Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
ZillaKing.addLiquidity(uint256,uint256) (#572-585) sends eth to arbitrary user
Dangerous calls:
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in ZillaKing._transfer(address,address,uint256) (#468-515):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#506)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
- swapAndLiquify(swapTokensAtAmount,taxes) (#507)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#506)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- swapAndLiquify(swapTokensAtAmount,taxes) (#507)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#514)
- _rOwned[address(this)] += rLiquidity (#369)
- _rOwned[address(this)] += rDonation (#389)
- _rOwned[address(this)] += rMarketing (#379)
- _rOwned[sender] = _rOwned[sender] - s.rAmount (#530)
- _rOwned[recipient] = _rOwned[recipient] + s.rTransferAmount (#531)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#514)
- _rTotal -= rRfi (#358)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#514)
- _tOwned[address(this)] += tDonation (#387)
- _tOwned[address(this)] += tMarketing (#377)
- _tOwned[address(this)] += tLiquidity (#367)
- _tOwned[sender] = _tOwned[sender] - tAmount (#524)
- _tOwned[recipient] = _tOwned[recipient] + s.tTransferAmount (#527)
Apply the check-effects-interactions pattern.
Additional information: link
ZillaKing.rescueAnyBEP20Tokens(address,address,uint256) (#676-678) ignores return value by IERC20(_tokenAddr).transfer(_to,_amount) (#677)
Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 2: Unchecked transfer + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
Combination 3: Reentrancy vulnerabilities + Unchecked transfer vulnerability. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
ZillaKing.addLiquidity(uint256,uint256) (#572-585) ignores return value by router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
Ensure that all the return values of the function calls are used.
Additional information: link
ZillaKing.allowance(address,address).owner (#248) shadows:
- Ownable.owner() (#49-51) (function)
ZillaKing._approve(address,address,uint256).owner (#461) shadows:
- Ownable.owner() (#49-51) (function)
Rename the local variables that shadow another component.
Additional information: link
ZillaKing.swapAndLiquify(uint256,ZillaKing.Taxes) (#544-570) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#554)
-bnbToAddLiquidityWith = unitBalance * temp.liquidity (#555)
ZillaKing.swapAndLiquify(uint256,ZillaKing.Taxes) (#544-570) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#554)
-marketingAmt = unitBalance * 2 * temp.marketing (#562)
ZillaKing.swapAndLiquify(uint256,ZillaKing.Taxes) (#544-570) performs a multiplication on the result of a division:
-unitBalance = deltaBalance / (denominator - temp.liquidity) (#554)
-donationAmt = unitBalance * 2 * temp.donation (#566)
Consider ordering multiplication before division.
Additional information: link
ZillaKing.updateCooldown(bool,uint256) (#627-630) should emit an event for:
- coolDownTime = time * 1 (#628)
ZillaKing.updateSwapTokensAtAmount(uint256) (#632-634) should emit an event for:
- swapTokensAtAmount = amount * 10 ** _decimals (#633)
ZillaKing.updateMaxTxLimit(uint256,uint256) (#655-658) should emit an event for:
- maxBuyLimit = maxBuy * 10 ** decimals() (#656)
- maxSellLimit = maxSell * 10 ** decimals() (#657)
ZillaKing.updateMaxWalletlimit(uint256) (#660-662) should emit an event for:
- maxWalletLimit = amount * 10 ** decimals() (#661)
Emit an event for critical parameter changes.
Additional information: link
ZillaKing.constructor(address)._pair (#204-205) lacks a zero-check on :
- pair = _pair (#208)
ZillaKing.updateMarketingWallet(address).newWallet (#618) lacks a zero-check on :
- marketingWallet = newWallet (#619)
ZillaKing.updateDonationWallet(address).newWallet (#622) lacks a zero-check on :
- donationWallet = newWallet (#623)
ZillaKing.updateRouterAndPair(address,address).newPair (#664) lacks a zero-check on :
- pair = newPair (#666)
Check that the address is not zero.
Additional information: link
Reentrancy in ZillaKing._transfer(address,address,uint256) (#468-515):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#506)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
- swapAndLiquify(swapTokensAtAmount,taxes) (#507)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#506)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- swapAndLiquify(swapTokensAtAmount,taxes) (#507)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
State variables written after the call(s):
- _tokenTransfer(from,to,amount,takeFee,isSell) (#514)
- totFeesPaid.liquidity += tLiquidity (#363)
- totFeesPaid.marketing += tMarketing (#373)
- totFeesPaid.donation += tDonation (#383)
- totFeesPaid.rfi += tRfi (#359)
Reentrancy in ZillaKing.constructor(address) (#202-225):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#204-205)
State variables written after the call(s):
- excludeFromReward(pair) (#210)
- _excluded.push(account) (#319)
- excludeFromReward(pair) (#210)
- _isExcluded[account] = true (#318)
- _isExcludedFromFee[address(this)] = true (#213)
- _isExcludedFromFee[owner()] = true (#214)
- _isExcludedFromFee[marketingWallet] = true (#215)
- _isExcludedFromFee[donationWallet] = true (#216)
- _rOwned[owner()] = _rTotal (#212)
- excludeFromReward(pair) (#210)
- _tOwned[account] = tokenFromReflection(_rOwned[account]) (#316)
- allowedTransfer[address(this)] = true (#218)
- allowedTransfer[owner()] = true (#219)
- allowedTransfer[pair] = true (#220)
- allowedTransfer[marketingWallet] = true (#221)
- allowedTransfer[donationWallet] = true (#222)
- pair = _pair (#208)
- router = _router (#207)
Reentrancy in ZillaKing.swapAndLiquify(uint256,ZillaKing.Taxes) (#544-570):
External calls:
- swapTokensForBNB(toSwap) (#551)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#559)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#559)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
State variables written after the call(s):
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#559)
- _allowances[owner][spender] = amount (#464)
Reentrancy in ZillaKing.transferFrom(address,address,uint256) (#257-265):
External calls:
- _transfer(sender,recipient,amount) (#258)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
External calls sending eth:
- _transfer(sender,recipient,amount) (#258)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
State variables written after the call(s):
- _approve(sender,_msgSender(),currentAllowance - amount) (#262)
- _allowances[owner][spender] = amount (#464)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in ZillaKing._transfer(address,address,uint256) (#468-515):
External calls:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#506)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
- swapAndLiquify(swapTokensAtAmount,taxes) (#507)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
External calls sending eth:
- swapAndLiquify(swapTokensAtAmount,sellTaxes) (#506)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- swapAndLiquify(swapTokensAtAmount,taxes) (#507)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
Event emitted after the call(s):
- Transfer(sender,address(this),s.tLiquidity + s.tMarketing + s.tDonation) (#536)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#514)
- Transfer(sender,recipient,s.tTransferAmount) (#540)
- _tokenTransfer(from,to,amount,takeFee,isSell) (#514)
Reentrancy in ZillaKing.constructor(address) (#202-225):
External calls:
- _pair = IFactory(_router.factory()).createPair(address(this),_router.WETH()) (#204-205)
Event emitted after the call(s):
- Transfer(address(0),owner(),_tTotal) (#224)
Reentrancy in ZillaKing.swapAndLiquify(uint256,ZillaKing.Taxes) (#544-570):
External calls:
- swapTokensForBNB(toSwap) (#551)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#559)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
External calls sending eth:
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#559)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#465)
- addLiquidity(tokensToAddLiquidityWith,bnbToAddLiquidityWith) (#559)
Reentrancy in ZillaKing.transferFrom(address,address,uint256) (#257-265):
External calls:
- _transfer(sender,recipient,amount) (#258)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
- router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#596-602)
- address(marketingWallet).sendValue(marketingAmt) (#564)
- address(donationWallet).sendValue(donationAmt) (#568)
External calls sending eth:
- _transfer(sender,recipient,amount) (#258)
- router.addLiquidityETH{value: bnbAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#577-584)
- (success) = recipient.call{value: amount}() (#102)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#465)
- _approve(sender,_msgSender(),currentAllowance - amount) (#262)
Apply the check-effects-interactions pattern.
Additional information: link
ZillaKing._transfer(address,address,uint256) (#468-515) uses timestamp for comparisons
Dangerous comparisons:
- require(bool,string)(timePassed >= coolDownTime,Cooldown enabled) (#495)
Avoid relying on block.timestamp.
Additional information: link
ZillaKing.setLiquidityPool(bool) (#301-305) compares to a boolean constant:
-state == true && genesis_block == 0 (#304)
Remove the equality to the boolean constant.
Additional information: link
ZillaKing.includeInReward(address) (#322-333) has costly operations inside a loop:
- _excluded.pop() (#329)
ZillaKing._reflectRfi(uint256,uint256) (#357-360) has costly operations inside a loop:
- _rTotal -= rRfi (#358)
Use a local variable to hold the loop computation result.
Additional information: link
Context._msgData() (#34-37) is never used and should be removed
Remove unused functions.
Additional information: link
ZillaKing._tTotal (#144) is set pre-construction with a non-constant function or state variable:
- initialsupply * 10 ** _decimals
ZillaKing._rTotal (#145) is set pre-construction with a non-constant function or state variable:
- (MAX - (MAX % _tTotal))
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Pragma version^0.8.8 (#5) is known to contain severe issues (https://solidity.readthedocs.io/en/latest/bugs.html)
solc-0.8.11 is not recommended for deployment
Deploy with any of the following Solidity versions: 0.5.16 - 0.5.17, 0.6.11 - 0.6.12, 0.7.5 - 0.7.6 Use a simple pragma version that allows any of these versions. Consider using the latest version of Solidity for testing.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#99-104):
- (success) = recipient.call{value: amount}() (#102)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IRouter.WETH() (#80) is not in mixedCase
Struct ZillaKing.valuesFromGetValues (#179-191) is not in CapWords
Parameter ZillaKing.setTaxes(uint256,uint256,uint256,uint256)._rfi (#347) is not in mixedCase
Parameter ZillaKing.setTaxes(uint256,uint256,uint256,uint256)._marketing (#347) is not in mixedCase
Parameter ZillaKing.setTaxes(uint256,uint256,uint256,uint256)._liquidity (#347) is not in mixedCase
Parameter ZillaKing.setTaxes(uint256,uint256,uint256,uint256)._donation (#347) is not in mixedCase
Parameter ZillaKing.setSellTaxes(uint256,uint256,uint256,uint256)._rfi (#352) is not in mixedCase
Parameter ZillaKing.setSellTaxes(uint256,uint256,uint256,uint256)._marketing (#352) is not in mixedCase
Parameter ZillaKing.setSellTaxes(uint256,uint256,uint256,uint256)._liquidity (#352) is not in mixedCase
Parameter ZillaKing.setSellTaxes(uint256,uint256,uint256,uint256)._donation (#352) is not in mixedCase
Parameter ZillaKing.updateSwapEnabled(bool)._enabled (#636) is not in mixedCase
Parameter ZillaKing.rescueAnyBEP20Tokens(address,address,uint256)._tokenAddr (#676) is not in mixedCase
Parameter ZillaKing.rescueAnyBEP20Tokens(address,address,uint256)._to (#676) is not in mixedCase
Parameter ZillaKing.rescueAnyBEP20Tokens(address,address,uint256)._amount (#676) is not in mixedCase
Constant ZillaKing._decimals (#140) is not in UPPER_CASE_WITH_UNDERSCORES
Variable ZillaKing.genesis_block (#152) is not in mixedCase
Constant ZillaKing._name (#157) is not in UPPER_CASE_WITH_UNDERSCORES
Constant ZillaKing._symbol (#158) is not in UPPER_CASE_WITH_UNDERSCORES
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#35)" inContext (#29-38)
Remove redundant statements if they congest code but offer no value.
Additional information: link
ZillaKing.initialsupply (#143) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
renounceOwnership() should be declared external:
- Ownable.renounceOwnership() (#58-60)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#62-65)
name() should be declared external:
- ZillaKing.name() (#228-230)
symbol() should be declared external:
- ZillaKing.symbol() (#231-233)
totalSupply() should be declared external:
- ZillaKing.totalSupply() (#239-241)
allowance(address,address) should be declared external:
- ZillaKing.allowance(address,address) (#248-250)
approve(address,uint256) should be declared external:
- ZillaKing.approve(address,uint256) (#252-255)
transferFrom(address,address,uint256) should be declared external:
- ZillaKing.transferFrom(address,address,uint256) (#257-265)
increaseAllowance(address,uint256) should be declared external:
- ZillaKing.increaseAllowance(address,uint256) (#267-270)
decreaseAllowance(address,uint256) should be declared external:
- ZillaKing.decreaseAllowance(address,uint256) (#272-278)
transfer(address,uint256) should be declared external:
- ZillaKing.transfer(address,uint256) (#280-284)
isExcludedFromReward(address) should be declared external:
- ZillaKing.isExcludedFromReward(address) (#286-288)
reflectionFromToken(uint256,bool) should be declared external:
- ZillaKing.reflectionFromToken(uint256,bool) (#290-299)
excludeFromFee(address) should be declared external:
- ZillaKing.excludeFromFee(address) (#335-337)
includeInFee(address) should be declared external:
- ZillaKing.includeInFee(address) (#339-341)
isExcludedFromFee(address) should be declared external:
- ZillaKing.isExcludedFromFee(address) (#343-345)
setTaxes(uint256,uint256,uint256,uint256) should be declared external:
- ZillaKing.setTaxes(uint256,uint256,uint256,uint256) (#347-350)
setSellTaxes(uint256,uint256,uint256,uint256) should be declared external:
- ZillaKing.setSellTaxes(uint256,uint256,uint256,uint256) (#352-355)
rescueAnyBEP20Tokens(address,address,uint256) should be declared external:
- ZillaKing.rescueAnyBEP20Tokens(address,address,uint256) (#676-678)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Telegram and Twitter accounts