> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Malicious Bool Checks

> Detect malicious boolean checks in smart contracts that let owners freeze trading, block transfers, or trigger rug pulls through toggle switches.

## Overview

Malicious Bool Checks are deceptive boolean conditions that can be manipulated to control contract behavior, often used to enable trading restrictions, block transfers, or execute rug pulls.

## Types of Malicious Bool Checks

### Trading Toggle

Admin-controlled boolean that can freeze all trading.

```solidity theme={null}
// DANGEROUS: Trading can be disabled at any time
bool public tradingEnabled = false;

function transfer(address to, uint256 amount) public override returns (bool) {
    require(tradingEnabled || msg.sender == owner, "Trading disabled");
    return super.transfer(to, amount);
}

function enableTrading() public onlyOwner {
    tradingEnabled = true;  // Can also be set back to false!
}
```

**Risk:** Owner can freeze trading after users buy in.

***

### Blacklist Mechanism

Boolean mapping to block specific addresses.

```solidity theme={null}
// DANGEROUS: Arbitrary blacklisting
mapping(address => bool) public blacklisted;

function transfer(address to, uint256 amount) public override returns (bool) {
    require(!blacklisted[msg.sender], "Blacklisted");
    require(!blacklisted[to], "Blacklisted recipient");
    return super.transfer(to, amount);
}

function setBlacklist(address account, bool status) public onlyOwner {
    blacklisted[account] = status;
}
```

**Risk:** Users can be blocked from selling their tokens.

***

### Hidden Fee Toggle

Boolean that activates excessive fees.

```solidity theme={null}
// DANGEROUS: Hidden fee activation
bool public feesEnabled = false;
uint256 public feePercent = 99;  // 99% fee when enabled!

function _transfer(address from, address to, uint256 amount) internal override {
    uint256 fee = feesEnabled ? amount * feePercent / 100 : 0;
    super._transfer(from, to, amount - fee);
    if (fee > 0) super._transfer(from, feeRecipient, fee);
}
```

**Risk:** Fees can be enabled post-launch to drain user funds.

***

### Sell Restriction

Boolean that only restricts selling, not buying.

```solidity theme={null}
// DANGEROUS: One-way trading
bool public sellEnabled = true;

function _transfer(address from, address to, uint256 amount) internal override {
    if (to == uniswapPair) {  // Selling to DEX
        require(sellEnabled || from == owner, "Selling disabled");
    }
    super._transfer(from, to, amount);
}
```

**Risk:** Users can buy but cannot sell (honeypot).

## Safe Patterns

### Immutable Trading Status

```solidity theme={null}
// SAFE: Trading can only be enabled once
bool public tradingEnabled = false;
bool public tradingLocked = false;

function enableTrading() public onlyOwner {
    require(!tradingLocked, "Already locked");
    tradingEnabled = true;
    tradingLocked = true;  // Cannot be changed again
}
```

### Transparent Blacklist with Governance

```solidity theme={null}
// SAFER: Timelock on blacklist changes
mapping(address => bool) public blacklisted;
mapping(address => uint256) public blacklistPending;

function proposeBlacklist(address account) public onlyOwner {
    blacklistPending[account] = block.timestamp + 2 days;
    emit BlacklistProposed(account);
}

function executeBlacklist(address account) public onlyOwner {
    require(blacklistPending[account] != 0, "Not proposed");
    require(block.timestamp >= blacklistPending[account], "Timelock");
    blacklisted[account] = true;
    emit Blacklisted(account);
}
```

## Detection Tags

| Tag                  | Severity | Description                           |
| -------------------- | -------- | ------------------------------------- |
| `trading_toggle`     | High     | Admin can enable/disable trading      |
| `blacklist_function` | Medium   | Address blacklisting capability       |
| `hidden_fee_toggle`  | High     | Fees can be activated post-deployment |
| `sell_restriction`   | Critical | Selling can be blocked (honeypot)     |
| `whitelist_only`     | Medium   | Only whitelisted addresses can trade  |

## API Response Example

```json theme={null}
{
  "issues": [
    {
      "tag": "trading_toggle",
      "severity": "high",
      "description": "Owner can disable trading at any time",
      "location": "enableTrading()"
    },
    {
      "tag": "sell_restriction",
      "severity": "critical",
      "description": "Selling to DEX can be blocked by owner",
      "location": "_transfer(address,address,uint256)"
    }
  ]
}
```

## Red Flags

* [ ] `tradingEnabled` or similar toggleable boolean
* [ ] Blacklist/whitelist mappings with admin control
* [ ] Different logic for buy vs sell transactions
* [ ] Fee variables that can be changed post-deployment
* [ ] `onlyOwner` functions that affect transfer logic
* [ ] Boolean checks that exempt owner from restrictions
