Venus Token

Venus.withdrawBNBMarket() (#1058-1060) sends eth to arbitrary user
Dangerous calls:
- address(market).transfer(address(this).balance) (#1059)
Ensure that an arbitrary user cannot withdraw unauthorized funds.

Additional information: link

Venus.withdrawToken(address,address,uint256) (#1066-1072) ignores return value by IBEP20(token).transfer(recipient,amount) (#1071)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.

Additional information: link

Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)

Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.

Contract ownership is not renounced (belongs to a wallet)

Venus.allowance(address,address).owner (#923) shadows:
- Ownable.owner() (#463-465) (function)
Venus._approve(address,address,uint256).owner (#1092) shadows:
- Ownable.owner() (#463-465) (function)
Rename the local variables that shadow another component.

Additional information: link

Venus.setMarketFeePercent(uint256,uint256) (#1030-1036) should emit an event for:
- buyMarketFee = _buyMarketFee (#1034)
- sellMarketFee = _sellMarketFee (#1035)
Venus.setRecommendFeePercent(uint256,uint256) (#1038-1044) should emit an event for:
- buyRecommendFee = _buyRecommendFee (#1042)
- sellRecommendFee = _sellRecommendFee (#1043)
Venus.setRecommendAmount(uint256) (#1046-1048) should emit an event for:
- recommendAmount = _recommendAmount * 10 ** _decimals (#1047)
Emit an event for critical parameter changes.

Additional information: link

Venus.withdrawBNB(address).recipient (#1062) lacks a zero-check on :
- address(recipient).transfer(address(this).balance) (#1063)
Check that the address is not zero.

Additional information: link

Reentrancy in Venus.constructor() (#874-892):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#881-882)
State variables written after the call(s):
- excludeFromFees(owner(),true) (#887)
- _isExcludedFromFees[account] = excluded (#991)
- excludeFromFees(market,true) (#888)
- _isExcludedFromFees[account] = excluded (#991)
- excludeFromFees(address(this),true) (#889)
- _isExcludedFromFees[account] = excluded (#991)
- uniswapV2Router = _uniswapV2Router (#885)
Apply the check-effects-interactions pattern.

Additional information: link

Reentrancy in Venus.constructor() (#874-892):
External calls:
- uniswapV2Pair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#881-882)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_tTotal) (#891)
Apply the check-effects-interactions pattern.

Additional information: link

Address.isContract(address) (#272-283) uses assembly
- INLINE ASM (#279-281)
Address._functionCallWithValue(address,bytes,uint256,string) (#398-426) uses assembly
- INLINE ASM (#418-421)
Do not use evm assembly.

Additional information: link

Venus.setTradeEnabled() (#1050-1056) compares to a boolean constant:
-require(bool,string)(tradeEnabled != true,tradeEnabled is true) (#1051)
Remove the equality to the boolean constant.

Additional information: link

Venus._checkLiquidityAdd(address,address) (#1082-1089) has costly operations inside a loop:
- _hasLiqBeenAdded = true (#1087)
Use a local variable to hold the loop computation result.

Additional information: link

Address._functionCallWithValue(address,bytes,uint256,string) (#398-426) is never used and should be removed
Address.functionCall(address,bytes) (#333-338) is never used and should be removed
Address.functionCall(address,bytes,string) (#346-352) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#365-377) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#385-396) is never used and should be removed
Address.isContract(address) (#272-283) is never used and should be removed
Address.sendValue(address,uint256) (#301-313) is never used and should be removed
Context._msgData() (#245-248) is never used and should be removed
SafeMath.mod(uint256,uint256) (#214-216) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#230-237) is never used and should be removed
Remove unused functions.

Additional information: link

Venus._tTotal (#857) is set pre-construction with a non-constant function or state variable:
- 6900000000 * 10 ** _decimals
Venus.recommendAmount (#864) is set pre-construction with a non-constant function or state variable:
- 1 * 10 ** (_decimals - 1)
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.

Additional information: link

Low level call in Address.sendValue(address,uint256) (#301-313):
- (success) = recipient.call{value: amount}() (#308)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#398-426):
- (success,returndata) = target.call{value: weiValue}(data) (#407-409)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#564) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#566) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#597) is not in mixedCase
Function IUniswapV2Router.WETH() (#643) is not in mixedCase
Parameter Venus.setMarketFeePercent(uint256,uint256)._buyMarketFee (#1030) is not in mixedCase
Parameter Venus.setMarketFeePercent(uint256,uint256)._sellMarketFee (#1030) is not in mixedCase
Parameter Venus.setRecommendFeePercent(uint256,uint256)._buyRecommendFee (#1039) is not in mixedCase
Parameter Venus.setRecommendFeePercent(uint256,uint256)._sellRecommendFee (#1040) is not in mixedCase
Parameter Venus.setRecommendAmount(uint256)._recommendAmount (#1046) is not in mixedCase
Variable Venus._hasLiqBeenAdded (#870) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

Redundant expression "this (#246)" inContext (#240-249)
Remove redundant statements if they congest code but offer no value.

Additional information: link

Variable IUniswapV2Router.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#648) is too similar to IUniswapV2Router.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#649)
Prevent variables from having similar names.

Additional information: link

Venus.slitherConstructorVariables() (#844-1202) uses literals with too many digits:
- _tTotal = 6900000000 * 10 ** _decimals (#857)
Use: Ether suffix, Time suffix, or The scientific notation

Additional information: link

Ownable._previousOwner (#443) is never used in Venus (#844-1202)
Ownable._lockTime (#444) is never used in Venus (#844-1202)
Remove unused state variables.

Additional information: link

Ownable._lockTime (#444) should be constant
Ownable._previousOwner (#443) should be constant
Venus._decimals (#856) should be constant
Venus._name (#854) should be constant
Venus._symbol (#855) should be constant
Add the constant attributes to state variables that never change.

Additional information: link

Venus._transfer(address,address,uint256).MFee (#1141) is a local variable never initialized
Venus._transfer(address,address,uint256).RFee (#1140) is a local variable never initialized
Venus._transfer(address,address,uint256).fees (#1139) is a local variable never initialized
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#482-485)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#491-498)
name() should be declared external:
- Venus.name() (#894-896)
symbol() should be declared external:
- Venus.symbol() (#898-900)
decimals() should be declared external:
- Venus.decimals() (#902-904)
totalSupply() should be declared external:
- Venus.totalSupply() (#906-908)
transfer(address,uint256) should be declared external:
- Venus.transfer(address,uint256) (#914-921)
allowance(address,address) should be declared external:
- Venus.allowance(address,address) (#923-930)
approve(address,uint256) should be declared external:
- Venus.approve(address,uint256) (#932-939)
transferFrom(address,address,uint256) should be declared external:
- Venus.transferFrom(address,address,uint256) (#941-956)
increaseAllowance(address,uint256) should be declared external:
- Venus.increaseAllowance(address,uint256) (#958-969)
decreaseAllowance(address,uint256) should be declared external:
- Venus.decreaseAllowance(address,uint256) (#971-985)
excludeMultipleAccountsFromFees(address[],bool) should be declared external:
- Venus.excludeMultipleAccountsFromFees(address[],bool) (#995-1002)
multiTransfer4AirDrop(address[],uint256) should be declared external:
- Venus.multiTransfer4AirDrop(address[],uint256) (#1013-1023)
withdrawBNBMarket() should be declared external:
- Venus.withdrawBNBMarket() (#1058-1060)
withdrawBNB(address) should be declared external:
- Venus.withdrawBNB(address) (#1062-1064)
withdrawToken(address,address,uint256) should be declared external:
- Venus.withdrawToken(address,address,uint256) (#1066-1072)
isExcludedFromFees(address) should be declared external:
- Venus.isExcludedFromFees(address) (#1074-1076)
Use the external attribute for functions never called from the contract.

Additional information: link

Not a direct threat, but may indicate unreliable intentions of developer. Widespread names (e.g. Elon, King, Moon, Doge) are common among meme-tokens and scams. The allow to gain free hype and attract unexperienced investors.

Contract has 5% buy tax and 0% sell tax.
Taxes are low but contract ownership is not renounced. Token has a high risk of becoming a honeypot.

Token is deployed only at one blockchain

Token has only one trading pair

Unable to find website, listings and other project-related information

Young tokens have high risks of scam / price dump / death

Token has no active CoinGecko listing / rank

Token has no active CoinMarketCap listing / rank