This facet flags functions which does pause-like functionality checks, and can potentially block transfer, approval or allowance of tokens.

📘

This module flags pause checks as well when done in transfer, allowance and approval functions

Context

Base ERC functions like transfer(), allowance() and approval() should be accessible to end-users. Malicious contracts may block the execution of these base functionalities by doing certain bool checks, making these functions usable to users only when certain variables/functions are set to true.

Scenarios

pause like checks

Here, for a transfer to execute, there is a direct condition check of whether paused is set to false. These are straightforward checks which block the execution of base ERC functionalities.

Backdoor-Pause like checks

Here, for a transfer to execute, the variable _aab needs to be set to true. This leads to backdoor-like pause functionalities, where the variable acts as a pausing check, which deceptively blocks the execution of token transfers.

Checkpoint article reference

Scammers are creating new fraudulent Crypto Tokens and misconfiguring smart contract’s to steal funds - Check Point Research

Contract address : https://bscscan.com/address/0x31d9bb2d2e971f0f2832b32f942828e1f5d82bf9#code

Here, the contract 0x31d9bb2d2e971f0f2832b32f942828e1f5d82bf9, has function _transfer()

Here, line 267 and 277 are classic examples of above cases where:

Line 276: Potentially blocks certain users from transferring tokens (blacklisting users)

Line 277: The variable balances1 needs to be set to true, for transfer to happen. otherwise it will result in the error “ERC20: transfer to zero address”