> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Threats and Labels

> Overview of Webacy threat categories and risk labels covering rugpulls, honeypots, reentrancy, drainers, and other smart contract security issues.

## Overview

The Webacy API categorizes smart contract threats into six primary categories, ranging from noteworthy characteristics to serious safety concerns.

## Threat Categories

### 1. Rugpull

Abandoned projects or intentionally deceptive smart contracts designed to enable theft of funds.

**Key Mechanisms:**

| Type         | Description                                                                       |
| ------------ | --------------------------------------------------------------------------------- |
| **Drain**    | Contracts that steal assets from hot wallets through reentrancy vulnerabilities   |
| **Honeypot** | Contracts that promise asset transfers but execute rugpulls once funds accumulate |

**Associated Risk Tags:**

* Reentrancy variants (1, 3, 4)
* Unchecked low-level calls
* Looped calls (DoS potential)

***

### 2. Asset Value Attack

Manipulation tactics that cause sudden price changes for existing token holders.

**Attack Types:**

| Type                    | Description                                                 |
| ----------------------- | ----------------------------------------------------------- |
| **Supply manipulation** | Hidden minting functions or absent multi-signature controls |
| **Price manipulation**  | Flash loan attacks affecting asset valuations               |

**Associated Risk Tags:**

* Reentrancy variants
* Unchecked calls
* Faulty calculations
* Uninitialized variables
* Hidden mint functions

***

### 3. Third-Party Dependency

Vulnerabilities from off-chain data feeds (oracles, pricing information) that aren't properly decentralized.

**Risks:**

* Artificial buy/sell conditions
* Price oracle manipulation
* Single points of failure

***

### 4. Code Mutability

Upgradeable contracts that may introduce behavioral changes over time.

**Concerns:**

* Proxy patterns allowing logic replacement
* Admin-controlled upgrades
* Lack of timelock mechanisms

***

### 5. Backdoor

Administrative functions that can be misused to bypass security measures.

**Examples:**

* Hidden owner functions
* Pausable transfers
* Blacklist/whitelist manipulation
* Emergency withdrawal functions

***

### 6. Combined Risks

Complex vulnerabilities combining multiple categories:

* Low-level calls with shadowed implementations
* Unauthorized administrator access
* Nested proxy patterns

## Using Threat Categories

When evaluating risk, consider:

1. **Severity** - Rugpull and Asset Value Attack are highest severity
2. **Likelihood** - Code Mutability and Backdoor are common but not always malicious
3. **Context** - Third-Party Dependency risk varies by oracle quality

```javascript theme={null}
function categorizeRisk(issues) {
  const critical = issues.filter(i =>
    ['drain', 'honeypot', 'hidden_mint'].includes(i.tag)
  );

  const high = issues.filter(i =>
    ['reentrancy', 'unchecked_call', 'backdoor'].includes(i.tag)
  );

  return { critical, high };
}
```
