Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
CatTOKEN.swapAndLiquify(uint256) (#891-920) sends eth to arbitrary user
Dangerous calls:
- marketingAddress.transfer(address(this).balance) (#916)
CatTOKEN.swapETHForTokens(uint256) (#950-963) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.swapExactETHForTokensSupportingFeeOnTransferTokens.value(amount)(0,path,deadAddress,block.timestamp.add(300)) (#957-962)
CatTOKEN.addLiquidity(uint256,uint256) (#966-980) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in CatTOKEN._transfer(address,address,uint256) (#808-840):
External calls:
- swapAndLiquify(numTokensSell) (#833)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
External calls sending eth:
- swapAndLiquify(numTokensSell) (#833)
- recipient.transfer(amount) (#926)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- marketingAddress.transfer(address(this).balance) (#916)
State variables written after the call(s):
- _tokenTransfer(from,to,value,saleFlag) (#837)
- _gonBalances[sender] = _gonBalances[sender].sub(gonValue) (#863)
- _gonBalances[address(this)] = _gonBalances[address(this)].add(rFee) (#887)
- _gonBalances[recipient] = _gonBalances[recipient].add(gonValue) (#864)
- _gonBalances[sender] = _gonBalances[sender].sub(gonDeduct) (#855)
- _gonBalances[recipient] = _gonBalances[recipient].add(gonValue) (#856)
Apply the check-effects-interactions pattern.
Additional information: link
CatTOKEN.burnAutoLP() (#1101-1107) ignores return value by uniswapV2Pair.transfer(owner(),balance) (#1106)
CatTOKEN.recoverWrongTokens(address,uint256) (#1138-1142) ignores return value by IERC20(_tokenAddress).transfer(address(msg.sender),_tokenAmount) (#1140)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Ownable._lockTime (#281) is never initialized. It is used in:
- Ownable.getUnlockTime() (#332-334)
Initialize all the variables. If a variable is meant to be initialized to zero, explicitly set it to zero to improve code readability.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Contract ticker (Victory Cat) contains non-alphanumeric characters.
Not a direct threat, but may indicate unreliable intentions of developer. Non-alphanumeric chars (,.;!#*&") are extremely rare among low risk tokens.
CatTOKEN.addLiquidity(uint256,uint256) (#966-980) ignores return value by uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
Ensure that all the return values of the function calls are used.
Additional information: link
ERC20Detailed.constructor(string,string,uint8).name (#524) shadows:
- ERC20Detailed.name() (#533-535) (function)
ERC20Detailed.constructor(string,string,uint8).symbol (#524) shadows:
- ERC20Detailed.symbol() (#541-543) (function)
ERC20Detailed.constructor(string,string,uint8).decimals (#524) shadows:
- ERC20Detailed.decimals() (#557-559) (function)
CatTOKEN._approve(address,address,uint256).owner (#1001) shadows:
- Ownable.owner() (#302-304) (function)
Rename the local variables that shadow another component.
Additional information: link
CatTOKEN.setMaster(address,address) (#710-717) should emit an event for:
- master = _master (#715)
Emit an event for critical parameter changes.
Additional information: link
CatTOKEN.constructor(address,address)._marketingAddress (#669) lacks a zero-check on :
- marketingAddress = _marketingAddress (#674)
- master = _marketingAddress (#675)
- marketingAddress2 = _marketingAddress (#676)
CatTOKEN.setMaster(address,address)._master (#710) lacks a zero-check on :
- master = _master (#715)
CatTOKEN.setMaster(address,address)._marketingAddress (#710) lacks a zero-check on :
- marketingAddress = _marketingAddress (#716)
CatTOKEN.setMaster2(address,address)._marketingAddress (#723) lacks a zero-check on :
- marketingAddress = _marketingAddress (#729)
CatTOKEN.setMaster2(address,address)._marketingAddress2 (#723) lacks a zero-check on :
- marketingAddress2 = _marketingAddress2 (#730)
CatTOKEN.setLP(address)._lp (#736) lacks a zero-check on :
- lp = _lp (#741)
CatTOKEN.burnBNB(address).burnAddress (#1124) lacks a zero-check on :
- burnAddress.transfer(address(this).balance) (#1125)
Check that the address is not zero.
Additional information: link
Reentrancy in CatTOKEN.constructor(address,address) (#669-703):
External calls:
- uniswapV2PairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#679-680)
State variables written after the call(s):
- _gonBalances[msg.sender] = TOTAL_GONS (#693)
- _gonsPerFragment = TOTAL_GONS.div(_totalSupply) (#694)
- _isExcluded[owner()] = true (#699)
- _isExcluded[address(this)] = true (#700)
- _totalSupply = INITIAL_FRAGMENTS_SUPPLY (#692)
- initialDistributionFinished = false (#696)
- setLP(uniswapV2PairAddress) (#684)
- lp = _lp (#741)
- setLP(uniswapV2PairAddress) (#684)
- lpContract = ILP(_lp) (#742)
- uniswapV2Pair = _uniswapV2Pair (#688)
- uniswapV2Router = _uniswapV2Router (#682)
Reentrancy in CatTOKEN.swapAndLiquify(uint256) (#891-920):
External calls:
- swapTokensForEth(threequarters) (#903)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
External calls sending eth:
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
State variables written after the call(s):
- addLiquidity(onequarter,sharedETH) (#911)
- _allowedFragments[owner][spender] = value (#1005)
Reentrancy in CatTOKEN.transferFrom(address,address,uint256) (#791-799):
External calls:
- _transfer(sender,recipient,amount) (#796)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
External calls sending eth:
- _transfer(sender,recipient,amount) (#796)
- recipient.transfer(amount) (#926)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- marketingAddress.transfer(address(this).balance) (#916)
State variables written after the call(s):
- _approve(sender,msg.sender,_allowedFragments[sender][msg.sender].sub(amount)) (#797)
- _allowedFragments[owner][spender] = value (#1005)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in CatTOKEN._transfer(address,address,uint256) (#808-840):
External calls:
- swapAndLiquify(numTokensSell) (#833)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
External calls sending eth:
- swapAndLiquify(numTokensSell) (#833)
- recipient.transfer(amount) (#926)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- marketingAddress.transfer(address(this).balance) (#916)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#865)
- _tokenTransfer(from,to,value,saleFlag) (#837)
- Transfer(sender,recipient,amount) (#858)
- _tokenTransfer(from,to,value,saleFlag) (#837)
Reentrancy in CatTOKEN.constructor(address,address) (#669-703):
External calls:
- uniswapV2PairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#679-680)
Event emitted after the call(s):
- Transfer(address(0x0),msg.sender,_totalSupply) (#702)
Reentrancy in CatTOKEN.swapAndLiquify(uint256) (#891-920):
External calls:
- swapTokensForEth(threequarters) (#903)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
External calls sending eth:
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
Event emitted after the call(s):
- Approval(owner,spender,value) (#1006)
- addLiquidity(onequarter,sharedETH) (#911)
Reentrancy in CatTOKEN.swapAndLiquify(uint256) (#891-920):
External calls:
- swapTokensForEth(threequarters) (#903)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
External calls sending eth:
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- transferToAddressETH(marketingAddress,sharedETH) (#914)
- recipient.transfer(amount) (#926)
- marketingAddress.transfer(address(this).balance) (#916)
Event emitted after the call(s):
- SwapAndLiquify(threequarters,sharedETH,onequarter) (#918)
Reentrancy in CatTOKEN.transferFrom(address,address,uint256) (#791-799):
External calls:
- _transfer(sender,recipient,amount) (#796)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp.add(300)) (#940-946)
External calls sending eth:
- _transfer(sender,recipient,amount) (#796)
- recipient.transfer(amount) (#926)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- marketingAddress.transfer(address(this).balance) (#916)
Event emitted after the call(s):
- Approval(owner,spender,value) (#1006)
- _approve(sender,msg.sender,_allowedFragments[sender][msg.sender].sub(amount)) (#797)
Apply the check-effects-interactions pattern.
Additional information: link
CatTOKEN.swapETHForTokens(uint256) (#950-963) is never used and should be removed
SafeMath.mod(uint256,uint256) (#426-429) is never used and should be removed
SafeMathInt.abs(int256) (#502-509) is never used and should be removed
SafeMathInt.add(int256,int256) (#489-497) is never used and should be removed
SafeMathInt.div(int256,int256) (#461-471) is never used and should be removed
SafeMathInt.mul(int256,int256) (#445-456) is never used and should be removed
SafeMathInt.sub(int256,int256) (#476-484) is never used and should be removed
Remove unused functions.
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#99) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#100) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#117) is not in mixedCase
Function IUniswapV2Router02.WETH() (#140) is not in mixedCase
Parameter CatTOKEN.setMaster(address,address)._master (#710) is not in mixedCase
Parameter CatTOKEN.setMaster(address,address)._marketingAddress (#710) is not in mixedCase
Parameter CatTOKEN.setMaster2(address,address)._marketingAddress (#723) is not in mixedCase
Parameter CatTOKEN.setMaster2(address,address)._marketingAddress2 (#723) is not in mixedCase
Parameter CatTOKEN.setLP(address)._lp (#736) is not in mixedCase
Parameter CatTOKEN.setSwapAndLiquifyEnabled(bool)._enabled (#756) is not in mixedCase
Parameter CatTOKEN.calculateFee(uint256,bool)._amount (#876) is not in mixedCase
Parameter CatTOKEN.enableTransfer(address)._addr (#1080) is not in mixedCase
Parameter CatTOKEN.excludeAddress(address)._addr (#1087) is not in mixedCase
Parameter CatTOKEN.excludeAddressRemove(address)._addr (#1094) is not in mixedCase
Parameter CatTOKEN.setBuyBackEnabled(bool)._enabled (#1111) is not in mixedCase
Parameter CatTOKEN.setBuyBackLimit(uint256)._buybackLimit (#1115) is not in mixedCase
Parameter CatTOKEN.setBuyBackDivisor(uint256)._buybackDivisor (#1118) is not in mixedCase
Parameter CatTOKEN.setnumTokensSellDivisor(uint256)._numTokensSellDivisor (#1121) is not in mixedCase
Parameter CatTOKEN.recoverWrongTokens(address,uint256)._tokenAddress (#1138) is not in mixedCase
Parameter CatTOKEN.recoverWrongTokens(address,uint256)._tokenAmount (#1138) is not in mixedCase
Variable CatTOKEN._gonsPerFragment (#662) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Reentrancy in CatTOKEN._transfer(address,address,uint256) (#808-840):
External calls:
- swapAndLiquify(numTokensSell) (#833)
- recipient.transfer(amount) (#926)
- marketingAddress.transfer(address(this).balance) (#916)
External calls sending eth:
- swapAndLiquify(numTokensSell) (#833)
- recipient.transfer(amount) (#926)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- marketingAddress.transfer(address(this).balance) (#916)
State variables written after the call(s):
- _tokenTransfer(from,to,value,saleFlag) (#837)
- _gonBalances[sender] = _gonBalances[sender].sub(gonValue) (#863)
- _gonBalances[address(this)] = _gonBalances[address(this)].add(rFee) (#887)
- _gonBalances[recipient] = _gonBalances[recipient].add(gonValue) (#864)
- _gonBalances[sender] = _gonBalances[sender].sub(gonDeduct) (#855)
- _gonBalances[recipient] = _gonBalances[recipient].add(gonValue) (#856)
Event emitted after the call(s):
- Transfer(sender,recipient,amount) (#865)
- _tokenTransfer(from,to,value,saleFlag) (#837)
- Transfer(sender,recipient,amount) (#858)
- _tokenTransfer(from,to,value,saleFlag) (#837)
Reentrancy in CatTOKEN.swapAndLiquify(uint256) (#891-920):
External calls:
- transferToAddressETH(marketingAddress,sharedETH) (#914)
- recipient.transfer(amount) (#926)
- marketingAddress.transfer(address(this).balance) (#916)
External calls sending eth:
- addLiquidity(onequarter,sharedETH) (#911)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- transferToAddressETH(marketingAddress,sharedETH) (#914)
- recipient.transfer(amount) (#926)
- marketingAddress.transfer(address(this).balance) (#916)
Event emitted after the call(s):
- SwapAndLiquify(threequarters,sharedETH,onequarter) (#918)
Reentrancy in CatTOKEN.transferFrom(address,address,uint256) (#791-799):
External calls:
- _transfer(sender,recipient,amount) (#796)
- recipient.transfer(amount) (#926)
- marketingAddress.transfer(address(this).balance) (#916)
External calls sending eth:
- _transfer(sender,recipient,amount) (#796)
- recipient.transfer(amount) (#926)
- uniswapV2Router.addLiquidityETH.value(ethAmount)(address(this),tokenAmount,0,0,address(this),block.timestamp.add(300)) (#972-979)
- marketingAddress.transfer(address(this).balance) (#916)
State variables written after the call(s):
- _approve(sender,msg.sender,_allowedFragments[sender][msg.sender].sub(amount)) (#797)
- _allowedFragments[owner][spender] = value (#1005)
Event emitted after the call(s):
- Approval(owner,spender,value) (#1006)
- _approve(sender,msg.sender,_allowedFragments[sender][msg.sender].sub(amount)) (#797)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router02.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#145) is too similar to IUniswapV2Router02.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#146)
Variable CatTOKEN.setMaster(address,address)._marketingAddress (#710) is too similar to CatTOKEN.marketingAddress2 (#632)
Variable CatTOKEN.setMaster2(address,address)._marketingAddress (#723) is too similar to CatTOKEN.marketingAddress2 (#632)
Variable CatTOKEN.constructor(address,address)._marketingAddress (#669) is too similar to CatTOKEN.marketingAddress2 (#632)
Prevent variables from having similar names.
Additional information: link
CatTOKEN.slitherConstructorVariables() (#569-1148) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#630)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
SafeMathInt.MAX_INT256 (#440) is never used in SafeMathInt (#438-510)
Ownable._previousOwner (#280) is never used in CatTOKEN (#569-1148)
CatTOKEN.privateSaleDropCompleted (#640) is never used in CatTOKEN (#569-1148)
CatTOKEN.MAX_SUPPLY (#654) is never used in CatTOKEN (#569-1148)
Remove unused state variables.
Additional information: link
CatTOKEN.deadAddress (#630) should be constant
CatTOKEN.privateSaleDropCompleted (#640) should be constant
CatTOKEN.transactionTax (#619) should be constant
CatTOKEN.transactionTaxBuy (#620) should be constant
Ownable._lockTime (#281) should be constant
Ownable._previousOwner (#280) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#327-330)
getUnlockTime() should be declared external:
- Ownable.getUnlockTime() (#332-334)
lock() should be declared external:
- Ownable.lock() (#338-343)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#351-353)
name() should be declared external:
- ERC20Detailed.name() (#533-535)
symbol() should be declared external:
- ERC20Detailed.symbol() (#541-543)
decimals() should be declared external:
- ERC20Detailed.decimals() (#557-559)
setSwapAndLiquifyEnabled(bool) should be declared external:
- CatTOKEN.setSwapAndLiquifyEnabled(bool) (#756-759)
increaseAllowance(address,uint256) should be declared external:
- CatTOKEN.increaseAllowance(address,uint256) (#991-998)
approve(address,uint256) should be declared external:
- CatTOKEN.approve(address,uint256) (#1021-1028)
allowance(address,address) should be declared external:
- CatTOKEN.allowance(address,address) (#1037-1043)
setBuyBackEnabled(bool) should be declared external:
- CatTOKEN.setBuyBackEnabled(bool) (#1111-1113)
setBuyBackLimit(uint256) should be declared external:
- CatTOKEN.setBuyBackLimit(uint256) (#1115-1116)
setBuyBackDivisor(uint256) should be declared external:
- CatTOKEN.setBuyBackDivisor(uint256) (#1118-1119)
setnumTokensSellDivisor(uint256) should be declared external:
- CatTOKEN.setnumTokensSellDivisor(uint256) (#1121-1122)
batchTransferTokenB(address[],uint256) should be declared external:
- CatTOKEN.batchTransferTokenB(address[],uint256) (#1129-1133)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts