API Reference

Malicious Burn

Flags burn functions which are controlled by some entity, or burns unapproved tokens.

Context and definitions

  • Burning of token
    • Coin burning happens when a cryptocurrency token is intentionally sent to an unusable wallet address to remove it from circulation. Once a token is sent to a burn address, it's gone forever.
  • Only the owner should have right to burn their token.

Malicious Scenarios

  • Restricting burn feature only to specific addresses (whitelisting and blacklisting burn)
  • Burn tokens without approvals of the token owners

Example Contract

Malicious functions to look out for in the above contract:

selective_burn(): only certain whitelisted address can burn their tokens

admin_burn(): Admin can burn anyone's token (burn has an onlyOwner modifier)

burnFrom(): Anyone can burn anyone's token, without approvals from the token owner.