can't get the right result for eth

Question

can't get the right result for eth

SearnaZhang opened this issue a year ago · 8 comments

there's a honeypot contract on eth chain address:0xAf49C2E91c4A4c04546C89237A7f6672c157bC91
i run this program with 0xe7e07a2281f1e66e938ae7feefc69db181329f12 contract
the result shows isHoneypot: 0
by the way on https://honeypot.is/ , check result for 0xAf49C2E91c4A4c04546C89237A7f6672c157bC91 is HONEYPOT DETECTED
I don't know which step is wrong
can you tell me why?

SearnaZhang commented a year ago

thanks

Answer 1 · 2023-08-09T11:59:25.000Z

This is a harmful contract, but it is not a classic/traditional Honeypot, it make funds locked with the Owner calling the "Reward" function and blacklist the address/addresses.

Answer 2 · 2023-08-09T12:10:35.000Z

This is a harmful contract, but it is not a classic/traditional Honeypot, it make funds locked with the Owner calling the "Reward" function and blacklist the address/addresses.

Yes,Is there anyway to detect this kind of harmful functions?Like some kind of blacklists in this contract

Answer 3 · 2023-08-09T12:19:58.000Z

When I test with from address 0x6dF55a31d09a50f4D28DD567A04bc346A26e7B5e which has been locked with the Owner called the funciton "Reward" in transaction 0xde939fe6010ba68d35d0af24de9a32ab67a4833f59a3fce134c666b55454409b.
It still passed the honeypot test, but in fact this address can not sell its token.
How should this happen?

Answer 4 · 2023-08-09T12:24:58.000Z

For checking that you are unable to sell, you do not need this contract.

This contract is aimed to prevent even not to buy something what you will unable to sell immediately.

Answer 5 · 2023-08-09T12:27:24.000Z

This is a harmful contract, but it is not a classic/traditional Honeypot, it make funds locked with the Owner calling the "Reward" function and blacklist the address/addresses.

Yes,Is there anyway to detect this kind of harmful functions?Like some kind of blacklists in this contract

Possible, but that need an entirely different sets of tools.

Answer 6 · 2023-08-09T14:22:30.000Z

This is a harmful contract, but it is not a classic/traditional Honeypot, it make funds locked with the Owner calling the "Reward" function and blacklist the address/addresses.

Yes,Is there anyway to detect this kind of harmful functions?Like some kind of blacklists in this contract

Possible, but that need an entirely different sets of tools.

which tools can catch this kind of honeypot? pls help~

Answer 7 · 2023-08-09T14:42:39.000Z

This is a harmful contract, but it is not a classic/traditional Honeypot, it make funds locked with the Owner calling the "Reward" function and blacklist the address/addresses.

Yes,Is there anyway to detect this kind of harmful functions?Like some kind of blacklists in this contract

Possible, but that need an entirely different sets of tools.

which tools can catch this kind of honeypot? pls help~

One sophisticated way is, setting up a sandbox environment using e.g. Hardhat and interact with the contract. In this case you can interact with the contract both as the owner and as a random user without risking and real assets to loose.

Accounts: Owner(the deployer of the contract), User(the victim)

Execute a buy order with the User
Try to execute Sell order with the User
Call every possible end-point with the Owner, specially where inputs are accepting Address or Address[]
Check if Owner can call any end-point to modify his or your balance
Simulate skipping blocks
Try to execute Sell order with the User
...

Once you build up the sequence you can have many checks like this.