Read on Twitter
"Oh what a sexy looking chart" you may think, right?
DISCLAIMER: Do NOT buy this! I will explain why:
This is a FAKE contract of $YLD by @YieldApp.
So how does this work? I mean, there are sell orders. So it should be legit. Ok starting a thread...
DISCLAIMER: Do NOT buy this! I will explain why:
This is a FAKE contract of $YLD by @YieldApp.
So how does this work? I mean, there are sell orders. So it should be legit. Ok starting a thread...
As you can see at @DEXToolsApp, there are sell orders from multiple different wallets. A known scam is to only allow the developers wallet to sell tokens, all other won't be able to approve or transfer at all. So this shouldn't be the case with this one, right?
For this to check we need to take a closer look at the contract of this token. What we are looking for is the intern "_transfer" function. So let's search for it and we find:
Nothing to worry about. So far so good. Just two function calls and the default "_transfer" function itself without any blacklistings etc. Let's digg deeper. Next step: Looking for the public "transfer" "transferFrom" functions, and we find:
Nothing special about this one either. BUT no comes the interesting part. This is defined in "contract ERC20". If we look for the token contract itself (named "contract StandardToken" here) we see:
So the "contract ERC20" including the default transfer function aint getting used at all. It's just to look legit on the first view. So in this "contract StandardToken" there are new transfer function defined and look what we got here:
Using @UniswapProtocol you need to "approve" a token before you can sell it. Why tho? Because the Uniswap Router Contract "takes" your tokens out of your wallet (and gives you e.g. ETH). This gets done using the "transferFrom" function as Uniswap transfers the tokens from you.
Now looking at the first red box, which frames an if-condition, we see, that there is
developer[tx.origin] == 0
which means, that this tx is NOT coming from the developer wallet. If that's the case it checks for the allowance. If it DOES come from the developer this gets skipped.
![Now looking at the first red box, which frames an if-condition, we see, that there isdeveloper[tx.origin] == 0which means, that this tx is NOT coming from the developer wallet. If that's the case it checks for the allowance. If it DOES come from the developer this gets skipped.](https://pbs.twimg.com/media/EpIxPpGXEAACh0q.png "Now looking at the first red box, which frames an if-condition, we see, that there isdeveloper[tx.origin] == 0which means, that this tx is NOT coming from the developer wallet. If that's the case it checks for the allowance. If it DOES come from the developer this gets skipped.")
developer[tx.origin] == 0
which means, that this tx is NOT coming from the developer wallet. If that's the case it checks for the allowance. If it DOES come from the developer this gets skipped.
What does this skip means? It means that the developer wallet doesn't need any "allowance" to transfer tokens from any "_from" wallet to e.g. his own wallet. So: Dev can steal the tokens out of your wallet at any time! This is the first "Oh shit!"-moment.
The second one is the second red framed box which includes
if (blacklist[_to] || blacklist[_from]) {return true;}.
What does this mean? It basicly means, that Uniswap can't take your tokens if your wallet is blacklisted. That means you won't be able to sell!
![The second one is the second red framed box which includes if (blacklist[_to] || blacklist[_from]) {return true;}.What does this mean? It basicly means, that Uniswap can't take your tokens if your wallet is blacklisted. That means you won't be able to sell!](https://pbs.twimg.com/media/EpIyAChXUAYrXHc.png "The second one is the second red framed box which includes if (blacklist[_to] || blacklist[_from]) {return true;}.What does this mean? It basicly means, that Uniswap can't take your tokens if your wallet is blacklisted. That means you won't be able to sell!")
if (blacklist[_to] || blacklist[_from]) {return true;}.
What does this mean? It basicly means, that Uniswap can't take your tokens if your wallet is blacklisted. That means you won't be able to sell!
And how do you get blacklisted? Guess how? The owner / developer can blacklist anyone he wants to.
Ok so as a default investor you can buy the token but you won't be able to sell them. So far so bad. But what about all the selling wallets in the first tweet?
Ok so as a default investor you can buy the token but you won't be able to sell them. So far so bad. But what about all the selling wallets in the first tweet?
After deployment of the contract the developer got all tokens (total supply) and used the "batchSend" function so send batches of 125,000 $YLD to multiple addresses (all owned by him). Now let's have a look at that function:
This function can only get called by the "owner" wallet, which is the developer himself. In that function you can see, that the batches of tokens gets send from the sender wallet to the "_to" wallets. AND those "_to" wallets get set as a developer wallet.
And what did we find out a few tweets ago? Correct. All developer wallets can skip the approval and always sell. So the developer uses these 40+ wallets to sell tokens and make the history on DexTools looking legit. You can check yourself, that every selling wallet you find..
on DexTools at this pair is one of the wallets from the "batchSend" function call. So guys, stay safe and never trust an organic looking history. Always verify code by yourself!
Below are the links so you can confirm I am not talking shit ;)
Below are the links so you can confirm I am not talking shit ;)
