Chads Ultimate Guide: Not Getting Rugged (Even If Liquidity is Locked & Contract Ownership is Renounced)

Fellow Chads,

Imagine the scene. Your Etherscan scraper has pulled up a newly deployed contract. The socials look professional, the medium is written in moderately comprehensible English, there’s even a rapidly filling Telegram chat. So far so good.

You delve into the contract (having learned how to examine contracts in our previous guide here) and see that liquidity is locked and contract ownership has been renounced.

Looks completely safu, right?

WRONG.

Even in situations like the one outlined above, where there are no obvious red flags, you can still find the rug pulled out from under you.

How, you may ask? Let’s delve in.

Let’s start at the top

For the purposes of our guide, let’s use this contract: ROBIN | Address 0xbf91ea4e98a1fd98fdbef8db5724d2a0e7e2e407 | Etherscan

First, let’s look at liquidity, which appears to have been locked for two months:

Liq lock: Ethereum Transaction Hash (Txhash) Details | Etherscan

We can then check ownership, which appears to have been renounced to 0xxxxdead: Ethereum Transaction Hash (Txhash) Details | Etherscan

What’s the problem?

Remember, our check above confirms that the owner cannot call any functions from the contract.

The operative word here is “owner”, since not every malicious function in a smart contract has to be called by the owner.

Let’s go back to our example contract. In this case, we can see that are functions in the that can be called by_feeAddrWallet1 “

In fact, there are various functions that can be called by this address, some of which relate to fees.

Max Fee

In this contract, there is a Max Fee that cannot be altered. However, if there was no Max Fee then the owner of this wallet could increase the transfer fee to 100%, instantly turning the previous innocuous contract into a honeypot.

SetBots

Similarly, the SetBots function (which blacklists addresses from selling) has been set to OnlyOwner, meaning that in our example this function can’t be accessed anymore. However, if this was not limited to the owner then the function could be used to manually blacklist all wallets. Again, this effectively turns the contract into a honeypot as all the contract owner needs to do then is wait for the LP lock to expire and withdraw all the funds.

TL;DR

The bottom line here is that you must always confirm which address can call critical functions.

This is likely to be a time consuming process, especially during the frenzy of a new launch. This is why it is best to follow us Chads and let us do the heavy lifting for you!

As always, make sure to follow our socials and leave your requests for future articles and other subjects you’d like us to cover.

Follow

Channel: t.me/defichads

Chat channel: t.me/chadsverify

Twitter: https://twitter.com/ChadsDefi

--

--

--

https://t.me/defichads

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Application Release 2.0.3 | FTX.com Referral Link and UX Enhancements

What to expect from Diem Coin

Announcing the EasyFi YouTube Video Making Competition Winners

NFT gaming guilds are making expensive NFTs accessible to gamers

Introducing LBT Lite — Put, A Put Option on ETH

How to Provide Liquidity on ALEX

Automata Network Price Prediction

Automata Network Price Prediction

COTI Partners With AdaSwap To Explore DEX Listing & Integration Opportunities for Djed Stablecoin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
DeFi Chads

DeFi Chads

https://t.me/defichads

More from Medium

DeFi Chads Ultimate Guide to: Staying Safu in DeFi

Houses of Rome — State of the Republic, Issue #002

10,000 YAK to rule them all; our proposal for YAK to govern ve tokens

An Overview of the Hector Finance Team