Today we would like to cover some smart contract safety checks. There are a few actions that you can take that will help you defend yourself. Please note, even if you check these specific functions and they check out, there may still be ways that you can get scammed. These are only a few checks that can be done through checking the smart contracts and there are many different ways to scam, educating yourself on as many of those ways as possible is best.
Is the contract verified?
First, we will look at checking to see if a contract is verified. When a contract is not verified, you cannot read the token smart contract code. This means you will not be able to know if there is malicious code in the contract. Checking to see if it is verified is one of the first steps you do when researching a new project. In the screenshot you can see that when you go to a token smart contract page on snowtrace.io , there is a tab that reads “Contract”. If you click on this tab, you should be able to view the code, allowing a skilled person to review it to decide if there is anything malicious.
Finding the functions.
Once we know that the contract is verified, we can now look at the functions. There will be multiple tabs within the “contract” tab if verified. There is a “READ” tab and a “WRITE” tab. In these sections you will need to connect your wallet (connect to web3) to use the functions.
In the read tab, you are able to do things like: request to see your amount of tokens you hold, check to see if you are approved, and other actions that do not change anything.
In the write tab, you are able to perform many different actions. These functions are essential to the smart contract and it’s safety. Advanced users can read these functions, know what they do and can sometimes spot a red flag just by checking to see what is in this tab.
Find the token creator and see what they are up to.
Every token has a token creator. In most situations you find it has been created by a wallet address. This is what we call token contract creation. Sometimes a contract can also create token contracts, but we’re not going to cover that in this description. You can tell the difference because at the top of the page, the address will say “contract”.
So, through the same page that you are able to check your functions, you are also able to click on the Contract creator’s address. When you click on their address, you will get the history of their transactions on the blockchain. This can be very valuable in deciding if you are getting scammed or not.
For example, if you see the contract creator constantly selling tokens, it could be a good indicator (but not always) that they are scamming. You can also see the functions that are getting called on this page. Most contracts only have 1 contract owner. This means that only 1 wallet can make changes to the contract by using specific functions that only they have access to.
Not only can you view what they are doing, but you can also view their blockchain history! You can trace back their transactions to see if they have scammed with other wallets! Through the wallet’s early transactions you can see if they have pulled liquidity from a project recently and also what other contracts they have created. Maybe they have created 20 different tokens in just one day, it happens!!
Finding the locked liquidity
Ok, there are different ways to find this (best way is to ask the team for a link). Usually when a token contract is created and the tokens are minted, shortly afterwards, the creator adds a portion of the minted tokens in with a base currency like AVAX to give the token value. This function displays as “Add Liquidity”, which is usually in the creator’s wallet. Liquidity can be added by anyone, so it does not have to be the owner, but in many cases it is.
You will notice that in the liquidity add transaction, the wallet performing that action has received new tokens. For Trader Joe, they would be JLP, Pangolin would be PGL.
The wallet adding the liquidity will receive these tokens. Sometimes you will be able to see these in their wallet in the drop down list at the top of the page. If you see them holding these tokens then the have not locked them. Please be aware that all exchange liquidity tokens are generally labeled the same (JLP, PGL). Sometimes you must click on the token to see which token pair it is because there can be multiples in a wallet. You want to ensure you are looking at the correct liquidity tokens.
If the liquidity tokens are not in the wallet anymore, you can trace them by following “Transfer” functions. You will need to click on the transfers that happened after the liquidity was added. If the liquidity is actually locked, you will find the liquidity tokens have been transferred to a contract that has a specified amount of time. Deciphering the time locked and how to find that can be covered in a more advanced article.
Hopefully this has helped you to understand the basics of token contract tracing and helps you with your safety checks before purchasing a token for investment. Please remember to always do your own research! We feel it is important that a trader or investor knows how to check these for themselves!