- ERC-20 token that has different properties if it's the owner or non-owner that is trying to transfer it. Non-owner can only transfer 10% of their max token balance, but in that process it deducts 10x the specified send amount. This essentially forever locks/burns/traps 90% of all funds from token SAM that they receieve.
- Tinkering was inspired by: https://github.com/Defi-Cartel/salmonella. Their idea was to bait sandwich bots into buying this trap token. I wanted to see if I could replicate a similar example with just the ERC-20 token side of things.
npm init -y
npx hardhat init
npm install --save-dev hardhat
npm install @nomicfoundation/hardhat-toolbox@^3.0.0
npm install dotenv
npx hardhat run scripts/deploy.js
deploys to hardhat instancenpx hardhat run scripts/deploy.js --network sepolia
deploys to sepolia (requires .env and hardhat.config.js setup with alchemy, sepolia and private key)
- Owner starts with 1,000,000 SAM tokens. The owner can interact with them as normal.
- Owner sends 500,000 SAM tokens to address B.
- address B can now only ever send up to 10% (50,000) of their 500,000 tokens. If they try to send 100,000 for example, the transfer fails.
- address B sends 50,000 to address C, which gets the 50,000 tokens, but address B gets deducted their whole 500,000 balance.
- This makes it so non-owners (every address that did not deploy the original contract) hold 10x less than they think they do, since they can only ever transfer out 10% at most.
- This opened my mind regarding the span of attack vectors within smart contracts.
- People who make honeypots/traps to steal and scam from innocent people in web3 are the scum of the earth.
- Take this as an example of how dangerous crypto can be.
- Use a hard wallet with metamask
- Never store seed words on any device that has ever touched the internet
- Do not interact with any foreign coin sent to your address
- Triple check websites for phising links
- Smart contracts have endless possibilities and clever tricks to take your money, far more clever and intricate than this
- Don't trust anyone
- Be a white hat, not a black hat