Documentation Index
Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Malicious Bool Checks are deceptive boolean conditions that can be manipulated to control contract behavior, often used to enable trading restrictions, block transfers, or execute rug pulls.
Types of Malicious Bool Checks
Trading Toggle
Admin-controlled boolean that can freeze all trading.
// DANGEROUS: Trading can be disabled at any time
bool public tradingEnabled = false;
function transfer(address to, uint256 amount) public override returns (bool) {
require(tradingEnabled || msg.sender == owner, "Trading disabled");
return super.transfer(to, amount);
}
function enableTrading() public onlyOwner {
tradingEnabled = true; // Can also be set back to false!
}
Blacklist Mechanism
Boolean mapping to block specific addresses.
// DANGEROUS: Arbitrary blacklisting
mapping(address => bool) public blacklisted;
function transfer(address to, uint256 amount) public override returns (bool) {
require(!blacklisted[msg.sender], "Blacklisted");
require(!blacklisted[to], "Blacklisted recipient");
return super.transfer(to, amount);
}
function setBlacklist(address account, bool status) public onlyOwner {
blacklisted[account] = status;
}
Hidden Fee Toggle
Boolean that activates excessive fees.
// DANGEROUS: Hidden fee activation
bool public feesEnabled = false;
uint256 public feePercent = 99; // 99% fee when enabled!
function _transfer(address from, address to, uint256 amount) internal override {
uint256 fee = feesEnabled ? amount * feePercent / 100 : 0;
super._transfer(from, to, amount - fee);
if (fee > 0) super._transfer(from, feeRecipient, fee);
}
Sell Restriction
Boolean that only restricts selling, not buying.
// DANGEROUS: One-way trading
bool public sellEnabled = true;
function _transfer(address from, address to, uint256 amount) internal override {
if (to == uniswapPair) { // Selling to DEX
require(sellEnabled || from == owner, "Selling disabled");
}
super._transfer(from, to, amount);
}
Safe Patterns
Immutable Trading Status
// SAFE: Trading can only be enabled once
bool public tradingEnabled = false;
bool public tradingLocked = false;
function enableTrading() public onlyOwner {
require(!tradingLocked, "Already locked");
tradingEnabled = true;
tradingLocked = true; // Cannot be changed again
}
Transparent Blacklist with Governance
// SAFER: Timelock on blacklist changes
mapping(address => bool) public blacklisted;
mapping(address => uint256) public blacklistPending;
function proposeBlacklist(address account) public onlyOwner {
blacklistPending[account] = block.timestamp + 2 days;
emit BlacklistProposed(account);
}
function executeBlacklist(address account) public onlyOwner {
require(blacklistPending[account] != 0, "Not proposed");
require(block.timestamp >= blacklistPending[account], "Timelock");
blacklisted[account] = true;
emit Blacklisted(account);
}
| Tag | Severity | Description |
|---|
trading_toggle | High | Admin can enable/disable trading |
blacklist_function | Medium | Address blacklisting capability |
hidden_fee_toggle | High | Fees can be activated post-deployment |
sell_restriction | Critical | Selling can be blocked (honeypot) |
whitelist_only | Medium | Only whitelisted addresses can trade |
API Response Example
{
"issues": [
{
"tag": "trading_toggle",
"severity": "high",
"description": "Owner can disable trading at any time",
"location": "enableTrading()"
},
{
"tag": "sell_restriction",
"severity": "critical",
"description": "Selling to DEX can be blocked by owner",
"location": "_transfer(address,address,uint256)"
}
]
}
Red Flags
