# Findings ## **Issue 0**1 | **Type** | **Severity** | **Location** | **Status** | | ------------- | --------------------------------------------- | ------------ | ---------------------------------------------- | | Best Practice | **Medium** | `contract` | **Resolved** | **Description** Proxy contracts are very vulnerable and may easily cause high severity logical and security issues by misusing them. **Recommendation** Make sure you are familiar with the potential risks of using proxy contracts and have handled them properly. ## **Issue 02** | **Type** | **Severity** | **Location** | **Status** | | ------------------ | ---------------------------------------- | ------------ | ---------------------------------------------- | | Owner Capabilities | **High** | `contract` | **Resolved** | **Description** The contract is upgradeable which means the owner is able to change critical logic and behavior after the contract is deployed. ## Issue 03 | Type | Severity | Location | Status | | ---------------- | ------------------------------------------ | ------------------ | ---------------------------------------------- | | Gas Optimization | **Low** | `swapTokensForEth` | **Resolved** | **Description** `approve` is being called on every transaction which automatically contributes liquidity to the pool, on the same tokens and for the same spender (the router). **Recommendation** In order to reduce gas costs, `approve` could be called once (with max int). ## Issue 04 | Type | Severity | Location | Status | | ------------- | ---------------------------------------- | -------------------------------- | ---------------------------------------------- | | Best Practice | **High** | `addLiquidity, swapTokensForEth` | **Resolved** | **Description** `_transfer` may internally call to `swapExactTokensForETHSupportingFeeOnTransferTokens` and `addLiquidityETH`. Both of which may cause `_transfer` to fail unnecessarily. **Recommendation** `_transfer` should always work, and shouldn't fail if `swapExactTokensForETHSupportingFeeOnTransferTokens` or any other router-related functions fail, in order to make sure the **token will always be tradable.** Use try-catch when calling external functions in critical path flows. Although it's a best practice to handle errors in a graceful manner, the likelihood of these functions failing constantly is low. ## Issue 05 | Type | Severity | Location | Status | | ------------- | ------------------------------------------ | ------------------ | ---------------------------------------------- | | Logical Issue | **Low** | `_transferWithFee` | **Resolved** | **Description** The code does not emit events when transferring fees. This can cause blockchain explorers and DApps to inaccurately parse transfers and transactions. **Recommendation** Add Transfer event when taking fees. ## Issue 06
TypeSeverityLocationStatus
Owner CapabilitiesHighsetLiquidityFee, setMarketingFee, setStakingFeeResolved
**Description** There is no upper limit to the setFees functions. If the owner sets them to 100% the token will be untradeable. **Recommendation** Consider adding an upper limit to the set functions. Furthermore, consider emitting events when changing the state of the contract, such as setting fees. ## Issue 07
TypeSeverityLocationStatus
Owner CapabilitiesHighpauseResolved
**Description** The owner can pause the token and all transfer/allowance functions at any time. **Recommendation** Remove this function if not needed.