Overview
Risk tags are specific indicators returned by the API that identify potential security issues, fraud patterns, or risk factors. Each tag includes a severity level and description.Token Risk Tags
Tags related to token contract security and manipulation risks.| Tag | Name | Description |
|---|---|---|
is_closed_source | Closed Source | Closed-sourced contracts may hide various unknown mechanisms and are extremely risky. It might also be a fake token, since most major tokens are open sourced. |
hidden_owner | Hidden Owner | Hidden ownership is used by developers to maintain ownership ability even after abandoning ownership, and is often an indicator of malicious intent. |
is_honeypot | Honeypot | A honeypot contract may prevent sale or transfer of tokens, or non-standard code, some honeypots contain seemingly vulnerable code to lure hackers. |
classic_honeypot | Classic Honeypot | Token exhibits classic honeypot characteristics preventing normal buy/sell activity. |
honeypot_with_same_creator | Honeypot (Same Creator) | A honeypot contract created by a known honeypot creator. |
buy_tax | Buy Tax | When buying a token, a buy tax will cause the actual token value received to be less than the amount paid. An excessive buy tax may lead to heavy losses. |
sell_tax | Sell Tax | A sell tax will cause the actual value received when selling a token to be less than expected. Too much sell tax may lead to large losses. |
slippage_modifiable | Slippage Modifiable | The contract owner can modify the buy tax or sell tax of the token. Some contracts have unlimited modifiable tax rates, which would make the token untradeable. |
personal_slippage_modifiable | Personal Slippage Modifiable | The owner can modify slippage settings on a per-address basis, enabling targeted manipulation. |
is_blacklisted | Blacklisting | A blacklist function is included. The contract owner may add any address to the blacklist, preventing them from trading. |
is_whitelisted | Whitelisting | Whitelisting functionality allows specific addresses to make early transactions, tax-free, and not affected by transaction suspension. |
can_take_back_ownership | Reclaim Ownership | Ownership can be reclaimed after being abandoned, allowing risky functions to be reactivated. |
owner_change_balance | Change Balance | The owner can modify anyone’s balance, resulting in assets being changed or a massive minting and sell-off. |
is_airdrop_scam | Airdrop Scam | An airdrop scam attempts to get you to visit a fake project site and connect your wallet to steal your funds. |
trust_list | Trusted | This asset is a trusted, widely known project, and is verified as authentic. |
is_fake_token | Fake Token | This asset is an unauthentic knockoff for an existing project. |
is_true_token | Verified True Token | Token has been verified as the authentic version of the project it claims to be. |
is_scam | Scam Token | Token has been identified as a scam. |
verified_listing | Verified Listing | Token is verified on a recognized token listing platform. |
illegal_unicode | Deceptive Token | The name or symbol contains unicode characters that appear deceptively similar to letters. Often used to spoof real tokens. |
exploitation | Exploitation | This asset has been exploited in the past and may be vulnerable to future exploits. |
anti_whale_modifiable | Anti Whale Modifiable | The maximum transaction amount or token position for a single address can be modified at any time. |
is_anti_whale | Anti Whale | The contract limits the maximum transaction amount or token position, often to prevent price manipulation. |
non-transferable | Non Transferable | Tokens cannot be transferred between addresses, limiting utility and liquidity. |
not-renounce | Not Renounceable | The owner cannot renounce ownership, limiting decentralization. |
not-renounced | Not Renounced (alt) | Alternate spelling — ownership has not been renounced. |
freezeable | Freezeable | Token transfers can be frozen by a central authority, posing censorship or manipulation risk. |
freezable | Freezable (alt) | Alternate spelling — token transfers can be frozen by a central authority. |
mintable | Mintable | Tokens can be created by the minter, introducing inflationary risks if not properly controlled. |
is_mintable | Mintable (alt) | Alternate identifier — tokens can be created by the minter. |
is_burnable | Burnable | Tokens can be burned, which may be used to manipulate supply. |
mutable-metadata | Mutable Metadata | Token metadata can be modified, potentially leading to misinformation or manipulation. |
transfer_without_approval | Transfer Without Approval | Tokens can be transferred by the contract without the holder’s approval. |
privileged_burn | Privileged Burn | A privileged address can burn tokens held by other users without their consent. |
restricted_approval | Restricted Approval | The token restricts which addresses can be approved as spenders, limiting composability. |
oversupply_minting | Oversupply Minting | Minting mechanisms allow the total supply to be expanded beyond intended limits. |
trading_cooldown | Trading Cooldown | A cooldown period is enforced between trades, which may restrict normal trading activity. |
transfer_pausable | Transfer Pausable | Token transfers can be paused by a central authority. |
is_proxy | Proxy Contract | The token contract is a proxy, meaning implementation logic can be changed by the owner. |
is_upgradeable | Upgradeable | The contract is upgradeable, allowing logic changes without deploying a new contract. |
upgradeable_contract | Upgradeable Contract (alt) | Alternate identifier — the contract logic can be upgraded by a privileged role. |
access_control | Access Control | The contract uses explicit access control mechanisms that restrict certain functions to privileged addresses. |
Token Age Tags
| Tag | Name | Description |
|---|---|---|
minted-less-than-10-minutes | Token Too New | Tokens minted within 10 minutes, potentially suspicious. |
minted-less-than-1-hour | Token Too New | Tokens minted within 1 hour, potentially suspicious. |
minted-less-than-1-day | Token Too New | Tokens minted within 1 day, potentially suspicious. |
Ownership Concentration Tags
| Tag | Name | Description |
|---|---|---|
top-10-holders-own-10-percent | Unbalanced Ownership | Top 10 holders control 10% of supply. |
top-10-holders-own-20-percent | Unbalanced Ownership | Top 10 holders control 20% of supply, some concentration risk. |
top-10-holders-own-30-percent | Unbalanced Ownership | Top 10 holders control 30% of supply. |
top-10-holders-own-40-percent | Unbalanced Ownership | Top 10 holders control 40% of supply. |
top-10-holders-own-50-percent | Unbalanced Ownership | Top 10 holders control 50% of supply, moderate manipulation risk. |
top-10-holders-own-60-percent | Unbalanced Ownership | Top 10 holders control 60% of supply. |
top-10-holders-own-70-percent | Unbalanced Ownership | Top 10 holders control 70% of supply. |
top-10-holders-own-80-percent | Unbalanced Ownership | Top 10 holders control 80% of supply. |
top-10-holders-own-90-percent | Unbalanced Ownership | Top 10 holders control 90% of supply, high manipulation risk. |
top-10-holders-own-100-percent | Total Concentration | Top 10 holders control 100% of supply. |
minter-own-20-percent | Unbalanced Ownership (Minter) | Minter holds 20% of supply. |
minter-own-50-percent | Unbalanced Ownership (Minter) | Minter holds 50% of supply. |
minter-own-90-percent | Unbalanced Ownership (Minter) | Minter holds 90% of supply. |
owner-own-20-percent | Unbalanced Ownership (Owner) | Owner holds 20% of supply. |
owner-own-50-percent | Unbalanced Ownership (Owner) | Owner holds 50% of supply. |
owner-own-90-percent | Unbalanced Ownership (Owner) | Owner holds 90% of supply. |
update-authority-own-20-percent | Unbalanced Ownership (Updater) | Update authority holds 20% of supply. |
update-authority-own-50-percent | Unbalanced Ownership (Updater) | Update authority holds 50% of supply. |
update-authority-own-90-percent | Unbalanced Ownership (Updater) | Update authority holds 90% of supply. |
Rugpull Tags
| Tag | Name | Description |
|---|---|---|
minter-rugged | Minter is Rugpuller | The minter has executed a rugpull. |
minter-multiple-rugged | Minter is Repeat Rugpuller | Multiple rugpulls associated with the minter. |
owner-rugged | Owner is Rugpuller | The owner has executed a rugpull. |
owner-multiple-rugged | Owner is Repeat Rugpuller | Multiple rugpulls by the owner. |
update-authority-rugged | Updater is Rugpuller | The update authority has conducted a rugpull. |
update-authority-multiple-rugged | Updater is Repeat Rugpuller | Multiple rugpulls by update authorities. |
top-10-holders-rugged | Top Holders are Rugpullers | Top holders have executed rugpulls. |
top-10-holders-multiple-rugged | Top Holders are Repeat Rugpullers | Top holders have executed multiple rugpulls. |
Associated Risk Tags (Minter)
| Tag | Name | Description |
|---|---|---|
minter-hacker | Minter is Hacker | The minter has been compromised by hackers. |
minter-ofac | Minter is Sanctioned | Minter involved with OFAC-sanctioned entities. |
minter-drainer | Minter is Drainer | The minter is draining funds or assets. |
minter-mixer | Minter is Mixer | Minter involved in mixing/tumbling schemes. |
minter-fixedfloat | Minter Uses FixedFloat | Minter has unusual FixedFloat exchange volume. |
minter-simpleswap | Minter Uses SimpleSwap | Minter has unusual SimpleSwap exchange volume. |
minter-fundflow-hacker | Minter Funds Hackers | Minter fund flow linked to hackers. |
minter-fundflow-ofac | Minter Funds Sanctioned | Minter fund flow involves sanctioned entities. |
minter-fundflow-drainer | Minter Funds Drainers | Minter fund flow involves drainers. |
minter-fundflow-mixer | Minter Funds Mixers | Minter fund flow involves mixers. |
minter-fundflow-fixedfloat | Minter Funds FixedFloat | Minter fund flow linked to FixedFloat. |
minter-fundflow-simpleswap | Minter Funds SimpleSwap | Minter fund flow linked to SimpleSwap. |
Associated Risk Tags (Owner)
| Tag | Name | Description |
|---|---|---|
owner-hacker | Owner is Hacker | The owner has been compromised by hackers. |
owner-ofac | Owner is Sanctioned | Owner involved with OFAC-sanctioned entities. |
owner-drainer | Owner is Drainer | The owner is draining funds or assets. |
owner-mixer | Owner is Mixer | Owner involved in mixing/tumbling schemes. |
owner-fixedfloat | Owner Uses FixedFloat | Owner has unusual FixedFloat exchange volume. |
owner-simpleswap | Owner Uses SimpleSwap | Owner has unusual SimpleSwap exchange volume. |
owner-fundflow-hacker | Owner Funds Hackers | Owner fund flow linked to hackers. |
owner-fundflow-ofac | Owner Funds Sanctioned | Owner fund flow involves sanctioned entities. |
owner-fundflow-drainer | Owner Funds Drainers | Owner fund flow involves drainers. |
owner-fundflow-mixer | Owner Funds Mixers | Owner fund flow involves mixers. |
owner-fundflow-fixedfloat | Owner Funds FixedFloat | Owner fund flow linked to FixedFloat. |
owner-fundflow-simpleswap | Owner Funds SimpleSwap | Owner fund flow linked to SimpleSwap. |
Associated Risk Tags (Update Authority)
| Tag | Name | Description |
|---|---|---|
update-authority-hacker | Updater is Hacker | Update authority compromised by hackers. |
update-authority-ofac | Updater is Sanctioned | Update authority involved with sanctioned entities. |
update-authority-drainer | Updater is Drainer | Update authority is draining funds. |
update-authority-mixer | Updater is Mixer | Update authority involved in mixing schemes. |
update-authority-fixedfloat | Updater Uses FixedFloat | Update authority has unusual FixedFloat exchange volume. |
update-authority-simpleswap | Updater Uses SimpleSwap | Update authority has unusual SimpleSwap exchange volume. |
update-authority-fundflow-hacker | Updater Funds Hackers | Update authority fund flow linked to hackers. |
update-authority-fundflow-ofac | Updater Funds Sanctioned | Update authority fund flow involves sanctioned entities. |
update-authority-fundflow-drainer | Updater Funds Drainers | Update authority fund flow involves drainers. |
update-authority-fundflow-mixer | Updater Funds Mixers | Update authority fund flow involves mixers. |
update-authority-fundflow-fixedfloat | Updater Funds FixedFloat | Update authority fund flow linked to FixedFloat. |
update-authority-fundflow-simpleswap | Updater Funds SimpleSwap | Update authority fund flow linked to SimpleSwap. |
Associated Risk Tags (Top Holders)
| Tag | Name | Description |
|---|---|---|
top-10-holders-hacker | Top Holders are Hackers | Top holders may be hackers. |
top-10-holders-ofac | Top Holders are Sanctioned | Top holders involved with sanctioned entities. |
top-10-holders-drainer | Top Holders are Drainers | Top holders involved in draining funds. |
top-10-holders-mixer | Top Holders are Mixers | Top holders involved in mixing/tumbling schemes. |
top-10-holders-fixedfloat | Top Holders Use FixedFloat | Top holders have unusual FixedFloat exchange volume. |
top-10-holders-simpleswap | Top Holders Use SimpleSwap | Top holders have unusual SimpleSwap exchange volume. |
top-10-holders-fundflow-hacker | Top Holders Fund Hackers | Top holders fund flow linked to hackers. |
top-10-holders-fundflow-ofac | Top Holders Fund Sanctioned | Top holders fund flow involves sanctioned entities. |
top-10-holders-fundflow-drainer | Top Holders Fund Drainers | Top holders fund flow involves drainers. |
top-10-holders-fundflow-mixer | Top Holders Fund Mixers | Top holders fund flow involves mixers. |
top-10-holders-fundflow-fixedfloat | Top Holders Fund FixedFloat | Top holders fund flow linked to FixedFloat. |
top-10-holders-fundflow-simpleswap | Top Holders Fund SimpleSwap | Top holders fund flow linked to SimpleSwap. |
Market Data & Liquidity Risks
Tags that flag abnormal market conditions, price behavior, or insufficient liquidity.| Tag | Name | Description |
|---|---|---|
volatility | High Volatility | 24-hour price change dropped below −70%, or the spread between the all-time high and all-time low within a single day exceeds 70%. Indicates extreme price instability. |
market_cap | Market Cap Risk | Token has an unusually low or suspicious market capitalization relative to its trading activity. |
is_in_dex | Listed on DEX | Token is actively listed and tradeable on a decentralized exchange. |
cannot_buy | Cannot Buy | Token cannot be purchased on-chain, consistent with a honeypot or broken contract. |
low-liquidity | Low Liquidity | Overall liquidity for the token is below a safe threshold, increasing slippage and exit risk. |
low-pool-liquidity | Low Pool Liquidity | The primary liquidity pool has insufficient depth to support normal trading. |
low-holder-count | Low Holder Count | Very few unique addresses hold the token, increasing concentration and manipulation risk. |
token-too-new | Token Too New | Token was launched very recently, with insufficient trading history to assess risk. |
extreme-holder-concentration | Extreme Holder Concentration | An extreme proportion of supply is concentrated in very few addresses. |
first-buyer-dominance | First Buyer Dominance | The earliest buyers hold a disproportionate share of supply, suggesting coordinated accumulation. |
missing-sniper-analysis | Missing Sniper Analysis | Sniper/bot activity data is unavailable for this token. |
high_concentration_risk | High Concentration Risk | Supply is concentrated in a small number of addresses at a level that poses significant manipulation risk. |
suspicious_accumulation | Suspicious Accumulation | Accumulation patterns in wallet activity suggest coordinated or manipulative buying behavior. |
Liquidity / LP Analysis Tags
Tags that describe the structure and health of the token’s liquidity pool positions.| Tag | Name | Description |
|---|---|---|
unlocked-liquidity | Unlocked Liquidity | Liquidity pool tokens are not locked, meaning the creator can remove liquidity at any time. |
lp_holder_count | LP Holder Count | Informational — the number of unique addresses holding liquidity pool tokens. |
low-lp-holder-count | Low LP Holder Count | Very few addresses hold LP tokens, concentrating liquidity control. |
lp_total_supply | LP Total Supply | Informational — the total supply of liquidity pool tokens. |
lp-whale-concentration | LP Whale Concentration | A small number of addresses hold a dominant share of liquidity pool tokens. |
creator_balance | Creator Balance | Informational — the current token balance held by the creator address. |
creator_percent | Creator Percent | Informational — the percentage of total supply held by the creator. |
owner_balance | Owner Balance | Informational — the current token balance held by the owner address. |
owner_percent | Owner Percent | Informational — the percentage of total supply held by the owner address. |
Address Risk Tags
Tags related to wallet address behavior and associations.| Tag | Name | Description |
|---|---|---|
drainer | Drainer | Address related to drainer activity that automates draining assets. |
hacker | Hacker | Address associated with hacking or at risk of being a hacker. |
mixer | Mixer | Coin mixer address. Interacting may result in your address being flagged. |
sanctioned | Sanctioned | Sanctioned activity reported by world authorities. |
cybercrime | Cybercrime | Address has committed cybercrimes reported by authorities. |
financial_crime | Financial Crime | Connected with financial crime. Avoid DEX interaction. |
stealing_attack | Theft | Involved in theft. Do not send anything to this address. |
money_laundering | Money Laundering | Involved in money laundering and may be attached to criminal activity. |
phishing_activities | Phishing | Involved in phishing activities. Proceed with extreme caution. |
blackmail_activities | Blackmail | Potentially involved in illegal blackmail activity. |
darkweb_transactions | Darkweb | Spotted interacting with darkweb actors. |
honeypot_related_address | Honeypot | Honeypot address that traps unsuspecting wallets. |
malicious_mining_activities | Malicious Miner | Miner that has performed malicious mining and AMM activity. |
number_of_malicious_contracts_created | Malicious Contracts | Associated with malicious smart contracts. Avoid at all costs. |
fake_kyc | KYC Fail | Fails to meet KYC standards (too new, too few transactions). |
blacklist_doubt | Possible Blacklist | Reported numerous times as dangerous. Proceed with caution. |
wash_trading | Wash Trading | Address has exhibited wash trading behavior, inflating apparent transaction volume. |
automated_trading | Automated Trading | Address behavior is consistent with automated or bot-driven trading. |
deployed_high_volatility_token | Deployed High Volatility Token | Address has previously deployed tokens that exhibited extreme price volatility. |
fund_flow_issues | Fund Flow Issues | Address fund flow patterns raise concerns about the source or destination of funds. |
address_poisoning | Address Poisoning | Address has been involved in address poisoning attacks, sending look-alike transactions to mislead users. |
spam | Spam | Address is associated with spam token or transaction activity. |
spam_domain | Spam Domain | Address is linked to a domain associated with spam or scam operations. |
associated_hacker | Associated with Hacker | Address has fund flow connections to known hacker addresses. |
associated_drainer | Associated with Drainer | Address has fund flow connections to known drainer addresses. |
associated_mixer | Associated with Mixer | Address has fund flow connections to known mixer addresses. |
associated_sanctioned | Associated with Sanctioned | Address has fund flow connections to sanctioned entities. |
associated_tornado | Associated with Tornado Cash | Address has fund flow connections to Tornado Cash. |
tornado | Tornado Cash | Address has directly interacted with Tornado Cash. |
Sanctions Compliance Tags
Tags that indicate an address is subject to formal sanctions or stablecoin issuer denylists.The
sanctioned tag appears in both Address Risk Tags and here. When you see it under sanctions compliance context, it specifically reflects OFAC or other regulatory lists.| Tag | Name | Description |
|---|---|---|
ofac_sanctioned | OFAC Sanctioned | Address is on the U.S. Treasury OFAC Specially Designated Nationals list. |
open_sanctions | OpenSanctions | Address appears in the OpenSanctions database, covering international regulatory and law enforcement lists. |
usdt_banned | USDT Banned | Address is on the Tether (USDT) issuer’s denylist and cannot transact in that stablecoin. |
usdc_banned | USDC Banned | Address is on the Circle (USDC) issuer’s denylist and cannot transact in that stablecoin. |
eurc_banned | EURC Banned | Address is on the EURC issuer’s denylist and cannot transact in that stablecoin. |
busd_banned | BUSD Banned | Address is on the BUSD issuer’s denylist and cannot transact in that stablecoin. |
pyusd_banned | PYUSD Banned | Address is on the PayPal USD (PYUSD) issuer’s denylist and cannot transact in that stablecoin. |
usdp_banned | USDP Banned | Address is on the Pax Dollar (USDP) issuer’s denylist and cannot transact in that stablecoin. |
Contract Risk Tags
Tags related to smart contract vulnerabilities and security issues.Reentrancy Vulnerabilities
| Tag | Name | Description |
|---|---|---|
reentrancy_with_eth_transfer | Reentrancy With ETH Transfer | Allows reentrancy attacks capable of withdrawing more ETH than deposited. |
reentrancy_without_eth_transfer | Reentrancy Without ETH Transfer | Vulnerable to reentrancy attacks on token transfers. |
reentrancy_same_effect | Reentrancy | Vulnerable to reentrancy attacks. |
reentrancy | Reentrancy (General) | General reentrancy vulnerability detected in the contract. |
reentrancy_no_eth | Reentrancy (No ETH) | Reentrancy vulnerability that does not involve ETH transfers. |
pess_readonly_reentrancy | Readonly Reentrancy | Getter functions return values that could be manipulated during execution. |
Price Manipulation
| Tag | Name | Description |
|---|---|---|
price_manipulation_high | High Price Manipulation Risk | Contract has logic with high potential for price manipulation. |
price_manipulation_medium | Medium Price Manipulation Risk | Contract has logic with moderate potential for price manipulation. |
price_manipulation_low | Low Price Manipulation Risk | Contract has logic with low potential for price manipulation. |
Front Running
| Tag | Name | Description |
|---|---|---|
front_running_high | High Front Running Risk | Contract logic could be subject to front running. |
front_running_medium | Medium Front Running Risk | Contract logic could be subject to front running. |
front_running_low | Low Front Running Risk | Contract logic could be subject to front running. |
Centralization Risks
| Tag | Name | Description |
|---|---|---|
centralized_risk_high | High Centralization Risk | Contract may have drainer-like logic. |
centralized_risk_medium | Medium Centralization Risk | Contract may have drainer-like logic. |
centralized_risk_low | Minor Centralization Risk | Contract may have drainer-like logic. |
Minting Risks
| Tag | Name | Description |
|---|---|---|
mint_high | High Arbitrary Minting Risk | Logic could be manipulated to arbitrarily mint tokens. |
mint_low | Low Arbitrary Minting Risk | Logic could be manipulated to arbitrarily mint tokens. |
burn | Arbitrary Burning Risk | Logic could be manipulated to arbitrarily burn tokens. |
Integer Issues
| Tag | Name | Description |
|---|---|---|
integer_overflow | Integer Overflow | Contract susceptible to integer overflow. |
integer_underflow | Integer Underflow | Contract susceptible to integer underflow. |
detect_integer_underflow | Detected Integer Underflow | Static analysis detected a potential integer underflow condition. |
Unchecked Operations
| Tag | Name | Description |
|---|---|---|
unchecked_lowlevel | Unchecked Low Level Call | Return value of low level call not checked. |
unchecked_send | Unchecked Send | Return value of send not checked. |
unchecked_transfer | Unchecked Transfer | Return value of transfer not checked. |
Self Destruct
| Tag | Name | Description |
|---|---|---|
selfdestruct | Self Destruct | Contract is self destructible. All functions become unavailable and assets erased. Susceptible to rug-pulls. |
suicidal | Self Destruct (alt) | Contract is self destructible. |
Arbitrary Operations
| Tag | Name | Description |
|---|---|---|
arbitrary_send_erc20 | Arbitrary Send ERC20 | Approval allows attacker to take tokens directly to their wallet. |
arbitrary_send_erc20_permit | Arbitrary Send ERC20 with Permit | TransferFrom allows attacker to transfer all approved tokens. |
arbitrary_send_eth | Arbitrary Send ETH | Unprotected call sending ETH to arbitrary address. |
arbitrary_transfer_from | Arbitrary Transfer From | Contract can execute transferFrom to an arbitrary address without proper authorization. |
arbitrary_transfer_to | Arbitrary Transfer To | Contract can transfer tokens to an arbitrary destination address. |
Signature Issues
| Tag | Name | Description |
|---|---|---|
SWC_117 | Signature Malleability | Signature could be reused in unauthorized ways. See SWC Registry Codes for full details. |
SWC_121 | Replay Attack Vulnerability | Attackers can reuse your signature. See SWC Registry Codes. |
SWC_122 | Lack of Signature Verification | Missing proper signature verification. See SWC Registry Codes. |
pess_ecrecover | ECRecover Issue | Ecrecover returns 0 on error, must check result. |
digital_sig | Digital Signature Issue | Contract has a digital signature implementation issue that may allow signature reuse or bypass. |
Storage & State Issues
| Tag | Name | Description |
|---|---|---|
uninitialized_state | Uninitialized State | State variables are uninitialized. |
uninitialized_storage | Uninitialized Storage | Storage variables are uninitialized. |
uninitialized_local | Uninitialized Local | Local variables are used before being initialized. |
state_variable_not_initialized | State Variable Not Initialized | A state variable is declared but never initialized, which may lead to unexpected default values. |
storage_array | Storage Array Issue | Improper handling of a storage array that may allow unintended data modification. |
protected_vars | Protected Variables | Variables are marked as protected in a way that may be bypassable. |
unprotected_upgrade | Unprotected Upgrade | Contract can be self destructed and funds withdrawn. |
SWC_124 | Arbitrary Storage Write | Attacker can write to arbitrary storage locations. See SWC Registry Codes. |
locked_ether | Locked Ether | Contract takes payment but has no withdraw function. |
Access Control
| Tag | Name | Description |
|---|---|---|
controlled_delegatecall | Controlled Delegatecall | Attacker can delegate to malicious contract. |
delegatecall_loop | Delegatecall Loop | Logic could be harmful on repeat. |
pess_unprotected_initialize | Unprotected Initialize | Initialize could be hijacked by attacker. |
pess_unprotected_setter | Unprotected Setter | Setter changes parameters without protection. |
pess_call_forward_to_protected | Call Forward to Protected | Low level calls to custom address could bypass access control. |
Other Contract Vulnerabilities
| Tag | Name | Description |
|---|---|---|
weak_prng | Weak PRNG | Randomness generation is weak and could be gamed by miners. |
rtlo | Right To Left Override | Unicode characters used to manipulate contract logic. No legitimate use case. |
shadowing_state | Shadowing State | Variable naming prevents setting certain variables. |
encode_packed_collision | Encode Packed Collision | Possibility of collisions overwriting data. |
incorrect_shift | Incorrect Shift | Incorrectly using bitshifting. |
k_value_error | K Value Error | K value error in swap/mint/burn functions. |
missing_zero_check | Missing Zero Check | No check for zero address, potentially bricking contract. |
pess_token_fallback | Token Fallback | Fallback function indicates potential reentrancy. |
pess_double_entry_token_alert | Double Entry Token | Token has two entry points that may cause misfunction. |
controlled_array_length | Controlled Array Length | Array length can be resized, allowing access to critical information. |
msg_value_loop | Msg.Value in Loop | Use of msg.value inside a loop. |
timestamp | Timestamp Dependence | Contract relies on block timestamp for critical logic, which miners can manipulate slightly. |
external_call | External Call | Contract makes an external call that may introduce reentrancy or unexpected behavior. |
external_dependencies | External Dependencies | Contract depends on external contracts whose behavior could change or be compromised. |
external_function | External Function | A function is marked external where visibility may allow unintended external access. |
obsolete_calls | Obsolete Calls | Contract uses deprecated or obsolete Solidity calls or patterns. |
tx_origin | Tx.Origin Usage | Contract uses tx.origin for authorization, which can be bypassed by phishing attacks. |
mapping_deletion | Mapping Deletion | Deleting a struct containing a mapping does not clear the mapping, leaving residual data. |
divide_before_multiply | Divide Before Multiply | Division before multiplication can cause precision loss due to integer truncation. |
incorrect_equality | Incorrect Equality | Strict equality checks on values that may never match exactly, causing logic to never execute. |
incorrect_exp | Incorrect Exponentiation | Use of ^ as exponentiation (it is XOR in Solidity) rather than **. |
incorrect_return | Incorrect Return | A low-level call or assembly block has an incorrect return that may halt execution unexpectedly. |
incorrect_inheritance_order | Incorrect Inheritance Order | Contract inheritance order causes unexpected function resolution (C3 linearization issue). |
incorrect_modifier | Incorrect Modifier | A modifier does not execute the function body or placeholder, causing functions to silently do nothing. |
incorrect_constructor_name | Incorrect Constructor Name | A function named identically to the contract (old constructor pattern) may be callable by anyone. |
immutable_states | Immutable States | State variables that should be immutable are not declared as such, increasing risk of unintended mutation. |
tautology | Tautology | Contract contains a condition that is always true or always false. |
tautological_compare | Tautological Compare | A comparison is tautological — always evaluates the same way regardless of input. |
write_after_write | Write After Write | A variable is written twice without being read in between, making the first write useless. |
boolean_cst | Boolean Constant | Contract uses boolean constants (true/false) in conditions, indicating dead code or logic errors. |
calls_loop | Calls in Loop | External calls inside loops can cause denial-of-service or unbounded gas consumption. |
var_read_using_this | Var Read Using This | Contract reads a variable using this. which triggers an external call instead of an internal read. |
unused_return | Unused Return | Return value of a function call is ignored, potentially missing error signals. |
unsafe_modifier | Unsafe Modifier | A modifier is used in an unsafe way that may not properly gate access to a function. |
unintended_arbitrage | Unintended Arbitrage | Contract logic creates unintended arbitrage opportunities due to price or state inconsistencies. |
name_reused | Name Reused | A contract, event, or variable name is reused in a way that causes shadowing or ambiguity. |
multiple_constructors | Multiple Constructors | Contract defines multiple constructors, which may cause undefined initialization behavior. |
public_mappings_nested | Public Nested Mappings | Nested public mappings can expose internal state in ways that conflict with expected encapsulation. |
reusing_state_variable | Reusing State Variable | A state variable is reused for multiple purposes, which can introduce unexpected state corruption. |
assembly | Inline Assembly | Contract uses inline assembly, which bypasses Solidity safety checks and requires careful auditing. |
event_setter | Event Setter | Events are emitted in setters without corresponding state changes, which may mislead monitoring tools. |
events_maths | Events Maths | Arithmetic operations are performed in event emissions, which may not reflect actual state changes. |
for_dos | For Loop DoS | A for loop iterates over an unbounded array, enabling denial-of-service by filling the array. |
domain_separator_collision | Domain Separator Collision | The EIP-712 domain separator may collide with another contract, enabling cross-contract signature replay. |
erc721_interface | ERC721 Interface Issue | Contract does not correctly implement the ERC-721 interface, which may break integrations. |
shadowing_local | Shadowing Local | A local variable shadows a state variable or parameter, leading to incorrect value reads. |
shadowing_abstract | Shadowing Abstract | A variable or function shadows an abstract declaration, causing unexpected override behavior. |
shadowing_builtin | Shadowing Builtin | A variable or function name shadows a Solidity built-in (e.g., now, assert). |
encode_packed_parameters | Encode Packed Parameters | abi.encodePacked is used with multiple dynamic types, risking hash collisions. |
array_by_reference | Array By Reference | Array is passed by reference where a copy is expected, causing unintended state mutations. |
abiencoderv2_array | ABIEncoderV2 Array | A struct or array is used with ABIEncoderV2 in a way that may trigger encoding bugs in older compilers. |
codex | Codex Analysis Finding | An issue was detected via Codex-based AI code analysis. |
return_leave | Return Leave | A leave statement is used in Yul assembly as a return, which may have unintended control flow. |
Pessimistic Analysis Detectors
The following tags come from the Pessimistic Security detector suite and represent additional static analysis findings.| Tag | Description |
|---|---|
pess_arbitrary_call | An arbitrary external call is made to a user-controlled address without restriction. |
pess_arbitrary_call_calldata_tainted | An external call is made with calldata that is tainted by user-controlled input. |
pess_arbitrary_call_destination_tainted | The destination of an external call is tainted by user-controlled input. |
pess_arbitrary_call_with_stored_erc20_approves | An arbitrary call is made using stored ERC-20 approvals, which could drain approved tokens. |
pess_aave_flashloan_callback | The Aave flashloan callback is callable by anyone, not just the Aave lending pool. |
pess_before_token_transfer | The _beforeTokenTransfer hook contains logic that may cause unexpected behavior. |
pess_dubious_typecast | A type cast is performed that may silently truncate or corrupt data. |
pess_event_setter | An event is emitted in a setter function in a way that does not accurately reflect state changes. |
pess_for_continue_increment | A continue statement inside a for loop skips the increment, potentially creating an infinite loop. |
pess_inconsistent_nonreentrant | The nonReentrant modifier is applied inconsistently across related functions. |
pess_magic_number | Contract uses unexplained magic numbers (literal constants) with no named constant or comment. |
pess_multiple_storage_read | The same storage slot is read multiple times in a single function without caching, wasting gas. |
pess_nft_approve_warning | An NFT approval is given to a potentially untrusted address, risking unauthorized transfers. |
pess_only_eoa_check | Contract checks whether caller is an EOA using tx.origin == msg.sender, which can be bypassed in certain contexts. |
pess_only_eoa_modifier | A modifier restricts access to EOAs only, which may conflict with contract-based interactions. |
pess_public_vs_external | A function is declared public but only called externally, using more gas than necessary. |
pess_strange_setter | A setter function sets a value that does not appear to be used, suggesting dead code or logic error. |
pess_timelock_controller | A timelock controller is present but may be misconfigured or bypassable. |
pess_tx_gasprice | Contract uses tx.gasprice in a way that may introduce miner-manipulable logic. |
pess_uni_v2 | Contract interacts with Uniswap V2 in a potentially unsafe way, such as without slippage protection. |
SWC Registry Codes
See the Smart Contract Weakness Classification Registry for full details on each weakness.| Tag | Title | Description |
|---|---|---|
SWC_108 | State Variable Default Visibility | State variables without explicit visibility default to internal, which may expose unintended access patterns. |
SWC_109 | Uninitialized Storage Pointer | Uninitialized local storage pointer points to unexpected storage slot. |
SWC_111 | Use of Deprecated Solidity Functions | Contract uses functions deprecated in newer Solidity versions (e.g., throw, sha3). |
SWC_112 | Delegatecall to Untrusted Callee | delegatecall is made to an address controlled by external input. |
SWC_113 | DoS with Failed Call | A failed external call inside a loop or aggregation function can block all users. |
SWC_114 | Transaction Order Dependence | Contract behavior depends on transaction ordering, enabling front-running. |
SWC_115 | Authorization through tx.origin | Uses tx.origin for authorization, bypassable by phishing via an intermediary contract. |
SWC_116 | Block values as a proxy for time | Block timestamp or number is used as a time source, manipulable by miners within limits. |
SWC_117 | Signature Malleability | ECDSA signatures can be made malleable, enabling replay with different but valid values. |
SWC_118 | Incorrect Constructor Name | Constructor function uses the old-style naming convention, making it callable as a regular function. |
SWC_119 | Shadowing State Variables | State variable in a derived contract shadows a variable in the base contract. |
SWC_120 | Weak Sources of Randomness | Randomness relies on miner-controllable values such as block hash or timestamp. |
SWC_121 | Missing Protection against Signature Replay Attacks | Signed messages can be replayed without a nonce or expiry check. |
SWC_122 | Lack of Proper Signature Verification | Signature verification is absent or improperly implemented, allowing unauthorized operations. |
SWC_123 | Requirement Violation | A require condition is violated under reachable conditions, indicating a logic flaw. |
SWC_124 | Write to Arbitrary Storage Location | Attacker can write to an arbitrary storage slot, overwriting critical contract data. |
SWC_125 | Incorrect Inheritance Order | Multiple inheritance with an incorrect order causes unexpected function resolution. |
SWC_126 | Insufficient Gas Griefing | Forwarding insufficient gas to a sub-call causes it to fail while the outer call succeeds. |
SWC_127 | Arbitrary Jump with Function Type Variable | A function-type variable can be set to an arbitrary jump destination. |
SWC_128 | DoS with Block Gas Limit | Operation on a large unbounded data structure can exceed the block gas limit, causing DoS. |
SWC_129 | Typographical Error | A typographical error in an operator (e.g., =+ instead of +=) causes silent logic bugs. |
SWC_130 | Right-To-Left-Override Control Character | The RTLO unicode character is used to misrepresent code or file names. |
Wallet History Tags
Tags related to wallet age and activity.| Tag | Name | Description |
|---|---|---|
insufficient_wallet_age | Insufficient Age | Wallet is too new to pass KYW (Know Your Wallet) criteria. May indicate malicious creation. |
insufficient_wallet_balance | Insufficient Balance | Balance is below KYW criteria. May indicate a new wallet. |
insufficient_wallet_transactions | Insufficient Transactions | Too few transactions to pass KYW criteria. |
Developer / Migration Risk Tags
Tags that describe the historical behavior of a token’s developer across platforms and deployments.| Tag | Name | Description |
|---|---|---|
serial_launcher | Serial Launcher | Developer has launched a high volume of tokens across their history. |
serial_rugger | Serial Rugger | Developer has a history of abandoning or rugpulling tokens they deploy. |
platform_hopper | Platform Hopper | Developer repeatedly migrates between launchpad platforms, often to escape negative reputation. |
cross_platform_developer | Cross Platform Developer | Developer is active across multiple launchpad platforms simultaneously. |
multi_platform_active | Multi Platform Active | Developer currently has active tokens on multiple platforms at the same time. |
recent_platform_switch | Recent Platform Switch | Developer recently switched to a new platform, which may indicate reputation-washing. |
high_graduation_rate | High Graduation Rate | Developer has a strong track record of tokens graduating to mainnet trading (positive signal). |
low_graduation_rate | Low Graduation Rate | Developer’s tokens rarely graduate to mainnet trading, suggesting low-quality or abandoned projects. |
pump_and_dump_pattern | Pump and Dump Pattern | Developer’s token history matches patterns consistent with coordinated pump and dump schemes. |
Stablecoin Depeg Risk Tags
Tags that indicate a stablecoin is showing signs of losing its peg. For usage guidance and integration patterns, see the stablecoin depeg monitoring guide.| Tag | Name | Description |
|---|---|---|
depeg_price_deviation | Price Deviation | Stablecoin price has deviated from its peg by a notable margin. |
depeg_persistent_deviation | Persistent Deviation | Price deviation from peg has persisted over an extended time window. |
depeg_severe_persistent_deviation | Severe Persistent Deviation | Price deviation is large and has persisted over an extended time window, indicating serious depeg risk. |
depeg_low_liquidity | Low Liquidity | Stablecoin liquidity has fallen to a level that may impair peg maintenance. |
depeg_no_liquidity | No Liquidity | Stablecoin has effectively no on-chain liquidity remaining. |
depeg_liquidity_decay | Liquidity Decay | Liquidity for the stablecoin is declining over time, increasing depeg pressure. |
depeg_volatility_burst | Volatility Burst | Short-term price volatility has spiked significantly, inconsistent with a stable asset. |
depeg_oracle_divergence | Oracle Divergence | The on-chain price oracle is diverging from market prices. |
depeg_price_source_disagreement | Price Source Disagreement | Multiple price sources disagree on the stablecoin’s current price. |
depeg_cross_chain_spread | Cross-Chain Spread | Significant price spread exists between the stablecoin on different chains. |
depeg_volume_anomaly | Volume Anomaly | Trading volume is abnormally high, often a signal of panic selling or depeg arbitrage. |
depeg_max_drawdown | Max Drawdown | The stablecoin has reached a maximum drawdown from its peg within the observed window. |
Chain-Specific Tags
Solana
| Tag | Name | Description |
|---|---|---|
impersonator | Impersonator | Someone is impersonating an entity related to the token. |
known-malicious-token | Known Malicious Token | Token is recognized as malicious. |
mutable-metadata | Mutable Metadata | Token metadata can be modified. |
has_been_sniped | Has Been Sniped | Token launch was targeted by sniper bots at or immediately after creation. |
has_been_bundled | Has Been Bundled | Token was launched using a bundle of transactions, a technique associated with insider accumulation. |
bundled_token | Bundled Token | Token is identified as having been distributed or launched via a bundled transaction pattern. |
TON
| Tag | Name | Description |
|---|---|---|
is_nonstandard_jetton | Non-standard Jetton | Jetton does not follow standard implementation. |
is_nonstandard_jetton_wallet | Non-standard Jetton Wallet | Jetton wallet does not follow standard implementation. |
Sui
| Tag | Name | Description |
|---|---|---|
is_currency_standard | Currency Standard | Token conforms to the Sui currency standard (positive signal). |
not_currency_standard | Not Currency Standard | Token does not conform to the Sui currency standard, which may indicate custom or non-standard behavior. |
Stellar
See Stellar Risk Tags forstellar-* tags including clawback, malicious account, and unsafe issuer detection.
Hedera
See Hedera Risk Tags forhedera-* tags including admin keys, fees, and pause status.
Vaults (ERC-4626)
See Vault Risk Tags forvault-* tags covering governance, liquidity, performance, and protocol-specific risks.
Special Flags
These tags are set by manual review or system-level processes and indicate exceptional risk conditions.| Tag | Description |
|---|---|
DPRK | Address or entity has been linked to DPRK (North Korea)-affiliated threat actors. |
HACK | Address has been directly involved in a known hack or exploit event. |
flagged | Address or asset has been manually flagged by the Webacy risk team for review or elevated risk. |
contract | The address is identified as a smart contract rather than an externally owned account (EOA). |
Report Tags
| Tag | Name | Description |
|---|---|---|
valid_report | Reported | This address or contract has been reported by the community. |
Informational Tags
Informational tags provide metadata about a project but do NOT indicate a security risk.
| Tag | Description |
|---|---|
paid-info | This result includes additional data available through a paid or enriched data tier. |