Skip to main content

Overview

Malicious burn functions allow unauthorized destruction of tokens, either from user wallets or liquidity pools, enabling theft and market manipulation.

Types of Malicious Burns

Privileged Burn

Admin can burn tokens from any wallet without owner consent.
Risk: Admin can drain user wallets at will.

Hidden Burn

Burn logic hidden within other functions like transfers.
Risk: Users unknowingly lose tokens on every transfer.

Selective Burn

Burn functions targeting specific addresses or conditions.
Risk: Allows targeting and elimination of specific holders.

LP Burn Manipulation

Burning liquidity pool tokens to manipulate price.
Risk: Price manipulation through liquidity reduction.

Safe Burn Patterns

User-Only Burn

Transparent Burn Tax

Detection Tags

API Response Example

Red Flags

  • burn(address from, ...) with admin access
  • Hidden burns in transfer functions
  • No events emitted on burns
  • Burn rate can be changed by admin
  • Burn targets specific addresses or mappings