Identifying crypto scams through Static Analysis - Part 1

in scam •  last month 

Pausing

One of the things that should be checked in the project code is the presence of this modifier and it should be checked for what reason it is used. In particular, the presence of this modifier on the transfer() and transferFrom() functions can be considered a big red flag.

For example, if transfer() and transferFrom() functions have the modifier whenNotPaused (generally Pausing), this will make the tokens non-transferrable for all users with one click.

For example, Contract FiatTokenV1:

function transfer(address _to, uint256 _amount)
        public
        whenNotPaused
        notBlacklisted(msg.sender)
        notBlacklisted(_to)
        returns (bool)
    {
        require(_to != address(0), "can't transfer to 0x0");
        require(_amount <= balances[msg.sender], "insufficient balance");

        balances[msg.sender] = balances[msg.sender].sub(_amount);
        balances[_to] = balances[_to].add(_amount);
        emit Transfer(msg.sender, _to, _amount);
        return true;
    }

In fact, today I wrote a rule for this case and this pattern can be easily identified.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!