Risk Tags

The Webacy Risk Score APIs return results with certain tags. This page provides additional information about each tag.

Token Risk

access_control

name: "Access Control"

description: The token has users with special privileges, such as the ability to mint new tokens, burn existing tokens, or change the contract's code. Refer to the code for more details.

anti_whale_modifiable

name: "Anti Whale Modifiable"

description: The maximum amount of transactions or the maximum token position for a single address can be modified at any time in this token contract.

buy_tax

name: "Buy Tax"

description: When buying a token, a buy tax will cause the actual token value received to be less than the amount paid. An excessive buy tax may lead to heavy losses.

can_take_back_ownership

name: "Reclaim Ownership"

description: Ownership is usually used to adjust the parameters and status of the contract, such as minting, modification of slippage, suspension of trading, setting blacklist, etc. When the contract owner cannot be retrieved, is a black hole address, or does not have an owner, ownership-related functionality will most likely be disabled. These risky functions may be able to be reactivated if ownership is reclaimed.

contract

custom tag

name: "Bad Contract"

description: This contract has factors that may cause it to be misused or exploited. This may include various contract deficiencies like integer overflows/underflows, unsafe modifiers, unconventional ERC implementations, etc. Proceed with caution.

exploitation

custom tag

name: "Exploitation"

description: This token contract has been exploited in the past, and may be vulnerable to future exploits. Proceed with caution.

freezeable

name: "Freezeable"

description: Token transfers can be frozen by a central authority, posing a risk for censorship or manipulation, limiting the token's fungibility and utility.

hidden_owner

name: "Hidden Owner"

description: Hidden ownership is used by developers to maintain ownership ability even after abandoning ownership, and is often an indicator of malicious intent. When a hidden owner exists, it is safe to assume that ownership has not been abandoned.

honeypot_with_same_creator

name: "Honeypot"

description: A honeypot contract may prevent sale or transfer of tokens, or non-standard code, some honeypots contain seemingly vulnerable code to lure hackers.

illegal_unicode

custom tag

name: "Deceptive Token"

description: This token's name or symbol contains unicode characters that appear identical or deceptively similar to letters of the alphabet. This tactic is often employed by fake token creators to spoof real tokens, URLs, and contract names.

impersonator

name: "Impersonator"

description: Someone is impersonating an entity related to the token, posing identity fraud risks, potentially leading to scams or theft of sensitive information.

is_airdrop_scam

name: "Airdrop Scam"

description: An airdrop scam attempts to get you to visit the site of a fake project and connect your wallet, where they can then gain access to your account and steal your funds. It is all under the guise that you have tokens worth a lot of money therefore, of course you want to sell them and get the money from a free airdropped token.

is_anti_whale

name: "Anti Whale"

description: A contract is anti-whale if it has the function to limit the maximum amount of transactions or the maximum token position for a single address, often to prevent price manipulation. When the anti-whale value is set to a very small value, all trading will fail.

is_blacklisted

name: "Blacklisting"

description: A blacklist function is included in this contract. If there is a blacklist, some addresses may not be able to trade normally. The contract owner may add any address to the blacklist, and the token holder in the blacklist will not be able to trade. Abuse of the blacklist function will lead to great risks.

is_closed_source

name: "Closed Source"

description: Closed-sourced contracts may hide various unknown mechanisms and are extremely risky. It might also be a fake token, since most major tokens are open sourced.

is_fake_token

name: "Fake Token"

description: This token is an unauthentic knockoff for an existing project. Be extra cautious not to confuse this with your real tokens

is_honeypot

name: "Honeypot"

description: A honeypot contract may prevent sale or transfer of tokens, or non-standard code, some honeypots contain seemingly vulnerable code to lure hackers.

is_nonstandard_jetton

name: "Non-standard Jetton contract"

description: This TON contract differs too greatly from standard jetton contracts. This may be problematic, and could indicate unknown functionality that could prevent withdrawal of funds, or manipulation of tokens.

is_proxy

name: "Proxy"

description: Proxy contracts enable upgradability, meaning the logic or implementation contract that a proxy points to can be changed. The primary risk lies with the owner, who holds the authority to upgrade the contract code.

is_whitelisted

name: "Whitelisting"

description: Whitelisting functionality is mostly used to allow specific addresses to make early transactions, tax-free, and not affected by transaction suspension.

known-malicious-token

name: "Known Malicious Token"

description: The token is recognized as malicious, posing significant risks to users and the ecosystem, potentially leading to financial losses or reputation damage.

mintable

name: "Mintable"

description: Tokens can be created (minted) by the minter, introducing inflationary risks or vulnerabilities if not properly controlled, potentially leading to dilution of value.

minted-less-than-10-minutes

name: "Token Too New"

description: Tokens have been minted within a short timeframe, potentially indicating rapid creation that could be suspicious or risky, raising concerns about token distribution fairness and security.

minted-less-than-1-day

name: "Token Too New"

description: Tokens have been minted within a moderately short timeframe, potentially indicating rapid creation that could be suspicious or risky, raising concerns about token distribution fairness and security.

minted-less-than-1-hour

name: "Token Too New"

description: Tokens have been minted within a moderately short timeframe, potentially indicating rapid creation that could be suspicious or risky, raising concerns about token distribution fairness and security.

minter-drainer

name: "Minter is Drainer"

description: The minter is draining funds or assets, indicating potential theft or exploitation, leading to severe financial losses for investors and damaging the project's credibility.

minter-fixedfloat

name: "Minter is Mixer"

description: The minter is involved in unusual FixedFoat volume, indicating an attempt to anonymize fund sources.

minter-fundflow-drainer

name: "Minter Funds Drainers"

description: The minter's fund flow activities involve draining funds or assets from the token ecosystem, potentially leading to financial losses for investors and damaging the project's credibility.

minter-fundflow-fixedfloat

name: "Minter Funds Mixers"

description: The minter's fund flow activities indicate exposure to addresses that attempt to utilize FixedFloat to anonymize their funding sources.

minter-fundflow-hacker

name: "Minter Funds Hackers"

description: The minter is involved in fund flow activities compromised by hackers, potentially leading to unauthorized access, fund theft, or manipulation by malicious actors.

minter-fundflow-mixer

name: "Minter Funds Mixers"

description: The minter's fund flow activities involve mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

minter-fundflow-ofac

name: "Minter Funds Sanctioned Activity"

description: The minter's fund flow activities involve entities or transactions that are sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues.

minter-fundflow-simpleswap

name: "Minter Funds Mixers"

description: The minter's fund flow activities indicate exposure to addresses that attempt to utilize SimpleSwap to anonymize their funding sources.

minter-hacker

name: "Minter is Hacker"

description: The minter has been compromised by hackers, posing various security risks to the token and its ecosystem, such as unauthorized minting or fund theft.

minter-mixer

name: "Minter is Mixer"

description: The minter is involved in mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

minter-multiple-rugged

name: "Minter is Repeat Rugpuller"

description: Multiple instances of rugpulls are associated with accounts involved in minting tokens, amplifying the risk and potential losses for investors across various tokens.

minter-ofac

name: "Minter is Sanctioned"

description: Involvement with entities sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues, potentially affecting the token's viability and reputation.

minter-own-20-percent

name: "Unbalanced Ownership (Minter)"

description: An unusual concentration of token ownership by the minter raises concerns about centralization and potential manipulation.

minter-own-50-percent

name: "Unbalanced Ownership (Minter)"

description: An unusual concentration of token ownership by the minter raises concerns about centralization and potential manipulation.

minter-own-90-percent

name: "Unbalanced Ownership (Minter)"

description: An overwhelming concentration of token ownership by the minter raises concerns about centralization and potential manipulation.

minter-rugged

name: "Minter is Rugpuller"

description: The minter has executed a rugpull, abandoning the project after minting tokens, leading to significant losses for investors.

minter-simpleswap

name: "Minter is Mixer"

description: The minter has unusual SimpleSwap volume, indicating they are attempting to anonymize their fund sources.

mutable-metadata

name: "Mutable Metadata"

description: Metadata associated with the token can be modified or changed, potentially leading to issues with transparency, accuracy, and trust within the token ecosystem. The ability to alter metadata introduces risks related to misinformation, manipulation, or unauthorized changes, which could undermine the integrity and reliability of token-related information and services

non-transferable

name: "Non Transferable"

description: Tokens cannot be transferred between addresses, potentially indicating a locked or restricted token, limiting its utility and liquidity.

not-renounce

name: "Not Renouncable"

description: The owner cannot renounce ownership of the token, limiting the token's decentralization or increasing the risk of control by a single entity, hindering community governance.

not-renounced

name: "Token Manipulation Risk"

description: The token supply, metadata, or contract can potentially be manipulated for this token, as the token admin has not yet revoked their ownership. This can result in the devaluation of the token, inconsistent reprresentation, or various honeypot risks including the inability to withdraw tokens.

oversupply_minting

name: "Oversupply Minting"

description: The contract owner has the ability to bypass the maximum amount of minting specified in the contract, leading to inflation and potential devaluation of the token.

owner_change_balance

name: "Change Balance"

description: Tokens with this feature allow the owner to modify anyone's balance, resulting in a holders asset to be changed (i.e. to 0) or a massive minting and sell-off.

owner-drainer

name: "Owner is Drainer"

description: The token owner is involved in draining funds or assets from the token ecosystem, leading to severe financial losses for investors and damaging the project's credibility.

owner-fixedfloat

name: "Owner is Mixer"

description: The token owner is involved in unusual FixedFoat volume, indicating an attempt to anonymize fund sources.

owner-fundflow-drainer

name: "Owner Funds Drainers"

description: The token owner's fund flow activities involve draining funds or assets from the token ecosystem, potentially leading to financial losses for investors and damaging the project's credibility.

owner-fundflow-fixedfloat

name: "Owner Funds Mixers"

description: The token owner's fund flow activities indicate exposure to addresses that attempt to utilize FixedFloat to anonymize their funding sources.

owner-fundflow-hacker

name: "Owner Funds Hackers"

descriptions: The token owner is involved in fund flow activities compromised by hackers, potentially leading to unauthorized changes or exploits.

owner-fundflow-mixer

name: "Owner Funds Mixers"

descriptions: The token owner's fund flow activities involve mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

owner-fundflow-ofac

name: "Owner Funds Sanctioned Activity"

descriptions: The token owner's fund flow activities involve entities or transactions that are sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues.

owner-fundflow-simpleswap

name: "Owner Funds Mixers"

descriptions: The token owner's fund flow activities indicate exposure to addresses that attempt to utilize SimpleSwap to anonymize their funding sources.

owner-hacker

name: "Owner is Hacker"

description: The token owner has been compromised by hackers, posing various security risks to the token and its ecosystem, such as unauthorized changes to the token's smart contract or theft of funds.

owner-mixer

name: "Owner is Mixer"

description: The token owner is involved in mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

owner-multiple-rugged

name: "Owner is Repeat Rugpuller"

description: Multiple instances where different token owners have performed rugpulls, leading to severe repercussions for investors and project sustainability.

owner-ofac

name: "Owner is Sanctioned"

description: Involvement with entities sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues, potentially affecting the token's viability and reputation.

owner-own-20-percent

name: "Unbalanced Ownership (Owner)"

description: The token owner holds 20% of the token supply, suggesting significant control over the project's direction and potential risks of market manipulation.

owner-own-50-percent

name: "Unbalanced Ownership (Owner)"

description: The token owner holds 50% of the token supply, suggesting significant control over the project's direction and potential risks of market manipulation.

owner-own-90-percent

name: "Unbalanced Ownership (Owner)"

description: The token owner holds 90% of the token supply, suggesting significant control over the project's direction and potential risks of market manipulation.

owner-rugged

name: "Owner is Rugpuller"

description: The owner of the token has executed a rugpull, abandoning the project and causing a collapse in token value.

owner-simpleswap

name: "Owner is Mixer"

description: The token owner has unusual SimpleSwap volume, indicating they are attempting to anonymize their fund sources.

privileged_burn

name: "Privileged Burn"

description: The contract owner has the ability to burn tokens from any address, which may lead to significant losses for token holders.

restricted_approval

name: "Restricted Approval

description: If this risk exists, it means that users will not be able to trade the NFT on the exchange and only privileged users in the whitelist will be able to trade normally.

sell_tax

name: "Sell Tax"

description: A sell tax will cause the actual value received when selling a token to be less than expected. Too much much sell tax may lead to large losses.

slippage_modifiable

name: "Slippage Modifiable"

description: A token with modifiable slippage means that the contract owner can modify the buy tax or sell tax of the token. This may cause some losses, especially since some contracts have unlimited modifiable tax rates, which would make the token untradeable.

top-10-holders-drainer

name: "Top Holders are Drainers"

description: Members of the top 10 holders of this token have executed a rugpull, abandoning the project and causing a collapse in token value.

top-10-holders-fundflow-drainer

name: "Top Holders Fund Drainers"

description: Members of the top 10 holders of this token have been involved in draining funds or assets from the token ecosystem, leading to severe financial losses for investors and damaging the project's credibility.

top-10-holders-fundflow-fixedfloat

name: "Top Holders Fund Mixers"

description: Members of the top 10 holders of this token are involved in unusual FixedFoat volume, indicating an attempt to anonymize fund sources.

top-10-holders-fundflow-hacker

name: "Top Holders Fund Hackers"

description: Members of the top 10 holders of this token are involved in fund flow activities linked to hackers, potentially leading to unauthorized changes or exploits.

top-10-holders-fundflow-mixer

name: "name": "Top Holders Fund Mixers"

description: Members of the top 10 holders of this token have funds linked to addresses involved in mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

top-10-holders-fundflow-ofac

name: "Top Holders Fund Sanctioned Activity"

description: Members of the top 10 holders of this token have funds linked to addresses sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues, potentially affecting the token's viability and reputation.

top-10-holders-fundflow-simpleswap

name: "Top Holders Fund Mixers"

description: Members of the top 10 holders of this token are involved in unusual SimpleSwap volume, indicating an attempt to anonymize fund sources.

top-10-holders-hacker

name: "Top Holders are Hackers"

description: Members of the top 10 holders of this token may be hackers, potentially leading to unauthorized changes or exploits.

top-10-holders-multiple-rugged

name: "Top Holders are Rugpullers"

description: Members of the top 10 holders of this token have executed multiple rugpulls, abandoning projects and causing a collapse in token values.

top-10-holders-ofac

name: "Top Holders are Sanctioned"

description: Members of the top 10 holders have been involved with entities sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues, potentially affecting the token's viability and reputation.

top-10-holders-own-10-percent

name: "Moderate Ownership Concentration (Holders)"

description: A moderate level of token centralization, where the top 10 holders own 10% of the token supply. This is a healthy distribution and considered relatively normal.

top-10-holders-own-20-percent

name: "Unbalanced Ownership (Holders)"

description: A small number of addresses (top 10 holders) control a notable amount (at least 20%) of the token supply. This level of concentration does not pose immediate risks.

top-10-holders-own-30-percent

name: "Significant Ownership Concentration (Holders)"

description: The top 10 holders of this token own at least 30% of the token supply. While this level of concentration may not pose immediate risks, it is essential to monitor changes over time.

top-10-holders-own-40-percent

name: "High Ownership Concentration (Holders)"

description: The top 10 holders own at least 40% of the token supply. This may increase the potential for price manipulation and reduce liquidity.

top-10-holders-own-50-percent

name: "Unbalanced Ownership (Holders)"

description: A small number of addresses (top 10 holders) control a majority (at least 50%) of the token supply. This poses risks, and can result in market manipulation.

top-10-holders-own-60-percent

name: "Severe Ownership Concentration (Holders)"

description: Severe centralization of token ownership, where the top 10 holders own 60% of the token supply. Such concentration may lead to significant market volatility and loss of confidence among investors.

top-10-holders-own-70-percent

name: "Critical Ownership Concentration (Holders)"

description: Critical concentration of token ownership, where the top 10 holders own 70% of the token supply. This level of centralization poses high risks for manipulation and central control.

top-10-holders-own-80-percent

name: "Extreme Ownership Concentration (Holders)"

description: Extreme concentration of token ownership, where the top 10 holders own 80% of the token supply. This raises significant concerns about market manipulation and long-term sustainability.

top-10-holders-own-90-percent

name: "Unbalanced Ownership (Top Holders)"

description: Centralization of token ownership, where a small number of addresses (top 10 holders) control a vast majority (90%) of the token supply, poses risks like market manipulation.

top-10-holders-own-100-percent

name: "Total Ownership Centralization (Holders)"

description: Complete centralization of token ownership, where the top 10 holders own the entire token supply (100%). This level of concentration represents maximum risk for manipulation and undermines the decentralized nature of the token.

top-10-holders-rugged

name: "Top Holders are Rugpullers"

description: Members of the top 10 holders of this token have executed a rugpull, abandoning the project and causing a collapse in token value.

transfer_without_approval

name: "Transfer Without Approval"

description: The contract owner has the ability to transfer tokens from any address without requiring approval, which may lead to unauthorized token transfers and potential theft.

trust_list

name: "Trusted"

description: The token contract is a trusted, and a widely known project, and is verified as authentic.

unlocked-liquidity

name: "Unlocked Liquidity"

description: Liquidity is unlocked and can be withdrawn by the owner, posing risks like rugpulls or sudden liquidity drains.

update-authority-drainer

name: "Updater is Drainer"

description: The update authority is involved in draining funds or assets from the token ecosystem, leading to severe financial losses for investors and damaging the project's credibility.

update-authority-fixedfloat

name: "Updater is Mixer"

description: The update authority is involved in unusual FixedFoat volume, indicating an attempt to anonymize fund sources.

update-authority-fundflow-drainer

name: "Updater Funds Drainers"

description: The update authority's fund flow activities involve draining funds or assets from the token ecosystem, leading to severe financial losses for investors and damaging the project's credibility.

update-authority-fundflow-fixedfloat

name: "Updater Funds Mixers"

description: The update authority's fund flow activities indicate exposure to addresses that attempt to utilize FixedFloat to anonymize their funding sources.

update-authority-fundflow-hacker

name: "Updater Funds Linked Hacker"

description: The update authority is involved in fund flow activities compromised by hackers, potentially leading to unauthorized changes or exploits.

update-authority-fundflow-mixer

name: "Updater Funds Mixers"

description: The update authority's fund flow activities involve mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

update-authority-fundflow-ofac

name: "Updater Funds Sanctioned Activity"

description: The update authority's fund flow activities involve entities or transactions that are sanctioned by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues.

update-authority-fundflow-simpleswap

name: "Updater Funds Mixers"

description: The update authority's fund flow activities indicate exposure to addresses that attempt to utilize SimpleSwap to anonymize their funding sources.

update-authority-hacker

name: "Updater is Hacker"

description: The update authority, with the power to make changes to the token's smart contract, has been compromised by hackers, posing significant security risks to the token and its ecosystem.

update-authority-mixer

name: "Updater is Mixer"

description: The update authority is involved in mixing or tumbling schemes, obfuscating the origin of tokens to facilitate money laundering or illicit transactions.

update-authority-multiple-rugged

name: "Updater is Repeat Rugpuller"

description: Repeated occurrences of rugpulls by different update authorities pose substantial risks to token holders and the overall project ecosystem.

update-authority-ofac

name: "Updater is Sanctioned"

description: The update authority is involved in activities that violate sanctions imposed by the Office of Foreign Assets Control (OFAC), leading to legal and compliance issues.

update-authority-own-20-percent

name: "Unbalanced Ownership (Updater)"

description: The update authority possesses 20% of the token supply, leading to concerns regarding centralization and manipulation.

update-authority-own-50-percent

name: "Unbalanced Ownership (Updater)"

description: The update authority possesses 50% of the token supply, leading to concerns regarding centralization and manipulation.

update-authority-own-90-percent

name: "Unbalanced Ownership (Updater)"

description: The update authority possesses 90% of the token supply, leading to concerns regarding centralization and manipulation.

update-authority-rugged

name: "Updater is Rugpuller"

description: The update authority, with the power to make changes to the token's smart contract, has conducted a rugpull, potentially compromising the integrity of the project.

update-authority-simpleswap

name: "Updater is Mixer"

description: The update authority has unusual SimpleSwap volume, indicating they are attempting to anonymize their fund sources.

volatility

name: "Volatility"

description: This asset has experienced significant price volatility, indicating high risk and potential for significant losses.


Address Risk

associated_drainer

name: "Interacted with Drainer"

description: This address has interacted with an address associated with draining activity. Proceed with caution.

associated_hacker

name: "Interacted with Hacker"

description: This address has interacted with an address associated with hacking activity. Proceed with caution.

associated_mixer

name: "Interacted with Mixer"

description: This address has interacted with a coin mixer. Interacting with coin mixers may result in your address being added to the risk list of third-party institutions and governing bodies.

associated_sanctioned

name: "Interacted with Sanctioned"

description: This address has interacted with an address associated with sanctioned activity.

blacklist_doubt

name: "Possible Blacklist"

description: This address has been reported numerous times as dangerous. Proceed with caution.

blackmail_activities

name: "Blackmail"

description: This address has potentially been involved in illegal blackmail activity.

cybercrime

name: "Cybercrime"

description: This address has committed cybercrimes and has been found and reported by world authorities.

darkweb_transactions

name: "Darkweb"

description: This address has been spotted interacting with darkweb actors.

drainer

name: "Drainer"

description: This address has been related to drainer activity. Drainers automate the process of completely draining all assets off an exchange or via other contracts.

fake_kyc

name: "KYC Fail"

description: This address fails to meet KYC standards at the time of this transaction (is too new, too few transactions, etc.).

financial_crime

name: "Financial Crime"

description: This address has been connected with a financial crime. Avoid DEX interaction at all costs.

fund_flow_issues

name: "Bad fund-flow Actors"

description: Bad actors have been found interacting with this address.

hacker

name: "Hacker"

description: This address has been associated with hacking, or may be at risk of being a hacker.

name: "Honeypot"

description: This is a honeypot address that has been found to trap unsuspecting wallets.

malicious_mining_activities

name: "Malicious Miner"

description: This address belongs to a miner that has performed malicious mining and AMM activity.

mixer

name: "Mixer"

description: This is a coin mixer address. Interacting with coin mixers may result in your address being added to the risk list of third-party institutions and governing bodies.

money_laundering

name: "Money Laundering"

description: This address has been involved in money laundering and may be attached with other criminal activity.

number_of_malicious_contracts_created

name: "Malicious Contracts"

description: This address has been associated with a number of malicious smart contracts, and should be avoided at all costs.

phishing_activities

name: "Phishing"

description: This address has been involved in phishing activities and is known to be dangerous. Proceed with extreme caution.

sanctioned

name: "Sanctioned"

description: This is a sanctioned address that has been found and reported by world authorities.

spam_domain

name: "Spam Domain"

description: "This address is linked to a spam domain. Proceed with caution."

stealing_attack

name: "Theft"

description: This address has been involved in theft. Do not send anything to this address.

wash_trading

name: "Wash Trader"

description: This trader or entity buys and sells the same asset to create artificial market activity, inflating trading volumes or prices. A large number of wash traders trading a token indicates significant market risk for that token.


reportedData

valid_report

name: "Reported"


noHistoryRisk

insufficient_wallet_age

name: "Insufficient Wallet Age"

description: The age of this wallet or contract address is new, there is not enough information to pass Webacy's KYW (Know Your Wallet) criteria. If this wallet is unknown to you, the lack of activity might indicate that it has been created maliciously.

insufficient_wallet_balance

name: "Insufficient Wallet Balance"

description: This balance in this wallet or contract is below what is deemed necessary to pass Webacy's KYW (Know Your Wallet) criteria. This might indicate it is a new wallet.

insufficient_wallet_transactions

name: "Insufficient Wallet Transactions"

description: This wallet has too few transactions to pass Webacy's KYW (Know Your Wallet) criteria.


contractRisk

arbencoderv2_array

name: "AbiEncoderV2 Bug"

description: Bug resulting from an older version of Solidity, consider using a new compiler that generates this contract.

arbitrary_send_erc20

name: "Arbitrary Send ERC20"

description: If you run an approval transaction on this contract, this will allow an attacker to take tokens directly from you to their wallet.

arbitrary_send_erc20_permit

name: "Arbitrary Send ERC20 with Permit

description: If an ERC20 token does not implement permit and has a fallback function e.g. WETH, transferFrom allows an attacker to transfer all tokens approved for this contract.

arbitrary_send_eth

name: "Arbitrary Send ETH"

description: Unprotected call to a function sending Ether to an arbitrary address.

array_by_reference

name: "Array By Reference Error"

description: Contract has issues in its array handling that could lead to improper usage of the smart contract and potential harm to funds.

burn

name: "high Chance of Arbitrary Burning"

description: This contract has logic that could be manipulated to arbitrarily mint portions of the token supply.

centralized_risk_high

name: "High Centralization Risk"

description: This contract may have logic that lead us to think it is is a drainer.

centralized_risk_low

name: "Minor Centralization Risk"

description: This contract may have logic that lead us to think it is is a drainer.

centralized_risk_medium

name: "Medium Centralization Risk"

description: This contract may have logic that lead us to think it is is a drainer.

codex

name: "Codex"

description: Consult the developers and ask them to use codex to help them find the vulnerability.

controlled_array_length

name: "Controlled Array Length"

description: Checks whether contract enables access to resize array length, potentially allowing a malicious user to access and control critical information in the contract.

controlled_delegatecall

name: "Controlled Delegatecall"

description: Allows an attacker to delegate execution to a potential malicious contract, enabling him to potentially withdraw funds from the contract.

delegatecall_loop

name: "Delegatecall Loop"

description: Contract contains logic that could be potentially harmful on repeat.

encode_packed_collision

name: "Encode Packed Collision"

description: Contract contains possibility to lead to collisions that could wind up overwriting your data and lead to potential harm to funds.

encode_packed_parameters

name: "Encode Packed Parameters

event_setter

name: "Unlogged Event Setter"

events_maths

name: "Events Maths"

external_dependencies

name: "External Dependencies"

front_running_high

name: "High Front Running Risk"

description: This contract has logic that could be subject to race conditions and potential front running of transactions.

front_running_low

name: "Low Front Running Risk"

description: This contract has logic that could be subject to race conditions and potential front running of transactions.

front_running_medium

name: "Medium Front Running Risk"

description: This contract has logic that could be subject to race conditions and potential front running of transactions.

immutable_states

name: "Immutable States"

incorrect_equality

name: "Dangerous equality"

description: Contracts can behave erroneously when they strictly assume a specific Ether balance. It is always possible to forcibly send ether to a contract (without triggering its fallback function), using selfdestruct, or by mining to the account. In the worst case scenario this could lead to DOS conditions that might render the contract unusable.

incorrect_exp

name: "Incorrect Exponentiation"

description: Developer error, attempting to use bitwise manipulation to do exponentiation in smart contract.

incorrect_inheritance_order

name: "Incorrect Inheritance Order"

incorrect_return

name: "Incorrect Return"

description: Potentially bad logic in assembly statement that can cause adverse effects detected in contract.

incorrect_shift

name: "Incorrect Shift"

description: Contract is incorrectly using bitshifting possibly leading to adverse effects on the contract.

integer_overflow

name: "Integer Overflow"

description: This contract is susceptible to integer overflow and adverse effects.

integer_underflow

name: "Integer Underflow"

description: This contract is susceptible to integer underflow and adverse effects.

k_value_error

name: "K Value Error"

description: The K value error can occur in the implementation of swap, mint, and burn functions, leading to imbalanced value calculations and potentially exploitable contract states.

locked_ether

name: "Locked Ether"

description: The contract has a function that will take payment in Ether and does not have a subsequent function to withdraw the Ether, effectively locking your Ether.

mint_high

name: "High Chance of Arbitrary Minting"

description: This contract has logic that could be manipulated to arbitrarily mint portions of the token supply.

mint_low

name: "Low Chance of Arbitrary Minting

description: This contract has logic that could be manipulated to arbitrarily mint portions of the token supply.

missing_zero_check

name: "Missing Zero Check"

description: This contract does not check for a setter address involving the 0 address, thus potentially bricking the contract.

msg_value_loop

name: "Msg.Value Inside of Loop"

description: Detecting the use of msg.value inside of a loop.

pess_arbitrary_call

name: "Arbitrary Call Tainted"

description: Potential for calldata to be manipulated in this contract.

pess_arbitrary_call_calldata_tainted

name: "Arbitrary Call Calldata Tainted"

description: Potential for calldata to be manipulated in this contract.

pess_arbitrary_call_with_stored_erc20_approves

name: "Arbitray Call Tainted With Stored ERC20 Approves"

description: Potential for calldata to be manipulated in this contract with stored ERC20 approves.

pess_call_forward_to_protected

name: "Call Forward To Protected"

description: Contract has low level calls to a custom address. This can be used by an atacker to make a call on behalf of another contract and interact with functions through access control.

pess_double_entry_token_alert

name: "Pessimistic Double Entry Token Alert"

description: Double-entry token is a token that has two entry points for interactions - a logic contract and a proxy contract. Such interactions might lead to a contract misfunction.

pess_dubious_typecast

name: "Dubious Typecast"

description: Highlights a nonstandard typecast.

pess_ecrecover

name: "Pessimistic ECRecover Issue"

description: Ecrecover functions returns 0 on error. It is important to check the result for 0.

pess_for_continue_increment

name: "For Continue Increment"

description: Use of unchecked indexing to save on gas costs can possibly lead to an infinite loop statement and possible bricking of contract.

pess_only_eoa_modifier

name: "Falsy Only EOA Check"

description: Highlights a msg.sender == tx.origin statement in the contract. This is a poor check for authentication.

pess_readonly_reentrancy

name: "Readonly Reentrancy"

description: There exists getter functions that return a value that theoretically could be manipulated during the execution of this contract.

pess_strange_setter

name: "Strange Setter"

description: This contract is acting suspiciously and enabling state changes that don't change setters.

pess_timelock_controller

name: "Timelock Controller"

description: The deploy address can govern the contract bypassing timelock-controller limitations.

pess_token_fallback

name: "Token Fallback"

description: Token contract has a fallback function that indicates potential for reentrancy and shady behavior.

pess_tx_gasprice

name: "Tx Gasprice Warning"

description: tx.gasprice variable is set by contract users not developers.

pess_uni_v2

name: "UniswapV2 Integration"

description: Checks whether uniswapv2 is properly integrated.

pess_unprotected_initialize

name: "Unprotected Initialize"

description: Initialize could be hijacked by attacker due to improper protections.

pess_unprotected_setter

name: "Unprotected Setter"

description: Contract contains a setter that changes the contract parameters without modifier protection or access control inside the function.

price_manipulation_high

name: "High Chance Of Price Mainpulation"

description: This contract has logic that has potential for price manipulation.

price_manipulation_low

name: "Low Chance Of Price Manipulation"

description: This contract has logic that has potential for price manipulation.

price_manipulation_medium

name: "Medium Chance Of Price Manipulation"

description: This contract has logic that has potential for price manipulation.

protected_vars

name: "Unprotected Variables"

description: Contract contains unprotected variables that developers have designated they wish to protect.

public_mappings_nested

name: "Public Nested Mappings Bug"

description: A bug that occurs from an older version of Solidity.

reentrancy_same_effect

name: "Reentrancy With or Without Eth Transfer"

description: Vulnerable to reentrancy attacks.

reentrancy_with_eth_transfer

name: "Reentrancy With ETH Transfer"

description: Allows a reentrancy attack capable of withdrawing more Ether than one has put in multiple times.

reentrancy_without_eth_transfer

name: "Reentrancy Without ETH Transfer"

description: Vulnerable to reentrancy attacks on token transfers.

return_leave

name: "Incorrect Return Should Use Leave

description: Bad logic using low level return when a leave statement should be used. Could have adverse effects in contract logic.

reusing_state_variable

name: "Reusing State Variable"

rtlo

name: "Right To Left Override Character"

description: Using unicode characters to manipulate contract logic. There are 0 non malicious reasons why a contract should be trying to do this.

selfdestruct

name: "Self Destruct"

description: The contract is self destructible. When the self-destruct function is triggered, the contract will be destroyed, all of its functions will be unavailable, and all related assets will be erased. This type of contract is susceptible to rug-pulls.

shadowing_local

name: "Shadowing Local"

shadowing_state

name: "Shadowing State"

description: The contract contains logic that due to variable naming, doesn't set certain variables, potentially enabling access to malicious users.

storage_array

name: "Storage Signed Integer Array"

description: A critical bug from an old version of solidity. Recommend not using this contract.

suicidal

name: "Self Destruct"

description: The contract is self destructible. When the self-destruct function is triggered, the contract will be destroyed, all of its functions will be unavailable, and all related assets will be erased. This type of contract is susceptible to rug-pulls.

SWC_117

name: "Signature Malleability"

description: Signature verification in this contract is implemented in such a way that your signature could be reused in a way that you may not authorized.

SWC_121

name: "Insufficient Protection Against Replay Attacks"

description: This will allow attackers to reuse your signature for nefarious purposes in this contract.

SWC_122:

name: "Lack of Proper Signature Verification"

SWC_124

name: "Write To Arbitrary Storage Location"

description: If an attacker is able to write to arbitrary storage locations of a contract, the authorization checks may easily be circumvented. This problem is noted as present in the current contract.

unchecked_lowlevel

name: "Unchecked Low Level Call"

description: Return value of a low level call is not checked to see if it went through or failed and can lead to unexpected bad outcomes.

unchecked_send

name: "Unchecked Send"

description: Return value of a send is not checked to see if it went through or failed and can lead to unexpected bad outcomes.

unchecked_transfer

name: "Unchecked Transfer"

description: Return value of a transfer is not checked to see if it went through or failed and can lead to unexpected bad outcomes.

uninitialized_state

name: "Uninitialized State"

description: Some of this contract's state variables are uninitialized which could have adverse effects with the contract.

uninitialized_storage

name: "Uninitialized Storage"

description: Some of this contract's storage variables are uninitialized which could have adverse effects with the contract.

unprotected_upgrade

name: "Unprotected Upgrade"

description: This contract can be self destructed and funds can be lost and withdrawn to a malicious user.

weak_prng

name: "Weak PRNG"

description: Contract contains attempts to generate randomness that are considered weak and ineffective and could be gamed by miners.

Last updated