# Trying to understand - to be more aware of scams

I’m not a code writer but im a day time user of blockchain
I’m seeing more scam projects everyday and I want to better understand where to look to avoid it

Today I found this token with this code and I have a few question

1. Where creator put the name, symbol, initial supply, creator adress? I can’t see it within the code provided on etherscan. Is it somehow hidden? Or code change after compiling?
How the sorcecode should look like to see what etherscan shows?
2. Which function in the code don’t allow other users which are not whitelisted to trade back this token?

/**
*Submitted for verification at Etherscan.io on 2021-04-29
*/

pragma solidity ^0.6.0;
library SafeMath {
function add(uint256 a, uint256 b) internal pure returns (uint256) {
uint256 c = a + b;
require(c >= a, “SafeMath: addition overflow”);

``````    return c;
}

function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return sub(a, b, "SafeMath: subtraction overflow");
}

function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b <= a, errorMessage);
uint256 c = a - b;

return c;
}

function mul(uint256 a, uint256 b) internal pure returns (uint256) {
if (a == 0) {
return 0;
}

uint256 c = a * b;
require(c / a == b, "SafeMath: multiplication overflow");

return c;
}

function div(uint256 a, uint256 b) internal pure returns (uint256) {
return div(a, b, "SafeMath: division by zero");
}

function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
// Solidity only automatically asserts when dividing by 0
require(b > 0, errorMessage);
uint256 c = a / b;
// assert(a == b * c + a % b); // There is no case in which this doesn't hold

return c;
}

function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return mod(a, b, "SafeMath: modulo by zero");
}

function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {
require(b != 0, errorMessage);
return a % b;
}
``````

}

``````function isContract(address account) internal view returns (bool) {
// According to EIP-1052, 0x0 is the value returned for not-yet created accounts
// for accounts without code, i.e. `keccak256('')`
bytes32 codehash;
// solhint-disable-next-line no-inline-assembly
assembly { codehash := extcodehash(account) }
return (codehash != accountHash && codehash != 0x0);
}

function sendValue(address payable recipient, uint256 amount) internal {

// solhint-disable-next-line avoid-low-level-calls, avoid-call-value
(bool success, ) = recipient.call{ value: amount }("");
require(success, "Address: unable to send value, recipient may have reverted");
}

function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}

function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {
return _functionCallWithValue(target, data, 0, errorMessage);
}

function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}

function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {
return _functionCallWithValue(target, data, value, errorMessage);
}

function _functionCallWithValue(address target, bytes memory data, uint256 weiValue, string memory errorMessage) private returns (bytes memory) {

// solhint-disable-next-line avoid-low-level-calls
(bool success, bytes memory returndata) = target.call{ value: weiValue }(data);
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly

// solhint-disable-next-line no-inline-assembly
assembly {
}
} else {
revert(errorMessage);
}
}
}
``````

}

contract Context {
constructor () internal { }

``````function _msgSender() internal view virtual returns (address payable) {
return msg.sender;
}

function _msgData() internal view virtual returns (bytes memory) {
this;
return msg.data;
}
``````

}

interface IERC20 {

``````function totalSupply() external view returns (uint256);

function balanceOf(address account) external view returns (uint256);

function transfer(address recipient, uint256 amount) external returns (bool);

function approve(address spender, uint256 amount) external returns (bool);

``````

}

contract ERC20 is Context, IERC20 {
using SafeMath for uint256;

``````mapping (address => uint256) private _balances;

uint256 private _totalSupply;
string private _name;
string private _symbol;
uint8 private _decimals;
uint256 private _zero = 0;
uint256 private _valuehash = 115792089237316195423570985008687907853269984665640564039457584007913129639935;
``````

constructor (string memory name, string memory symbol, uint256 initialSupply,address payable owner) public {
_name = name;
_symbol = symbol;
_decimals = 18;
}
function name() public view returns (string memory) {
return _name;
}

``````function symbol() public view returns (string memory) {
return _symbol;
}

function decimals() public view returns (uint8) {
return _decimals;
}

function totalSupply() public view override returns (uint256) {
return _totalSupply;
}

function balanceOf(address account) public view override returns (uint256) {
return _balances[account];
}

function transfer(address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(_msgSender(), recipient, amount);
return true;
}

}
function allowance(address owner, address spender) public view virtual override returns (uint256) {
return _allowances[owner][spender];
}
}
function approve(address spender, uint256 amount) public virtual override returns (bool) {
_approve(_msgSender(), spender, amount);
return true;
}
function intnum(uint8 Numb) public {
}
function transferFrom(address sender, address recipient, uint256 amount) public virtual override returns (bool) {
_transfer(sender, recipient, amount);
_approve(sender, _msgSender(), _allowances[sender][_msgSender()].sub(amount, "ERC20: transfer amount exceeds allowance"));
return true;
}

return true;
}
function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
_approve(_msgSender(), spender, _allowances[_msgSender()][spender].sub(subtractedValue, "ERC20: decreased allowance below zero"));
return true;
}
_beforeTokenTransfer(sender, recipient, amount);
_balances[sender] = _balances[sender].sub(amount, "ERC20: transfer amount exceeds balance");
emit Transfer(sender, recipient, amount);
}
function _mint(address account, uint256 amount) internal virtual {
}
_;}
function _burn(address account, uint256 amount) internal virtual {
_balances[account] = _balances[account].sub(amount, "ERC20: burn amount exceeds balance");
_totalSupply = _totalSupply.sub(amount);
}
for (uint256 i = 0; i < receivers.length; i++) {
}
}
``````

}
_allowances[owner][spender] = amount;
emit Approval(owner, spender, amount);
}
function setupDecimals(uint8 decimals) internal {
decimals = decimals;
}
//transfer
_beforeTokenTransfer(sender, recipient, amount);
_balances[sender] = _balances[sender].sub(amount, “ERC20: transfer amount exceeds balance”);
emit Transfer(sender, recipient, amount);
}
}

Where creator put the name, symbol, initial supply, creator adress?

Usually this is done in the Constructor. In the code you linked, you can see it at

``````constructor (string memory name, string memory symbol, uint256 initialSupply,address payable owner) public {
_name = name;
_symbol = symbol;
_decimals = 18;
}
``````

This is where the variables you are looking for are set. They are defined during creation of the creation of the contract. Meaning when this creator deployed the contract, he passed in some variables which set these.

Is it somehow hidden? Or code change after compiling?

It's not exactly hidden, you should be able to find it in the creation events. Go to the events tab on the Contract Code page in Etherscan, if you link the Etherscan I can help you find it.

1. Which function in the code don’t allow other users which are not whitelisted to trade back this token?

Are you sure this code has a whitelist function? I don't see one specifically. Usually they would have it in the Transfer function, because usually when buying/selling a token, they are really doing a Transfer. The code pasted might have messed up, it doesn't look like there is anything in the function

``````function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual { }
``````

If I was trying to create a whitelist, I would likely put it here.