tokenchecks's Introduction

Token Checks for MEV

On-chain checks for common types of smart contract scams. Useful for anyone exploring MEV. See the original TokenProvidence repo for more details on these types of checks. Check them out in /contracts.

This repo is a hardhat-ified and constructor optimized version of OxV19's providence checks. Thanks to DrGorilla for the constructor input to avoid deploying the contracts at all.

I added some basic tests to show how they can be used. Check them out in test/ to see how to use these contracts efficently.

I also added on an example of geth's state override set inspired by libevm's tweet. These are the flashSwap.ts files in test and scripts. These need to be heavily modified to be useful in a production setting, but they serve as an example for now.

Setup

cp .env.example .env
Fill out the .env file
npm install

Tests

npm run test

Usage

Checking Tokens using a constructor only contract

npm run token <token address>
e.g. npm run token 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 for USDC
e.g. npm run token 0x843976d0705c821ae02ab72ab505a496765c8f93 for some honeypot

Checking Tokens using geth's state override set

npm run token <token address>
e.g. npm run token-override 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 for USDC
e.g. npm run token-override 0x843976d0705c821ae02ab72ab505a496765c8f93 for some honeypot

This seems to be the more robust way, so as to avoid intelligent malicious contracts like EvilERC20. Thanks to Ape Dev's tweet and PR for this very sneaky contract.

Flash Swap

There is also a Uniswap Flash Swap example between UniswapV2 and Sushiswap on their ETH<>DAI pairs. Running npm run flash will test the opportunity without deploying any contracts.

Note, this example is unlikely to find an arb as that's a heavily watched pair. Also, the example is:

Not gas optimized.
Only works one way and tries to get a profit of 1e-18 DAI.
Probably not secure enough for production use.

Think of it as a proof of concept to help you learn about flash swaps and usage of eth_call.

Inspired by:

WARNING

Not responsible for any errors which may occur. Use at your own risk.

tokenchecks's People

Contributors

Stargazers

Watchers

tokenchecks's Issues

Add sell taxes check

Thanks for contracts, good job!
But I noticed that only buy phase is checked for fees in InternalFees contract. I suppose, there can be some tokens with 0% buy fee, but x% sell fee. Maybe add sell check too?

Evil Token`

Hello, i managed to implement your checks on bsc, however i found this token which bypasses the check. This guy creates these tokens every 15min to bait.

I was wondering if anyone could figure out how to counter him.

Evil token : https://bscscan.com/token/0x49c63b05b03a94c365aa755a182f070783798091

I simulated with ganache as well , it still passed

Recommend Projects

devanoneth / tokenchecks Goto Github PK