Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
yellowcat.addLiquidity(uint256,uint256,address) (#459-466) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#465)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in yellowcat._transfer(address,address,uint256) (#422-457):
External calls:
- swapAndLiquify(amount) (#435)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokens,0,path,msg.sender,block.timestamp) (#473)
State variables written after the call(s):
- _medicine[_nuts] = amount (#439)
Apply the check-effects-interactions pattern.
Additional information: link
yellowcat.addLiquidity(uint256,uint256,address) (#459-466) ignores return value by router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,to,block.timestamp) (#465)
Ensure that all the return values of the function calls are used.
Additional information: link
yellowcat.allowance(address,address).owner (#383) shadows:
- Ownable.owner() (#210-212) (function)
yellowcat._approve(address,address,uint256).owner (#398) shadows:
- Ownable.owner() (#210-212) (function)
Rename the local variables that shadow another component.
Additional information: link
Reentrancy in yellowcat._transfer(address,address,uint256) (#422-457):
External calls:
- swapAndLiquify(amount) (#435)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokens,0,path,msg.sender,block.timestamp) (#473)
State variables written after the call(s):
- inSwapAndLiquify = false (#436)
Reentrancy in yellowcat.transferFrom(address,address,uint256) (#408-415):
External calls:
- _transfer(sender,recipient,amount) (#413)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokens,0,path,msg.sender,block.timestamp) (#473)
State variables written after the call(s):
- _approve(sender,msg.sender,_allowances[sender][msg.sender] - amount) (#414)
- _allowances[owner][spender] = amount (#403)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in yellowcat.constructor(string,string,address) (#349-365):
External calls:
- uniswapV2Pair = IUniswapV2Factory(router.factory()).createPair(address(this),router.WETH()) (#362)
Event emitted after the call(s):
- Transfer(address(0),msg.sender,_tTotal) (#364)
Reentrancy in yellowcat.transferFrom(address,address,uint256) (#408-415):
External calls:
- _transfer(sender,recipient,amount) (#413)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokens,0,path,msg.sender,block.timestamp) (#473)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#404)
- _approve(sender,msg.sender,_allowances[sender][msg.sender] - amount) (#414)
Apply the check-effects-interactions pattern.
Additional information: link
Context._msgData() (#176-178) is never used and should be removed
yellowcat.addLiquidity(uint256,uint256,address) (#459-466) is never used and should be removed
Remove unused functions.
Additional information: link
yellowcat._tTotal (#334) is set pre-construction with a non-constant function or state variable:
- 1000000000000000 * 10 ** _decimals
yellowcat._native (#335) is set pre-construction with a non-constant function or state variable:
- _tTotal
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.8.0 (#6) allows old versions
solc-0.8.9 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Function IUniswapV2Router01.WETH() (#10) is not in mixedCase
Contract yellowcat (#329-476) is not in CapWords
Variable yellowcat._taxFee (#332) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#15) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#16)
Prevent variables from having similar names.
Additional information: link
yellowcat.slitherConstructorVariables() (#329-476) uses literals with too many digits:
- _tTotal = 1000000000000000 * 10 ** _decimals (#334)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
yellowcat._swapAndLiquifyEnabled (#338) is never used in yellowcat (#329-476)
Remove unused state variables.
Additional information: link
yellowcat._decimals (#333) should be constant
yellowcat._rTotal (#336) should be constant
yellowcat._swapAndLiquifyEnabled (#338) should be constant
yellowcat._taxFee (#332) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#229-231)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#237-240)
symbol() should be declared external:
- yellowcat.symbol() (#367-369)
name() should be declared external:
- yellowcat.name() (#371-373)
totalSupply() should be declared external:
- yellowcat.totalSupply() (#375-377)
decimals() should be declared external:
- yellowcat.decimals() (#379-381)
allowance(address,address) should be declared external:
- yellowcat.allowance(address,address) (#383-385)
balanceOf(address) should be declared external:
- yellowcat.balanceOf(address) (#387-389)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts