAmount) (contracts/Troller.sol#1370)
- _tOwned[sender] = _tOwned[sender].sub(tAmount) (contracts/Troller.sol#1380)
- _tOwned[recipient] = _tOwned[recipient].add(tTransferAmount) (contracts/Troller.sol#1361)
- _tOwned[recipient] = _tOwned[recipient].add(tTransferAmount) (contracts/Troller.sol#1382)
- _tokenTransfer(from,to,amount,takeFee) (contracts/Troller.sol#1228)
- _walletFee = _previousWalletFee (contracts/Troller.sol#1137)
- _walletFee = 0 (contracts/Troller.sol#1129)
Apply the check-effects-interactions pattern.
Additional information: link
Troller.recoverBEP20(address,uint256) (contracts/Troller.sol#1405-1409) ignores return value by IERC20(tokenAddress).transfer(owner(),tokenAmount) (contracts/Troller.sol#1408)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains
Troller.setAllFeePercent(uint8,uint8,uint8,uint8) (contracts/Troller.sol#1012-1022) contains a tautology or contradiction:
- require(bool,string)(walletFee >= 0 && walletFee <= maxWalletFee,WF err) (contracts/Troller.sol#1016)
Fix the incorrect comparison by changing the value type or the comparison.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Troller.swapAndLiquify(uint256) (contracts/Troller.sol#1231-1275) performs a multiplication on the result of a division:
-spentAmount = contractTokenBalance.div(totFee).mul(_walletFee) (contracts/Troller.sol#1244)
Consider ordering multiplication before division.
Additional information: link
Troller.safeLaunch_addToBlackList(address[]).i (contracts/Troller.sol#845) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Troller.addLiquidity(uint256,uint256) (contracts/Troller.sol#1313-1326) ignores return value by pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
Ensure that all the return values of the function calls are used.
Additional information: link
Troller._approve(address,address,uint256).owner (contracts/Troller.sol#1145) shadows:
- Ownable.owner() (contracts/Troller.sol#552-554) (function)
Rename the local variables that shadow another component.
Additional information: link
Troller.setMaxWalletPercent(uint256) (contracts/Troller.sol#1033-1038) should emit an event for:
- _maxWalletAmount = _tTotal.mul(maxWalletPercent).div(10 ** 2) (contracts/Troller.sol#1035-1037)
Emit an event for critical parameter changes.
Additional information: link
Troller.setRouter(address).newRouter (contracts/Troller.sol#903) lacks a zero-check on :
- router = newRouter (contracts/Troller.sol#904)
Check that the address is not zero.
Additional information: link
Reentrancy in Troller.transferFrom(address,address,uint256) (contracts/Troller.sol#942-946):
External calls:
- _transfer(sender,recipient,amount) (contracts/Troller.sol#943)
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
- pcsV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (contracts/Troller.sol#1287-1293)
External calls sending eth:
- _transfer(sender,recipient,amount) (contracts/Troller.sol#943)
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/Troller.sol#944)
- _allowances[owner][spender] = amount (contracts/Troller.sol#1149)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in Troller.transferFrom(address,address,uint256) (contracts/Troller.sol#942-946):
External calls:
- _transfer(sender,recipient,amount) (contracts/Troller.sol#943)
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
- pcsV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (contracts/Troller.sol#1287-1293)
External calls sending eth:
- _transfer(sender,recipient,amount) (contracts/Troller.sol#943)
- pcsV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,dead,block.timestamp) (contracts/Troller.sol#1318-1325)
Event emitted after the call(s):
- Approval(owner,spender,amount) (contracts/Troller.sol#1150)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (contracts/Troller.sol#944)
Apply the check-effects-interactions pattern.
Additional information: link
Troller._transfer(address,address,uint256) (contracts/Troller.sol#1153-1229) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(buy_buy[to] < block.timestamp,Need to wait a few seconds before you can buy again.) (contracts/Troller.sol#1170)
- require(bool,string)(buy_sell[from] < block.timestamp,Need to wait a few seconds before selling.) (contracts/Troller.sol#1181)
Avoid relying on block.timestamp.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (contracts/Troller.sol#434-455) uses assembly
- INLINE ASM (contracts/Troller.sol#447-450)
Do not use evm assembly.
Additional information: link
Troller.swapBNBForTokens(uint256) (contracts/Troller.sol#1296-1311) is never used and should be removed
Remove unused functions.
Additional information: link
Troller._previousWalletFee (contracts/Troller.sol#799) is set pre-construction with a non-constant function or state variable:
- _walletFee
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
solc-0.8.6 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (contracts/Troller.sol#434-455):
- (success,returndata) = target.call{value: weiValue}(data) (contracts/Troller.sol#438)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Variable Troller.buy_sell (contracts/Troller.sol#823) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (contracts/Troller.sol#314)" inContext (contracts/Troller.sol#308-317)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Variable Troller.reflectionFromToken(uint256,bool).rTransferAmount (contracts/Troller.sol#981) is too similar to Troller._transferFromExcluded(address,address,uint256).tTransferAmount (contracts/Troller.sol#1369)
Prevent variables from having similar names.
Additional information: link
Troller.slitherConstructorVariables() (contracts/Troller.sol#750-1411) uses literals with too many digits:
- dead = 0x000000000000000000000000000000000000dEaD (contracts/Troller.sol#755)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Troller.minMxWalletPercentage (contracts/Troller.sol#762) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
recoverBEP20(address,uint256) should be declared external:
- Troller.recoverBEP20(address,uint256) (contracts/Troller.sol#1405-1409)
Use the external attribute for functions never called from the contract.
Additional information: link
Young tokens have high risks of price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of scam / price dump / death
Young tokens have high risks of price dump / death
Token has relatively low CoinGecko rank
Token has relatively low CoinMarketCap rank
Twitter account link seems to be invalid
Unable to find Discord account