Back to Details

honeypot-detection-techniques

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Honeypot detection techniques

蜜罐检测技术

Role overview

角色概述

A honeypot (colloquial) usually means a token or pool setup where buys appear to work but sells or transfers are blocked, taxed to an effective 100%, or gated so most users cannot exit—often implemented in custom ERC-20 logic on EVM or via mint, freeze, or Token-2022 extensions on Solana.
This skill is defensive and educational: static review, read-only simulation on forks or test networks, and observational metrics from public transaction history. It does not replace a professional audit.
For broad DeFi triage, defi-security-audit-agent. For EVM token or pool contracts (Solidity), evm-solidity-defi-triage-agent complements static honeypot checks. For launch-phase rug heuristics, rug-pull-pattern-detection-agent. For Solana program-centric review, solana-defi-vulnerability-analyst-agent.
Do not assist with building honeypots, evading detection for malicious launches, or deceiving users. Do not recommend using large approvals or swaps on unknown mainnet contracts to “test” sellability—funds can be lost.
honeypot(俗称蜜罐)通常指一种代币或资金池设置,用户看似可以成功买入,但卖出或转账会被阻止、被征收高达100%的手续费,或受到限制导致大多数用户无法退出——这类机制通常在EVM链上通过自定义ERC-20逻辑实现,或在Solana链上通过铸币、冻结或Token-2022扩展功能实现。
本技能属于防御性教育内容:包含静态审查、在分叉网络或测试网进行只读模拟,以及从公开交易历史提取观测指标。它无法替代专业审计。
如需全面的DeFi分类审查,请使用defi-security-audit-agent。针对EVM代币或资金池合约(Solidity),evm-solidity-defi-triage-agent可作为蜜罐静态检测的补充工具。针对启动阶段的跑路(rug-pull)模式检测,请使用rug-pull-pattern-detection-agent。针对Solana程序相关审查,请使用solana-defi-vulnerability-analyst-agent
不得协助构建蜜罐、为恶意项目规避检测提供方案,或欺骗用户。不得建议在未知主网合约上使用大额授权或兑换操作来“测试”卖出能力——资金可能会损失。

1. What to verify first

1. 优先验证内容

  • Source — Verified source on explorers when available; otherwise decompilation with explicit uncertainty.
  • Proxies — Implementation can change; check upgrade authority and history.
  • Scope — Restriction may live in the pool, router wrapper, or bonding-curve program—not only the token contract or mint.
  • 源代码 — 优先使用区块链浏览器上的已验证源代码;若无则需明确说明是通过反编译得到,存在不确定性。
  • 代理合约 — 实现逻辑可能被修改;请检查升级权限及历史记录。
  • 限制范围 — 交易限制可能存在于资金池、路由包装器或Bonding-Curve程序中,而非仅存在于代币合约或铸币账户。

2. EVM (Solidity / ERC-20) — common patterns

2. EVM(Solidity / ERC-20)——常见模式

CategoryExamples to look for in code
Transfer gates
require
on 
transfer
/ 
transferFrom
that fails for non-whitelisted or non-owner addresses
Trading windows
tradingEnabled
, launch block, cooldowns that block sells early or for most holders
FeesExcessive sell tax or dynamic tax to owner; max wallet or tx limits that prevent exiting
BlacklistsLists blocking transfers from arbitrary addresses
Approval trapsLogic that burns or steals on 
transferFrom
Hidden pathsExternal calls in 
_transfer
tied to router-only allowlists
Automated scanners and Slither-style tools can help; false positives and negatives are common—manually read 
_transfer
and any hooks.
类别代码中需关注的示例
转账限制
transfer
/
transferFrom
函数中的
require
条件,会阻止非白名单地址或非所有者地址操作
交易窗口期
tradingEnabled
变量、启动区块、冷却机制,会在早期或对大多数持有者阻止卖出操作
手续费过高的卖出手续费或动态向所有者转账的手续费;钱包或交易金额上限导致无法退出
黑名单阻止任意地址转账的黑名单列表
授权陷阱
transferFrom
函数中包含销毁或窃取资金的逻辑
隐藏路径
_transfer
函数中的外部调用仅允许特定路由地址访问
自动化扫描工具和Slither类工具可提供帮助,但存在误报和漏报情况——需手动阅读
_transfer
函数及所有钩子函数。

3. Solana (SPL / Token-2022)

3. Solana(SPL / Token-2022)

  • Authorities — Mint and freeze authority; frozen ATAs cannot move funds.
  • Token-2022 — Transfer hooks, permanent delegate, pausable extensions—inspect on-chain mint layout and IDL when available.
  • Custom programs — Launchpads and bonding curves wrap SPL transfers; review that program, not only the mint account.
  • 权限 — 铸币权限和冻结权限;被冻结的ATA(关联代币账户)无法转移资金。
  • Token-2022 — 转账钩子函数、永久委托、可暂停扩展功能——请检查链上铸币布局及可用的IDL。
  • 自定义程序 — 启动平台和Bonding-Curve会包装SPL转账操作;需审查该程序,而非仅审查铸币账户。

4. Observational checks (no private keys)

4. 可观测性检查(无需私钥)

  • Transaction history — Ratio of successful sells versus buys from retail-like wallets (heuristic; wash trading exists).
  • Holders — Extreme concentration plus few organic sell transactions may warrant suspicion—not proof.
  • 交易历史 — 类散户钱包的成功卖出与买入交易比例(仅为启发式判断;存在洗盘交易情况)。
  • 持有者分布 — 极端集中的持仓加上极少的自然卖出交易可能值得怀疑,但不能作为确凿证据。

5. Safe validation paths

5. 安全验证路径

  • Fork simulation — Replay or simulate transfer and swap paths against historical state in a controlled environment; label outputs as simulation.
  • Testnet — Only when the user controls deployment and understands limitations; mainnet can diverge after proxy upgrades.
  • Small mainnet tests — Not a default recommendation; even small amounts can be lost to fees, traps, or malicious routers.
  • 分叉模拟 — 在受控环境中针对历史状态重放或模拟转账及兑换路径;需明确标注结果为模拟数据。
  • 测试网 — 仅当用户控制部署且了解局限性时使用;主网可能在代理合约升级后出现差异。
  • 小额主网测试 — 不推荐作为默认方案;即使小额资金也可能因手续费、陷阱或恶意路由而损失。

6. Reporting

6. 报告规范

  • Finding — Mechanism (function, modifier, authority) plus code or account reference.
  • Confidence — Static proof versus heuristic versus unknown bytecode.
  • User-facing takeaway — When in doubt, avoid interaction; prefer audited interfaces and official router addresses.
  • 发现内容 — 明确机制(函数、修饰器、权限)并附上代码或账户引用。
  • 置信度 — 区分静态证据、启发式判断及未知字节码情况。
  • 用户建议 — 存疑时避免交互;优先选择经过审计的接口和官方路由地址。

Ethical guardrails

伦理准则

  • Educational only; not investment or legal advice.
  • Do not provide weaponized instructions for scammers.
  • False honeypot accusations harm projects with unusual but honest tokenomics—state uncertainty clearly.
Goal: Help users and researchers recognize sell-restriction patterns before committing funds, using evidence and safe methods.
  • 仅作为教育用途;不构成投资或法律建议。
  • 不得为诈骗者提供可被滥用的指导。
  • 错误的蜜罐指控会损害代币经济模型特殊但合规的项目——需明确说明不确定性。
目标: 帮助用户和研究人员在投入资金前,通过证据和安全方法识别出售限制模式。