The following exploit types are reported in the exploits field of the Get Token and List Malicious Tokens endpoints.
Honey Pot
A Honey Pot scam contract prevents token owners from selling the token after they purchase it. The inability to sell causes the token price to increase, creating the appearance of a “mooning” token. In some cases, the creator EOA or other approved addresses are granted permission to sell. To exit the scam, the creator will remove liquidity (drain the funds held in the liquidity pool) or mint/sell tokens (in a situation where funds are locked in the liquidity pool).
LP Block
The LP (Liquidity Pool) block prevents transfers to the token’s LP contract, which is a necessary step in the sale swap of the token. Only purchases of the token are allowed since the LP contract does not send tokens in the same manner.
Blocklist/Allowlist
The Blocklist/Allowlist contract restricts selling to one or more addresses. In most instances, either 1) the scam deployer address is present in the allowlist as the only stakeholder with the ability to sell, or 2) any unrelated EOAs (users) who purchase the scam token are added to the blocklist automatically or manually.
External Contract
The transfer functionality is implemented in a separate contract for which source code is not available. The separate contract blocks token sell swaps for all addresses except the deployer address.
Hidden Mint
The contract allows one or more EOAs to mint new tokens using a hidden function within the token contract. After calling the mint function, the scammer can dump the extra tokens in the market, leaving the originally minted tokens that users hold worthless, draining any potential liquidity for users in the process. Sometimes, hidden mint capability accompanies honeypot functionality.
Hidden Balance Modifier
The contract allows token holder balances to be modified by one or more EOAs or by the contract itself. Setting holder balances to zero makes selling impossible. The scammer then removes liquidity or mints/sells tokens to exit the scam.
Hidden Transfer
The contract allows one or more EOAs or the contract itself to transfer tokens from the user(s) to the scammer’s wallet.
Fake Ownership Renounce
The scammer deceptively encodes the impression that they have relinquished ownership over the scam contract. In reality, the scammer still maintains ownership and can, therefore, call sensitive owner-only functions within the contract, such as functions to pause trading, mint tokens, or change fees.
Hidden Fee Modifier
The contract allows one or more EOAs to change the fee amounts collected when buying and/or selling the token. Updating the fee modifier can lead to users unknowingly paying unproportionate fees when transacting in the scam token, such as a 100% sell fee. Alternatively, the fees can be set to greater than 100% to act effectively as a token mint to the fee wallet.
Hidden Max Transaction/Wallet Amount Modifier
The contract allows one or more EOAs to set the maximum transaction/wallet amounts to a low or zero value, preventing the token's sale.