Documentation Index
Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Risk tags are specific indicators returned by the API that identify potential security issues, fraud patterns, or risk factors. Each tag includes a severity level and description.
Use the modules parameter to filter which risk tags are analyzed for your specific use case.
Tags related to token contract security and manipulation risks.
| Tag | Name | Description |
|---|
is_closed_source | Closed Source | Closed-sourced contracts may hide various unknown mechanisms and are extremely risky. It might also be a fake token, since most major tokens are open sourced. |
hidden_owner | Hidden Owner | Hidden ownership is used by developers to maintain ownership ability even after abandoning ownership, and is often an indicator of malicious intent. |
is_honeypot | Honeypot | A honeypot contract may prevent sale or transfer of tokens, or non-standard code, some honeypots contain seemingly vulnerable code to lure hackers. |
honeypot_with_same_creator | Honeypot | A honeypot contract may prevent sale or transfer of tokens, created by a known honeypot creator. |
buy_tax | Buy Tax | When buying a token, a buy tax will cause the actual token value received to be less than the amount paid. An excessive buy tax may lead to heavy losses. |
sell_tax | Sell Tax | A sell tax will cause the actual value received when selling a token to be less than expected. Too much sell tax may lead to large losses. |
slippage_modifiable | Slippage Modifiable | The contract owner can modify the buy tax or sell tax of the token. Some contracts have unlimited modifiable tax rates, which would make the token untradeable. |
is_blacklisted | Blacklisting | A blacklist function is included. The contract owner may add any address to the blacklist, preventing them from trading. |
is_whitelisted | Whitelisting | Whitelisting functionality allows specific addresses to make early transactions, tax-free, and not affected by transaction suspension. |
can_take_back_ownership | Reclaim Ownership | Ownership can be reclaimed after being abandoned, allowing risky functions to be reactivated. |
owner_change_balance | Change Balance | The owner can modify anyone’s balance, resulting in assets being changed or a massive minting and sell-off. |
is_airdrop_scam | Airdrop Scam | An airdrop scam attempts to get you to visit a fake project site and connect your wallet to steal your funds. |
trust_list | Trusted | This asset is a trusted, widely known project, and is verified as authentic. |
is_fake_token | Fake Token | This asset is an unauthentic knockoff for an existing project. |
illegal_unicode | Deceptive Token | The name or symbol contains unicode characters that appear deceptively similar to letters. Often used to spoof real tokens. |
exploitation | Exploitation | This asset has been exploited in the past and may be vulnerable to future exploits. |
anti_whale_modifiable | Anti Whale Modifiable | The maximum transaction amount or token position for a single address can be modified at any time. |
is_anti_whale | Anti Whale | The contract limits the maximum transaction amount or token position, often to prevent price manipulation. |
non-transferable | Non Transferable | Tokens cannot be transferred between addresses, limiting utility and liquidity. |
not-renounce | Not Renouncable | The owner cannot renounce ownership, limiting decentralization. |
freezeable | Freezeable | Token transfers can be frozen by a central authority, posing censorship or manipulation risk. |
mintable | Mintable | Tokens can be created by the minter, introducing inflationary risks if not properly controlled. |
mutable-metadata | Mutable Metadata | Token metadata can be modified, potentially leading to misinformation or manipulation. |
| Tag | Name | Description |
|---|
minted-less-than-10-minutes | Token Too New | Tokens minted within 10 minutes, potentially suspicious. |
minted-less-than-1-hour | Token Too New | Tokens minted within 1 hour, potentially suspicious. |
minted-less-than-1-day | Token Too New | Tokens minted within 1 day, potentially suspicious. |
| Tag | Name | Description |
|---|
top-10-holders-own-90-percent | Unbalanced Ownership | Top 10 holders control 90% of supply, high manipulation risk. |
top-10-holders-own-50-percent | Unbalanced Ownership | Top 10 holders control 50% of supply, moderate manipulation risk. |
top-10-holders-own-20-percent | Unbalanced Ownership | Top 10 holders control 20% of supply, some concentration risk. |
minter-own-90-percent | Unbalanced Ownership (Minter) | Minter holds 90% of supply. |
minter-own-50-percent | Unbalanced Ownership (Minter) | Minter holds 50% of supply. |
minter-own-20-percent | Unbalanced Ownership (Minter) | Minter holds 20% of supply. |
owner-own-90-percent | Unbalanced Ownership (Owner) | Owner holds 90% of supply. |
owner-own-50-percent | Unbalanced Ownership (Owner) | Owner holds 50% of supply. |
owner-own-20-percent | Unbalanced Ownership (Owner) | Owner holds 20% of supply. |
update-authority-own-90-percent | Unbalanced Ownership (Updater) | Update authority holds 90% of supply. |
update-authority-own-50-percent | Unbalanced Ownership (Updater) | Update authority holds 50% of supply. |
update-authority-own-20-percent | Unbalanced Ownership (Updater) | Update authority holds 20% of supply. |
| Tag | Name | Description |
|---|
minter-rugged | Minter is Rugpuller | The minter has executed a rugpull. |
minter-multiple-rugged | Minter is Repeat Rugpuller | Multiple rugpulls associated with the minter. |
owner-rugged | Owner is Rugpuller | The owner has executed a rugpull. |
owner-multiple-rugged | Owner is Repeat Rugpuller | Multiple rugpulls by the owner. |
update-authority-rugged | Updater is Rugpuller | The update authority has conducted a rugpull. |
update-authority-multiple-rugged | Updater is Repeat Rugpuller | Multiple rugpulls by update authorities. |
top-10-holders-rugged | Top Holders are Rugpullers | Top holders have executed rugpulls. |
top-10-holders-multiple-rugged | Top Holders are Rugpullers | Top holders have executed multiple rugpulls. |
| Tag | Name | Description |
|---|
minter-hacker | Minter is Hacker | The minter has been compromised by hackers. |
minter-ofac | Minter is Sanctioned | Minter involved with OFAC-sanctioned entities. |
minter-drainer | Minter is Drainer | The minter is draining funds or assets. |
minter-mixer | Minter is Mixer | Minter involved in mixing/tumbling schemes. |
minter-fixedfloat | Minter is Mixer | Minter has unusual FixedFloat volume. |
minter-simpleswap | Minter is Mixer | Minter has unusual SimpleSwap volume. |
minter-fundflow-hacker | Minter Funds Hackers | Minter fund flow linked to hackers. |
minter-fundflow-ofac | Minter Funds Sanctioned | Minter fund flow involves sanctioned entities. |
minter-fundflow-drainer | Minter Funds Drainers | Minter fund flow involves drainers. |
minter-fundflow-mixer | Minter Funds Mixers | Minter fund flow involves mixers. |
| Tag | Name | Description |
|---|
owner-hacker | Owner is Hacker | The owner has been compromised by hackers. |
owner-ofac | Owner is Sanctioned | Owner involved with OFAC-sanctioned entities. |
owner-drainer | Owner is Drainer | The owner is draining funds or assets. |
owner-mixer | Owner is Mixer | Owner involved in mixing/tumbling schemes. |
owner-fundflow-hacker | Owner Funds Hackers | Owner fund flow linked to hackers. |
owner-fundflow-ofac | Owner Funds Sanctioned | Owner fund flow involves sanctioned entities. |
owner-fundflow-drainer | Owner Funds Drainers | Owner fund flow involves drainers. |
owner-fundflow-mixer | Owner Funds Mixers | Owner fund flow involves mixers. |
| Tag | Name | Description |
|---|
update-authority-hacker | Updater is Hacker | Update authority compromised by hackers. |
update-authority-ofac | Updater is Sanctioned | Update authority involved with sanctioned entities. |
update-authority-drainer | Updater is Drainer | Update authority is draining funds. |
update-authority-mixer | Updater is Mixer | Update authority involved in mixing schemes. |
update-authority-fundflow-hacker | Updater Funds Hackers | Update authority fund flow linked to hackers. |
update-authority-fundflow-ofac | Updater Funds Sanctioned | Update authority fund flow involves sanctioned entities. |
update-authority-fundflow-drainer | Updater Funds Drainers | Update authority fund flow involves drainers. |
update-authority-fundflow-mixer | Updater Funds Mixers | Update authority fund flow involves mixers. |
| Tag | Name | Description |
|---|
top-10-holders-hacker | Top Holders are Hackers | Top holders may be hackers. |
top-10-holders-ofac | Top Holders are Sanctioned | Top holders involved with sanctioned entities. |
top-10-holders-drainer | Top Holders are Drainers | Top holders involved in draining funds. |
top-10-holders-fundflow-hacker | Top Holders Fund Hackers | Top holders fund flow linked to hackers. |
top-10-holders-fundflow-ofac | Top Holders Fund Sanctioned | Top holders fund flow involves sanctioned entities. |
top-10-holders-fundflow-drainer | Top Holders Fund Drainers | Top holders fund flow involves drainers. |
top-10-holders-fundflow-mixer | Top Holders Fund Mixers | Top holders fund flow involves mixers. |
Tags related to wallet address behavior and associations.
| Tag | Name | Description |
|---|
drainer | Drainer | Address related to drainer activity that automates draining assets. |
hacker | Hacker | Address associated with hacking or at risk of being a hacker. |
mixer | Mixer | Coin mixer address. Interacting may result in your address being flagged. |
sanctioned | Sanctioned | Sanctioned activity reported by world authorities. |
cybercrime | Cybercrime | Address has committed cybercrimes reported by authorities. |
financial_crime | Financial Crime | Connected with financial crime. Avoid DEX interaction. |
stealing_attack | Theft | Involved in theft. Do not send anything to this address. |
money_laundering | Money Laundering | Involved in money laundering and may be attached to criminal activity. |
phishing_activities | Phishing | Involved in phishing activities. Proceed with extreme caution. |
blackmail_activities | Blackmail | Potentially involved in illegal blackmail activity. |
darkweb_transactions | Darkweb | Spotted interacting with darkweb actors. |
honeypot_related_address | Honeypot | Honeypot address that traps unsuspecting wallets. |
malicious_mining_activities | Malicious Miner | Miner that has performed malicious mining and AMM activity. |
number_of_malicious_contracts_created | Malicious Contracts | Associated with malicious smart contracts. Avoid at all costs. |
fake_kyc | KYC Fail | Fails to meet KYC standards (too new, too few transactions). |
blacklist_doubt | Possible Blacklist | Reported numerous times as dangerous. Proceed with caution. |
Tags related to smart contract vulnerabilities and security issues.
Reentrancy Vulnerabilities
| Tag | Name | Description |
|---|
reentrancy_with_eth_transfer | Reentrancy With ETH Transfer | Allows reentrancy attacks capable of withdrawing more ETH than deposited. |
reentrancy_without_eth_transfer | Reentrancy Without ETH Transfer | Vulnerable to reentrancy attacks on token transfers. |
reentrancy_same_effect | Reentrancy | Vulnerable to reentrancy attacks. |
pess_readonly_reentrancy | Readonly Reentrancy | Getter functions return values that could be manipulated during execution. |
Price Manipulation
| Tag | Name | Description |
|---|
price_manipulation_high | High Price Manipulation Risk | Contract has logic with high potential for price manipulation. |
price_manipulation_medium | Medium Price Manipulation Risk | Contract has logic with moderate potential for price manipulation. |
price_manipulation_low | Low Price Manipulation Risk | Contract has logic with low potential for price manipulation. |
Front Running
| Tag | Name | Description |
|---|
front_running_high | High Front Running Risk | Contract logic could be subject to front running. |
front_running_medium | Medium Front Running Risk | Contract logic could be subject to front running. |
front_running_low | Low Front Running Risk | Contract logic could be subject to front running. |
Centralization Risks
| Tag | Name | Description |
|---|
centralized_risk_high | High Centralization Risk | Contract may have drainer-like logic. |
centralized_risk_medium | Medium Centralization Risk | Contract may have drainer-like logic. |
centralized_risk_low | Minor Centralization Risk | Contract may have drainer-like logic. |
Minting Risks
| Tag | Name | Description |
|---|
mint_high | High Arbitrary Minting Risk | Logic could be manipulated to arbitrarily mint tokens. |
mint_low | Low Arbitrary Minting Risk | Logic could be manipulated to arbitrarily mint tokens. |
burn | Arbitrary Burning Risk | Logic could be manipulated to arbitrarily burn tokens. |
Integer Issues
| Tag | Name | Description |
|---|
integer_overflow | Integer Overflow | Contract susceptible to integer overflow. |
integer_underflow | Integer Underflow | Contract susceptible to integer underflow. |
Unchecked Operations
| Tag | Name | Description |
|---|
unchecked_lowlevel | Unchecked Low Level Call | Return value of low level call not checked. |
unchecked_send | Unchecked Send | Return value of send not checked. |
unchecked_transfer | Unchecked Transfer | Return value of transfer not checked. |
Self Destruct
| Tag | Name | Description |
|---|
selfdestruct | Self Destruct | Contract is self destructible. All functions become unavailable and assets erased. Susceptible to rug-pulls. |
suicidal | Self Destruct | Contract is self destructible. |
Arbitrary Operations
| Tag | Name | Description |
|---|
arbitrary_send_erc20 | Arbitrary Send ERC20 | Approval allows attacker to take tokens directly to their wallet. |
arbitrary_send_erc20_permit | Arbitrary Send ERC20 with Permit | TransferFrom allows attacker to transfer all approved tokens. |
arbitrary_send_eth | Arbitrary Send ETH | Unprotected call sending ETH to arbitrary address. |
Signature Issues
| Tag | Name | Description |
|---|
SWC_117 | Signature Malleability | Signature could be reused in unauthorized ways. |
SWC_121 | Replay Attack Vulnerability | Attackers can reuse your signature. |
SWC_122 | Lack of Signature Verification | Missing proper signature verification. |
pess_ecrecover | ECRecover Issue | Ecrecover returns 0 on error, must check result. |
Storage & State Issues
| Tag | Name | Description |
|---|
uninitialized_state | Uninitialized State | State variables are uninitialized. |
uninitialized_storage | Uninitialized Storage | Storage variables are uninitialized. |
unprotected_upgrade | Unprotected Upgrade | Contract can be self destructed and funds withdrawn. |
SWC_124 | Arbitrary Storage Write | Attacker can write to arbitrary storage locations. |
locked_ether | Locked Ether | Contract takes payment but has no withdraw function. |
Access Control
| Tag | Name | Description |
|---|
controlled_delegatecall | Controlled Delegatecall | Attacker can delegate to malicious contract. |
delegatecall_loop | Delegatecall Loop | Logic could be harmful on repeat. |
pess_unprotected_initialize | Unprotected Initialize | Initialize could be hijacked by attacker. |
pess_unprotected_setter | Unprotected Setter | Setter changes parameters without protection. |
pess_call_forward_to_protected | Call Forward to Protected | Low level calls to custom address could bypass access control. |
Other Contract Vulnerabilities
| Tag | Name | Description |
|---|
weak_prng | Weak PRNG | Randomness generation is weak and could be gamed by miners. |
rtlo | Right To Left Override | Unicode characters used to manipulate contract logic. No legitimate use case. |
shadowing_state | Shadowing State | Variable naming prevents setting certain variables. |
encode_packed_collision | Encode Packed Collision | Possibility of collisions overwriting data. |
incorrect_shift | Incorrect Shift | Incorrectly using bitshifting. |
k_value_error | K Value Error | K value error in swap/mint/burn functions. |
missing_zero_check | Missing Zero Check | No check for zero address, potentially bricking contract. |
pess_token_fallback | Token Fallback | Fallback function indicates potential reentrancy. |
pess_double_entry_token_alert | Double Entry Token | Token has two entry points that may cause misfunction. |
controlled_array_length | Controlled Array Length | Array length can be resized, allowing access to critical information. |
msg_value_loop | Msg.Value in Loop | Use of msg.value inside a loop. |
Wallet History Tags
Tags related to wallet age and activity.
| Tag | Name | Description |
|---|
insufficient_wallet_age | Insufficient Age | Wallet is too new to pass KYW (Know Your Wallet) criteria. May indicate malicious creation. |
insufficient_wallet_balance | Insufficient Balance | Balance is below KYW criteria. May indicate a new wallet. |
insufficient_wallet_transactions | Insufficient Transactions | Too few transactions to pass KYW criteria. |
Solana
| Tag | Name | Description |
|---|
impersonator | Impersonator | Someone is impersonating an entity related to the token. |
known-malicious-token | Known Malicious Token | Token is recognized as malicious. |
mutable-metadata | Mutable Metadata | Token metadata can be modified. |
TON
| Tag | Name | Description |
|---|
is_nonstandard_jetton | Non-standard Jetton | Jetton does not follow standard implementation. |
is_nonstandard_jetton_wallet | Non-standard Jetton Wallet | Jetton wallet does not follow standard implementation. |
| Tag | Name | Description |
|---|
valid_report | Reported | This address or contract has been reported by the community. |
