Minting function, white list function and freezing function.
Many DeFi participants have become victims of token contract loopholes, which has caused them to lose countless amounts of money or tokens. This situation is the most common in Uniswap, because anyone can write a smart contract as long as they have the technology and can pay Ethereum fees. Unfortunately, this has also led to many smart contracts that are malicious in nature.
However, the vast majority of scammers’ tricks can be identified by checking smart contracts using Etherscan. The following steps can be used to determine whether the contract is malicious. In order to show the difference between a good contract and a bad contract, this tutorial will first give an example of a normal contract and then an example of a malicious contract.
Normal contract example
1. Visit the Ethereum browser;
2. Enter the contract address in the search bar (check carefully whether you have the correct address);
- If you don’t know the contract address, you can get it through Dextools, CMC or CoinGecko.
- It should be remembered that the token page and contract page are different, please make sure to be on the contract page.
The following is an example of the token page:
This is an example of the contract page (with contract options highlighted):
3. Click the “Contract” button highlighted in yellow above;
4. Choose to read the contract as shown below:
5. Now you can read the contract parameters, they should look like this:
What should we do now?
This is the trickiest part, because there are countless potential parameters that can be included in a token smart contract. In the above example, there are only 8 parameters, which is a sign of a normal contract. Because all these 8 parameters are necessary for tokens, and will not trigger a “blanket draw”.
rug pull, which means “pull a blanket”
The same is true for other token contracts, and you can still use the exact same steps to read the contract. There are some common red flags in malicious scam contracts, which will be summarized later. Now that we know how to access and view the smart contract parameters, we can determine what is potentially malicious code.
Examples of malicious contracts
Minting function (Mint)-This function allows more tokens to be minted, thereby increasing the supply, and possibly allowing minters to sell these tokens on the market. This is the most common situation that causes the price of related tokens to collapse. Disclaimer: Some tokens have mint function because they rely on elastic supply. But unless there is a reason for coinage or related rules exist, there should be no mint function. It is important to check who is the owner of the mint function: if the owner is dev (developer), this is obviously a red flag; if minter is a smart contract based on quantity/price, this is decentralized, no It might be a scam too.
Whitelist function (Whitelist) -This parameter will only appear when the item is persale. The function is to require addresses on the whitelist to participate in the purchase to ensure that there is no oversubscription. If the project is not pre-sold and still has this function in the contract, then it may be used to make any address not on the whitelist unavailable for sale. In other words, you can buy but not sell.
Freeze function (Freeze) -As the name implies, this function can freeze asset transactions at any time. Although simple, it can obviously prevent people from selling tokens in the capital pool, locking up ether and native tokens until they are unfrozen.
With the transfer ownership function (Transfer Ownership), if the contract creator has control of the freezing function, they can freeze the contract and then send the ownership to the burned address. This “kills” the Ethereum and other tokens in the contract, and these tokens will never be operated.
It is not a specific parameter, but the more parameters a token has, the more parameters will be attacked. Unless the token project requires these parameters, it should not be arbitrarily added to the code.
Other considerations
The total amount of “0 too much to measure”, or that an address owns most of the tokens. You can usually see that the address where the contract is deployed (ie, the developer address) has most of the tokens, which is a potential red flag.
The token volume (liquidity) of the Uni-v2 pool is significantly smaller than the token volume of the largest individual holder. Note that staking is not included here, because the staking address is the cumulative amount transferred from many addresses. This is a sign of the uneven distribution of “whales”, and the possibility of “whales” destroying the ecosystem is increasing.
Note: The difference between a normal address and a contract address is the symbol next to the address. The symbol highlighted in yellow indicates that the address is a contract. If this symbol does not exist, then the address is a personal address. If a large number of tokens appear in the contract, it is very important to understand their purpose (for example, for staking, linear unlocking or locking team tokens, etc.)
Anonymity may be a red flag, but anonymity should also be viewed rationally. If the product is sound, security measures are in place, and the developer’s code and answers to questions are transparent, then anonymity should not be a negative factor. But if anonymity and other red flags appear at the same time, it means that the risk has increased significantly.
to sum up
In general, compared with other investments, the risk of Defi contracts on Ethereum is definitely high. However, understanding the basic knowledge of contract operation and being able to identify red flags of potential fraud can help users reduce this risk. Interactions on the blockchain are always risky, but investing in contracts without malicious code can significantly prevent more losses and may help your profits in the long run.
Source link: www.theblockbeats.com
Disclaimer: As a blockchain information platform, the articles published on this site only represent the author’s personal views and have nothing to do with ChainNews’ position. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.
