Open in app

Sign in

Write

Sign in

Chads Ultimate Guide: Not Getting Rugged (Even If Liquidity is Locked & Contract Ownership is Renounced)

DeFi Chads
3 min readMay 6, 2022

--

Fellow Chads,

Imagine the scene. Your Etherscan scraper has pulled up a newly deployed contract. The socials look professional, the medium is written in moderately comprehensible English, there’s even a rapidly filling Telegram chat. So far so good.

You delve into the contract (having learned how to examine contracts in our previous guide here) and see that liquidity is locked and contract ownership has been renounced.

Looks completely safu, right?

WRONG.

Even in situations like the one outlined above, where there are no obvious red flags, you can still find the rug pulled out from under you.

How, you may ask? Let’s delve in.

Let’s start at the top

For the purposes of our guide, let’s use this contract: ROBIN | Address 0xbf91ea4e98a1fd98fdbef8db5724d2a0e7e2e407 | Etherscan

First, let’s look at liquidity, which appears to have been locked for two months:

Liq lock: Ethereum Transaction Hash (Txhash) Details | Etherscan

We can then check ownership, which appears to have been renounced to 0xxxxdead: Ethereum Transaction Hash (Txhash) Details | Etherscan

What’s the problem?

Remember, our check above confirms that the owner cannot call any functions from the contract.

The operative word here is “owner”, since not every malicious function in a smart contract has to be called by the owner.

Let’s go back to our example contract. In this case, we can see that are functions in the that can be called by_feeAddrWallet1 “

In fact, there are various functions that can be called by this address, some of which relate to fees.

Max Fee

In this contract, there is a Max Fee that cannot be altered. However, if there was no Max Fee then the owner of this wallet could increase the transfer fee to 100%, instantly turning the previous innocuous contract into a honeypot.

SetBots

Similarly, the SetBots function (which blacklists addresses from selling) has been set to OnlyOwner, meaning that in our example this function can’t be accessed anymore. However, if this was not limited to the owner then the function could be used to manually blacklist all wallets. Again, this effectively turns the contract into a honeypot as all the contract owner needs to do then is wait for the LP lock to expire and withdraw all the funds.

TL;DR

The bottom line here is that you must always confirm which address can call critical functions.

This is likely to be a time consuming process, especially during the frenzy of a new launch. This is why it is best to follow us Chads and let us do the heavy lifting for you!

As always, make sure to follow our socials and leave your requests for future articles and other subjects you’d like us to cover.

Follow

Channel: t.me/defichads

Chat channel: t.me/chadsverify

Twitter: https://twitter.com/ChadsDefi

--

--

DeFi Chads

Written by DeFi Chads

1.8K Followers

https://t.me/defichads

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams