Skip to content

alexbabits/erc20-trap-token

Repository files navigation

Overview

  • ERC-20 token that has different properties if it's the owner or non-owner that is trying to transfer it. Non-owner can only transfer 10% of their max token balance, but in that process it deducts 10x the specified send amount. This essentially forever locks/burns/traps 90% of all funds from token SAM that they receieve.
  • Tinkering was inspired by: https://github.com/Defi-Cartel/salmonella. Their idea was to bait sandwich bots into buying this trap token. I wanted to see if I could replicate a similar example with just the ERC-20 token side of things.

failed tx reverted receipt of failed tx

Setup

  • npm init -y
  • npx hardhat init
  • npm install --save-dev hardhat
  • npm install @nomicfoundation/hardhat-toolbox@^3.0.0
  • npm install dotenv
  • npx hardhat run scripts/deploy.js deploys to hardhat instance
  • npx hardhat run scripts/deploy.js --network sepolia deploys to sepolia (requires .env and hardhat.config.js setup with alchemy, sepolia and private key)

Experimenting/Example

  • Owner starts with 1,000,000 SAM tokens. The owner can interact with them as normal.
  • Owner sends 500,000 SAM tokens to address B.
  • address B can now only ever send up to 10% (50,000) of their 500,000 tokens. If they try to send 100,000 for example, the transfer fails.
  • address B sends 50,000 to address C, which gets the 50,000 tokens, but address B gets deducted their whole 500,000 balance.
  • This makes it so non-owners (every address that did not deploy the original contract) hold 10x less than they think they do, since they can only ever transfer out 10% at most.

success and failure tx amounts

Notes

  • This opened my mind regarding the span of attack vectors within smart contracts.
  • People who make honeypots/traps to steal and scam from innocent people in web3 are the scum of the earth.
  • Take this as an example of how dangerous crypto can be.
    • Use a hard wallet with metamask
    • Never store seed words on any device that has ever touched the internet
    • Do not interact with any foreign coin sent to your address
    • Triple check websites for phising links
    • Smart contracts have endless possibilities and clever tricks to take your money, far more clever and intricate than this
    • Don't trust anyone
  • Be a white hat, not a black hat

happy pepe

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published