WAI [Wanaka Wai] Token

Unable to verify that contract auditor is trusted: Certik, Quantstamp, Hacken, Solidity, Paladinsec, Openzeppelin, Verichains

Contract ownership is not renounced (belongs to a wallet)

PermissionRight.removeAdminUser(address) (contracts/commons/PermissionRight.sol#68-71) ignores return value by adminGroup.remove(user) (contracts/commons/PermissionRight.sol#69)
PermissionRight.removeOperatorUser(address) (contracts/commons/PermissionRight.sol#79-82) ignores return value by operatorGroup.remove(user) (contracts/commons/PermissionRight.sol#80)
PermissionRight._addOperatorUser(address) (contracts/commons/PermissionRight.sol#84-87) ignores return value by operatorGroup.add(candidate) (contracts/commons/PermissionRight.sol#85)
PermissionRight._addAdminUser(address) (contracts/commons/PermissionRight.sol#89-92) ignores return value by adminGroup.add(candidate) (contracts/commons/PermissionRight.sol#90)
Ensure that all the return values of the function calls are used.

Additional information: link

WaiToken.constructor(address,string,string)._owner (contracts/WaiToken.sol#13) shadows:
- Ownable._owner (@openzeppelin/contracts/access/Ownable.sol#20) (state variable)
Rename the local variables that shadow another component.

Additional information: link

Reentrancy in Withdrawable.withdrawToken(IERC20,uint256,address) (contracts/commons/Withdrawable.sol#26-30):
External calls:
- token.safeTransfer(to,amount) (contracts/commons/Withdrawable.sol#28)
Event emitted after the call(s):
- TokenWithdrawn(address(token),amount,to) (contracts/commons/Withdrawable.sol#29)
Apply the check-effects-interactions pattern.

Additional information: link

Address.isContract(address) (@openzeppelin/contracts/utils/Address.sol#26-36) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#32-34)
Address._verifyCallResult(bool,bytes,string) (@openzeppelin/contracts/utils/Address.sol#189-209) uses assembly
- INLINE ASM (@openzeppelin/contracts/utils/Address.sol#201-204)
Do not use evm assembly.

Additional information: link

Different versions of Solidity is used:
- Version used: ['0.8.0', '^0.8.0']
- ^0.8.0 (@openzeppelin/contracts/access/Ownable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/ERC20.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol#3)
- ^0.8.0 (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/Address.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/Context.sol#3)
- ^0.8.0 (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#3)
- 0.8.0 (contracts/WaiToken.sol#2)
- ^0.8.0 (contracts/commons/PermissionRight.sol#3)
- 0.8.0 (contracts/commons/Withdrawable.sol#3)
Use one Solidity version.

Additional information: link

Address.functionCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#79-81) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (@openzeppelin/contracts/utils/Address.sol#108-114) is never used and should be removed
Address.functionDelegateCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#168-170) is never used and should be removed
Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#178-187) is never used and should be removed
Address.functionStaticCall(address,bytes) (@openzeppelin/contracts/utils/Address.sol#141-143) is never used and should be removed
Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#151-160) is never used and should be removed
Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#54-59) is never used and should be removed
Context._msgData() (@openzeppelin/contracts/utils/Context.sol#20-22) is never used and should be removed
EnumerableSet.add(EnumerableSet.Bytes32Set,bytes32) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#145-147) is never used and should be removed
EnumerableSet.add(EnumerableSet.UintSet,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#253-255) is never used and should be removed
EnumerableSet.at(EnumerableSet.Bytes32Set,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#183-185) is never used and should be removed
EnumerableSet.at(EnumerableSet.UintSet,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#291-293) is never used and should be removed
EnumerableSet.contains(EnumerableSet.Bytes32Set,bytes32) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#162-164) is never used and should be removed
EnumerableSet.contains(EnumerableSet.UintSet,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#270-272) is never used and should be removed
EnumerableSet.length(EnumerableSet.Bytes32Set) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#169-171) is never used and should be removed
EnumerableSet.length(EnumerableSet.UintSet) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#277-279) is never used and should be removed
EnumerableSet.remove(EnumerableSet.Bytes32Set,bytes32) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#155-157) is never used and should be removed
EnumerableSet.remove(EnumerableSet.UintSet,uint256) (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#263-265) is never used and should be removed
PermissionRight.inAdminGroup() (contracts/commons/PermissionRight.sol#36-38) is never used and should be removed
PermissionRight.inOperatorGroup() (contracts/commons/PermissionRight.sol#40-42) is never used and should be removed
PermissionRight.inOperatorGroup(address) (contracts/commons/PermissionRight.sol#44-46) is never used and should be removed
SafeERC20.safeApprove(IERC20,address,uint256) (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#44-57) is never used and should be removed
SafeERC20.safeDecreaseAllowance(IERC20,address,uint256) (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#68-79) is never used and should be removed
SafeERC20.safeIncreaseAllowance(IERC20,address,uint256) (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#59-66) is never used and should be removed
SafeERC20.safeTransferFrom(IERC20,address,address,uint256) (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#28-35) is never used and should be removed
Remove unused functions.

Additional information: link

Pragma version^0.8.0 (@openzeppelin/contracts/access/Ownable.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/ERC20.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/IERC20.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/Address.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/Context.sol#3) allows old versions
Pragma version^0.8.0 (@openzeppelin/contracts/utils/structs/EnumerableSet.sol#3) allows old versions
Pragma version0.8.0 (contracts/WaiToken.sol#2) allows old versions
Pragma version^0.8.0 (contracts/commons/PermissionRight.sol#3) allows old versions
Pragma version0.8.0 (contracts/commons/Withdrawable.sol#3) allows old versions
solc-0.8.0 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.

Additional information: link

Low level call in Address.sendValue(address,uint256) (@openzeppelin/contracts/utils/Address.sol#54-59):
- (success) = recipient.call{value: amount}() (@openzeppelin/contracts/utils/Address.sol#57)
Low level call in Address.functionCallWithValue(address,bytes,uint256,string) (@openzeppelin/contracts/utils/Address.sol#122-133):
- (success,returndata) = target.call{value: value}(data) (@openzeppelin/contracts/utils/Address.sol#131)
Low level call in Address.functionStaticCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#151-160):
- (success,returndata) = target.staticcall(data) (@openzeppelin/contracts/utils/Address.sol#158)
Low level call in Address.functionDelegateCall(address,bytes,string) (@openzeppelin/contracts/utils/Address.sol#178-187):
- (success,returndata) = target.delegatecall(data) (@openzeppelin/contracts/utils/Address.sol#185)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence

Additional information: link

Parameter Withdrawable.blacklistToken(address)._token (contracts/commons/Withdrawable.sol#19) is not in mixedCase
Follow the Solidity naming convention.

Additional information: link

renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (@openzeppelin/contracts/access/Ownable.sol#53-55)
name() should be declared external:
- ERC20.name() (@openzeppelin/contracts/token/ERC20/ERC20.sol#60-62)
symbol() should be declared external:
- ERC20.symbol() (@openzeppelin/contracts/token/ERC20/ERC20.sol#68-70)
decimals() should be declared external:
- ERC20.decimals() (@openzeppelin/contracts/token/ERC20/ERC20.sol#85-87)
totalSupply() should be declared external:
- ERC20.totalSupply() (@openzeppelin/contracts/token/ERC20/ERC20.sol#92-94)
balanceOf(address) should be declared external:
- ERC20.balanceOf(address) (@openzeppelin/contracts/token/ERC20/ERC20.sol#99-101)
transfer(address,uint256) should be declared external:
- ERC20.transfer(address,uint256) (@openzeppelin/contracts/token/ERC20/ERC20.sol#111-114)
approve(address,uint256) should be declared external:
- ERC20.approve(address,uint256) (@openzeppelin/contracts/token/ERC20/ERC20.sol#130-133)
transferFrom(address,address,uint256) should be declared external:
- ERC20.transferFrom(address,address,uint256) (@openzeppelin/contracts/token/ERC20/ERC20.sol#148-162)
increaseAllowance(address,uint256) should be declared external:
- ERC20.increaseAllowance(address,uint256) (@openzeppelin/contracts/token/ERC20/ERC20.sol#176-179)
decreaseAllowance(address,uint256) should be declared external:
- ERC20.decreaseAllowance(address,uint256) (@openzeppelin/contracts/token/ERC20/ERC20.sol#195-203)
burn(uint256) should be declared external:
- ERC20Burnable.burn(uint256) (@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol#19-21)
burnFrom(address,uint256) should be declared external:
- ERC20Burnable.burnFrom(address,uint256) (@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol#34-41)
blacklistToken(address) should be declared external:
- Withdrawable.blacklistToken(address) (contracts/commons/Withdrawable.sol#19-21)
Use the external attribute for functions never called from the contract.

Additional information: link

Token is deployed only at one blockchain

Unable to find KYC or doxxing proof

Token is not listed at Mobula.Finance

Additional information: link

Unable to find token on CoinHunt

Additional information: link

Young tokens have high risks of price dump / death

Young tokens have high risks of price dump / death

Token has relatively low CoinGecko rank

Token has relatively low CoinMarketCap rank