Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
VALENT.addLiquidity(uint256,uint256) (#491-504) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in VALENT._transfer(address,address,uint256) (#413-430):
External calls:
- swapAndLiquify(swapTokensAtAmount) (#426)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- address(marketingWallet).sendValue(marketingAmt) (#486)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount) (#426)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
- _rOwned[address(this)] += rMarketing (#339)
- _rOwned[address(this)] += rLiquidity (#329)
- _rOwned[deadAddress] += rBurn (#349)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#445)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#446)
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
- _rTotal -= rRfi (#318)
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
- _tOwned[address(this)] += tLiquidity (#327)
- _tOwned[deadAddress] += tBurn (#347)
- _tOwned[sender] = _tOwned[sender] - tAmount (#439)
- _tOwned[address(this)] += tMarketing (#337)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#442)
Apply the check-effects-interactions pattern.
Additional information: link
VALENT.rescueAnyBEP20Tokens(address,address,uint256) (#559-561) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#560)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
VALENT.swapAndLiquify(uint256) (#465-489) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - taxes.liquidity) (#476)
-bnbToAddLiquidityWith = unitBalance * taxes.liquidity (#477)
VALENT.swapAndLiquify(uint256) (#465-489) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - taxes.liquidity) (#476)
-marketingAmt = unitBalance * 2 * taxes.marketing (#484)
Consider ordering multiplication before division.
Additional information: link
VALENT.addLiquidity(uint256,uint256) (#491-504) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
Ensure that all the return values of the function calls are used.
Additional information: link
VALENT.allowance(address,address).owner (#224) shadows:
- Ownable.owner() (#57-59) (function)
VALENT._approve(address,address,uint256).owner (#405) shadows:
- Ownable.owner() (#57-59) (function)
Rename the local variables that shadow another component.
Additional information: link
VALENT.updateMaxTxAmount(uint256) (#529-531) should emit an event for:
- maxTxAmount = amount * 10 ** _decimals (#530)
VALENT.updateMaxWalletBalance(uint256) (#533-535) should emit an event for:
- maxWalletAmount = amount * 10 ** _decimals (#534)
VALENT.updateSwapTokensAtAmount(uint256) (#537-539) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#538)
Emit an event for critical parameter changes.
Additional information: link
VALENT.updatemarketingWallet(address).newWallet (#524) lacks a zero-check on :
- marketingWallet = newWallet (#525)
VALENT.updateRouterAndPair(address,address).newPair (#545) lacks a zero-check on :
- pair = newPair (#548)
Check that the address is not zero.
Additional information: link
Reentrancy in VALENT._transfer(address,address,uint256) (#413-430):
External calls:
- swapAndLiquify(swapTokensAtAmount) (#426)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- address(marketingWallet).sendValue(marketingAmt) (#486)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount) (#426)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
- totFeesPaid.liquidity += tLiquidity (#323)
- totFeesPaid.burn += tBurn (#343)
- totFeesPaid.marketing += tMarketing (#333)
- totFeesPaid.rfi += tRfi (#319)
Reentrancy in VALENT.constructor() (#179-198):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#182-183)
State variables written after the call(s):
- excludeFromReward(pair) (#188)
- _excluded.push(account) (#283)
- excludeFromReward(deadAddress) (#189)
- _excluded.push(account) (#283)
- excludeFromReward(pair) (#188)
- _isExcluded[account] = true (#282)
- excludeFromReward(deadAddress) (#189)
- _isExcluded[account] = true (#282)
- _isExcludedFromFee[owner()] = true (#192)
- _isExcludedFromFee[address(this)] = true (#193)
- _isExcludedFromFee[marketingWallet] = true (#194)
- _isExcludedFromFee[deadAddress] = true (#195)
- _rOwned[owner()] = _rTotal (#191)
- excludeFromReward(pair) (#188)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#280)
- excludeFromReward(deadAddress) (#189)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#280)
- pair = _pair (#186)
- router = _router (#185)
Reentrancy in VALENT.swapAndLiquify(uint256) (#465-489):
External calls:
- swapTokensForBNB(toSwap) (#473)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#481)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#481)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#481)
- _allowances[owner][spender] = amount (#408)
Reentrancy in VALENT.transferFrom(address,address,uint256) (#233-241):
External calls:
- _transfer(sender,recipient,amount) (#234)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- address(marketingWallet).sendValue(marketingAmt) (#486)
External calls sending eth:
- _transfer(sender,recipient,amount) (#234)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#238)
- _allowances[owner][spender] = amount (#408)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in VALENT._transfer(address,address,uint256) (#413-430):
External calls:
- swapAndLiquify(swapTokensAtAmount) (#426)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- address(marketingWallet).sendValue(marketingAmt) (#486)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount) (#426)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
Event emitted after the call(s):
- Transfer(sender,deadAddress,s.tBurn) (#457)
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
- Transfer(sender,recipient,s.tTransferAmount) (#460)
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing) (#461)
- _tokenTransfer(from,to,amount,! (_isExcludedFromFee[from] || _isExcludedFromFee[to])) (#429)
Reentrancy in VALENT.constructor() (#179-198):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#182-183)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#197)
Reentrancy in VALENT.swapAndLiquify(uint256) (#465-489):
External calls:
- swapTokensForBNB(toSwap) (#473)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#481)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#481)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#409)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#481)
Reentrancy in VALENT.transferFrom(address,address,uint256) (#233-241):
External calls:
- _transfer(sender,recipient,amount) (#234)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#515-521)
- address(marketingWallet).sendValue(marketingAmt) (#486)
External calls sending eth:
- _transfer(sender,recipient,amount) (#234)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,marketingWallet,block.timestamp) (#496-503)
- (success) = recipient.call{value: amount}() (#32)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#409)
- _approve(sender,_msgSender(),currentAllowance - amount) (#238)
Apply the check-effects-interactions pattern.
Additional information: link
VALENT.includeInReward(address) (#286-297) has costly operations inside a loop:
- _excluded.pop() (#293)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#42-45) is never used and should be removed
Remove unused functions.
Additional information: link
VALENT._rTotal (#127) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.8.10 (#4) necessitates a version too recent to be trusted. Consider deploying with 0.6.12/0.7.6/0.8.7
solc-0.8.10 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#29-34):
- (success) = recipient.call{value: amount}() (#32)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IRouter.WETH() (#88) is not in mixedCase
Struct VALENT.valuesFromGetValues (#157-169) is not in CapWords
Parameter VALENT.setTaxes(uint256,uint256,uint256,uint256)._rfi (#313) is not in mixedCase
Parameter VALENT.setTaxes(uint256,uint256,uint256,uint256)._marketing (#313) is not in mixedCase
Parameter VALENT.setTaxes(uint256,uint256,uint256,uint256)._liquidity (#313) is not in mixedCase
Parameter VALENT.setTaxes(uint256,uint256,uint256,uint256)._burn (#313) is not in mixedCase
Parameter VALENT.updateSwapEnabled(bool)._enabled (#541) is not in mixedCase
Parameter VALENT.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#559) is not in mixedCase
Parameter VALENT.rescueAnyBEP20Tokens(address,address,uint256)._to (#559) is not in mixedCase
Parameter VALENT.rescueAnyBEP20Tokens(address,address,uint256)._amount (#559) is not in mixedCase
Constant VALENT._decimals (#123) is not in UPPER_CASE_WITH_UNDERSCORES
Constant VALENT.deadAddress (#134) is not in UPPER_CASE_WITH_UNDERSCORES
Constant VALENT._name (#137) is not in UPPER_CASE_WITH_UNDERSCORES
Constant VALENT._symbol (#138) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#43)" inContext (#37-46)
Remove redundant statements if they congest code but offer no value.
Additional information: link
VALENT.slitherConstructorConstantVariables() (#106-566) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#134)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
VALENT._tTotal (#126) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#66-68)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#70-73)
name() should be declared external:
- VALENT.name() (#200-202)
symbol() should be declared external:
- VALENT.symbol() (#203-205)
decimals() should be declared external:
- VALENT.decimals() (#206-208)
totalSupply() should be declared external:
- VALENT.totalSupply() (#210-212)
transfer(address,uint256) should be declared external:
- VALENT.transfer(address,uint256) (#219-222)
allowance(address,address) should be declared external:
- VALENT.allowance(address,address) (#224-226)
approve(address,uint256) should be declared external:
- VALENT.approve(address,uint256) (#228-231)
transferFrom(address,address,uint256) should be declared external:
- VALENT.transferFrom(address,address,uint256) (#233-241)
increaseAllowance(address,uint256) should be declared external:
- VALENT.increaseAllowance(address,uint256) (#243-246)
decreaseAllowance(address,uint256) should be declared external:
- VALENT.decreaseAllowance(address,uint256) (#248-254)
isExcludedFromReward(address) should be declared external:
- VALENT.isExcludedFromReward(address) (#256-258)
reflectionFromToken(uint256,bool) should be declared external:
- VALENT.reflectionFromToken(uint256,bool) (#260-269)
excludeFromFee(address) should be declared external:
- VALENT.excludeFromFee(address) (#300-302)
includeInFee(address) should be declared external:
- VALENT.includeInFee(address) (#304-306)
isExcludedFromFee(address) should be declared external:
- VALENT.isExcludedFromFee(address) (#309-311)
setTaxes(uint256,uint256,uint256,uint256) should be declared external:
- VALENT.setTaxes(uint256,uint256,uint256,uint256) (#313-315)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- VALENT.rescueAnyBEP20Tokens(address,address,uint256) (#559-561)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts