Using ChatGPT to spot crypto honeypots, scam contracts, and other red flags

Upland: Berlin Is Here!

OpenAI‘s ChatGPT now offers plugins that can help users identify potential crypto honeypots, providing an additional layer of security in the volatile crypto market.

As highlighted by Dynamo DeFi, the Smarter Contracts plugin allows users to analyze smart contracts through the ChatGPT interface.

OpenAI states that this tool analyzes smart contracts and tokens on the Ethereum network. It can provide account information, resolve ENS or .eth addresses, and even provide real-time gas fees. The primary function, however, is to analyze smart contracts for tokens and NFTs and identify any potential red flags that might indicate a scam.

Dynamo DeFi provided a practical example of how this tool can be used. CryptoSlate validated the methodology by providing two Ethereum contract addresses and asking the AI to analyze them.

The first contract, which Dynamo DeFi suggested as ‘0x57E2bf,’ was flagged as a potential scam. The contract appeared to be a standard ERC20 token with additional features, but the analysis indicated it was likely designed to trick users into actions, not in their best interest.

The second contract, ‘0xdAC17F,’ was identified as the smart contract for Tether (USDT). The analysis found no red flags, demonstrating the tool’s ability to differentiate between potentially harmful and legitimate contracts. The plugin stated,

“This is a significant red flag, and I would advise against interacting with this contract without a thorough understanding of its functionality and potential risks.”

Contract Review: Honeypot

Using the Smarter Contracts plugin, CryptoSlate confirmed that the contract address shared by Dynamo DeFi has the following features, which suggest that it is likely a honeypot scam.

The ‘0x57E2bf’ contract on the Ethereum network complies with the standard functions of an ERC20 token. It encapsulates features such as balanceOf, transfer, approve, transferFrom, and allowance, facilitating essential token operations like balance checking, token transfers, and approving for others to expend tokens on behalf of the user.

The contract incorporates a basic ‘Ownable‘ feature, assigning exclusive owner privileges, often encompassing administrative functions inaccessible to regular users.

However, other attributes include a mechanism allowing the owner to set fixed transfer amounts for specific addresses, which infers that these addresses can only transfer a predetermined token amount per transaction. Furthermore, the contract also allows the owner to control trading activity, deactivating or activating it at their discretion. Until trading is permitted, only the owner can transfer tokens.

The AI advised caution, flagging this contract as a potential honeypot from this analysis. In smart contract terms, a honeypot denotes a contract that seems beneficial or profitable on the surface but is engineered to deceive users into actions that might compromise their best interests, such as freezing their funds or depleting their balances.

This feature presents a significant risk, and interaction with this contract should likely be avoided without a comprehensive understanding of its functionality and inherent risks.

What are the signs of the honeypot?

There are a few potential signs that this token contract could be used as a honeypot.

The contract being ownable means that a single owner has special privileges. While not an uncommon feature, if this power is misused, it could potentially lead to unfavorable outcomes for other token holders.

Moreover, when tied in with the feature allowing the owner to set fixed transfer amounts for specific addresses, this may limit the token’s liquidity to particular addresses and be used to control the token’s trading to the owner’s advantage.

Most worryingly, the owner can turn trading on or off at will is a red flag. This means the owner can control when and if tokens can be transferred, which could potentially be used to manipulate the market or trap funds.

These features in themselves don’t provide definitive proof that the token is a honeypot. Still, they give the token owner a high level of control, which could result in a honeypot scenario if misused. Thus, understanding the dynamics of the smart contract puts the investor in a more knowledgeable position to decide whether to make a trade.

Contract Example: Tether

For comparison, CryptoSlate was also able to validate the following information about the ‘0xdAC17F’ smart contract using the plugin. Like the previous contract, Tether (USDT) is fundamentally built on the ERC20 standard, which includes the same essential functions of an ERC20 token.

The Tether contract also showcases features such as ‘Ownable,’  as well as ‘Pausable,’ ‘BlackList,’ and ‘Upgradable.’ The ‘Pausable‘ feature allows the owner to put the contract on pause or restart it as required. In essence, this can be used to halt all token transfers during a crisis. In addition, the ‘BlackList‘ feature also enables the owner to add addresses to a denylist, preventing blocked addresses from conducting transactions.

The contract is also ‘Upgradable,’ suggesting that the contract’s logic can be revised by deploying a new contract and assigning its address to the existing contract. The contract also has functions to issue and redeem tokens, likely used to maintain the token’s value in line with the US dollar.

The AI analysis shows that this contract is not a ‘honeypot,’ indicating that it is not designed to mislead users into performing actions that may not serve their best interests.

Comparing the contracts

Tether’s ‘Pausable’ feature and the ‘Trading Control‘ feature mentioned in the ‘honeypot’ token contract both allow the contract owner to halt token transfers. Still, they typically have different implications and use cases.

The ‘Pausable’ feature in Tether’s contract, or similar tokens, is typically used as a security measure. This function allows the owner to pause all token transfers in case of a security breach or significant technical issue. Once the issue is resolved, the contract owner can unpause the contract, and token transfers can resume. The intention behind this feature is to protect users’ funds during emergencies.

However, the ‘Trading Control’ feature in the provided contract allows the owner to enable or disable token transfers at their discretion. This could be used to control the token’s liquidity, perhaps to stabilize its price or control supply and demand. However, this feature can be abused if the owner halts trading to manipulate the market or trap users’ funds, which could indicate a honeypot scam.

Both features allow the owner to halt transfers, but their intended uses and potential for abuse are different. The ‘Pausable‘ feature is commonly used in reputable contracts as a protective measure, while the ‘Trading Control’ feature could be used maliciously, depending on the owner’s intentions.

These examples illustrate the potential of ChatGPT and its plugins in the crypto space. By providing an additional layer of security, these tools can help users navigate the complex and, too often, risky world of cryptocurrency.

Source: https://cryptoslate.com/using-chatgpt-to-spot-crypto-honeypots-scam-contracts-and-other-red-flags/