Skip to main content

Overview

Malicious Bool Checks are deceptive boolean conditions that can be manipulated to control contract behavior, often used to enable trading restrictions, block transfers, or execute rug pulls.

Types of Malicious Bool Checks

Trading Toggle

Admin-controlled boolean that can freeze all trading. 
// DANGEROUS: Trading can be disabled at any time
bool public tradingEnabled = false;

function transfer(address to, uint256 amount) public override returns (bool) {
    require(tradingEnabled || msg.sender == owner, "Trading disabled");
    return super.transfer(to, amount);
}

function enableTrading() public onlyOwner {
    tradingEnabled = true;  // Can also be set back to false!
}
Risk: Owner can freeze trading after users buy in.

Blacklist Mechanism

Boolean mapping to block specific addresses. 
// DANGEROUS: Arbitrary blacklisting
mapping(address => bool) public blacklisted;

function transfer(address to, uint256 amount) public override returns (bool) {
    require(!blacklisted[msg.sender], "Blacklisted");
    require(!blacklisted[to], "Blacklisted recipient");
    return super.transfer(to, amount);
}

function setBlacklist(address account, bool status) public onlyOwner {
    blacklisted[account] = status;
}
Risk: Users can be blocked from selling their tokens.

Hidden Fee Toggle

Boolean that activates excessive fees. 
// DANGEROUS: Hidden fee activation
bool public feesEnabled = false;
uint256 public feePercent = 99;  // 99% fee when enabled!

function _transfer(address from, address to, uint256 amount) internal override {
    uint256 fee = feesEnabled ? amount * feePercent / 100 : 0;
    super._transfer(from, to, amount - fee);
    if (fee > 0) super._transfer(from, feeRecipient, fee);
}
Risk: Fees can be enabled post-launch to drain user funds.

Sell Restriction

Boolean that only restricts selling, not buying. 
// DANGEROUS: One-way trading
bool public sellEnabled = true;

function _transfer(address from, address to, uint256 amount) internal override {
    if (to == uniswapPair) {  // Selling to DEX
        require(sellEnabled || from == owner, "Selling disabled");
    }
    super._transfer(from, to, amount);
}
Risk: Users can buy but cannot sell (honeypot).

Safe Patterns

Immutable Trading Status

// SAFE: Trading can only be enabled once
bool public tradingEnabled = false;
bool public tradingLocked = false;

function enableTrading() public onlyOwner {
    require(!tradingLocked, "Already locked");
    tradingEnabled = true;
    tradingLocked = true;  // Cannot be changed again
}

Transparent Blacklist with Governance

// SAFER: Timelock on blacklist changes
mapping(address => bool) public blacklisted;
mapping(address => uint256) public blacklistPending;

function proposeBlacklist(address account) public onlyOwner {
    blacklistPending[account] = block.timestamp + 2 days;
    emit BlacklistProposed(account);
}

function executeBlacklist(address account) public onlyOwner {
    require(blacklistPending[account] != 0, "Not proposed");
    require(block.timestamp >= blacklistPending[account], "Timelock");
    blacklisted[account] = true;
    emit Blacklisted(account);
}

Detection Tags

TagSeverityDescription
trading_toggleHighAdmin can enable/disable trading
blacklist_functionMediumAddress blacklisting capability
hidden_fee_toggleHighFees can be activated post-deployment
sell_restrictionCriticalSelling can be blocked (honeypot)
whitelist_onlyMediumOnly whitelisted addresses can trade

API Response Example

{
  "issues": [
    {
      "tag": "trading_toggle",
      "severity": "high",
      "description": "Owner can disable trading at any time",
      "location": "enableTrading()"
    },
    {
      "tag": "sell_restriction",
      "severity": "critical",
      "description": "Selling to DEX can be blocked by owner",
      "location": "_transfer(address,address,uint256)"
    }
  ]
}

Red Flags

  • tradingEnabled or similar toggleable boolean
  • Blacklist/whitelist mappings with admin control
  • Different logic for buy vs sell transactions
  • Fee variables that can be changed post-deployment
  • onlyOwner functions that affect transfer logic
  • Boolean checks that exempt owner from restrictions