Identifying crypto scams through Static Analysis - Part 2

in #scam8 days ago

Blacklisting & Transfer amount limits

Limiting the amounts of tokens that can be transferred is another method for identifying scams in the crypto space.

Be cautious of any token that has upper or lower transfer limits that prevent users from selling their tokens.

In order for an ERC-20 token to be unsellable, one way is to use blacklisting in its transfer function.

For this reason, we can use it to identify scams, since it is a way of limiting who can sell the tokens.

An important point is that some tokens like USDT can include blacklisting for security reasons, not to rug pull users.

So it’s important to thoroughly research any project that uses blacklisting before investing.

For example, Contract Blockscape:

    function _transfer(address sender, address recipient, uint256 amount) private returns (bool) {

        require(sender != address(0), "ERC20: transfer from the zero address");
        require(recipient != address(0), "ERC20: transfer to the zero address");

        if(inSwapAndLiquify)
        { 
            return _basicTransfer(sender, recipient, amount); 
        }
        else
        {
            if(!isTxLimitExempt[sender] && !isTxLimitExempt[recipient]) {
                require(amount <= _maxTxAmount, "Transfer amount exceeds the maxTxAmount.");
            }            

            uint256 contractTokenBalance = balanceOf(address(this));
            bool overMinimumTokenBalance = contractTokenBalance >= minimumTokensBeforeSwap;
            
            if (overMinimumTokenBalance && !inSwapAndLiquify && !isMarketPair[sender] && swapAndLiquifyEnabled) 
            {
                if(swapAndLiquifyByLimitOnly)
                    contractTokenBalance = minimumTokensBeforeSwap;
                swapAndLiquify(contractTokenBalance);    
            }

            _balances[sender] = _balances[sender].sub(amount, "Insufficient Balance");

            uint256 finalAmount = (isExcludedFromFee[sender] || isExcludedFromFee[recipient]) ? 
                                         amount : takeFee(sender, recipient, amount);

            if(checkWalletLimit && !isWalletLimitExempt[recipient])
                require(balanceOf(recipient).add(finalAmount) <= _walletMax);

            _balances[recipient] = _balances[recipient].add(finalAmount);

            emit Transfer(sender, recipient, finalAmount);
            return true;
        }
    }

This case and similar cases can be identified by writing another rule.

#rug-pull #crypto #static-analysis
8 days ago in #scam by
$0.00
    Reply 0