Whackd is a malicious scamcoin and I can prove it.
 
If you read nothing else, just know whackd is a scam coin. So, for the love of god don't buy it, sell it, or give it any reason to have any value at all. If you will give me a moment of your time, I'll show you why.
I'm currently an aspiring blockchain developer who wants to make defi products. I decided to take a bit of a break from coding with solidity to go into one of the many telegram groups where people shill coins. Normally I don't pay attention to these coins, but on a lark I decided to look at the code after someone mentioned its weird deflationary tokenomics. I wanted to investigate so I went on etherscan to look at the contract code.
While the first weird thing about the code is that they are using an outdated version of solidity (a popular language for writing smart contracts) to write and produce it. It is kind of odd, but nothing to be alarmed at. The rest of the code looks like a normal erc20 token would, but then you get to the meat and potatoes of the code, the transfer functions and you see something shady is going on. Lets have a look:
 function transfer(address to, uint tokens) public returns (bool success) { balances[msg.sender] = safeSub(balances[msg.sender], tokens); if (random < 999){ random = random + 1; uint shareburn = tokens/10; uint shareuser = tokens - shareburn; balances[to] = safeAdd(balances[to], shareuser); balances[address(0)] = safeAdd(balances[address(0)],shareburn); emit Transfer(msg.sender, to, shareuser); emit Transfer(msg.sender,address(0),shareburn); } else if (random >= 999){ random = 0; uint shareburn2 = tokens; balances[address(0)] = safeAdd(balances[address(0)],shareburn2); If you have no idea about coding, let me break it down for you. Previously in the code there is a variable called random with a value of zero. Every time a transfer is made, the value of random is increased by 1 until the iteration of the 999th transfer, then random is reset to zero. If you are between 0 and 999 as your random value for your transaction, a 10th of the amount you wish to transfer is sent to the 0x0 address. This is one method tokens are burned, because it is thought that by sending tokens to that address no one can access them because no one yet has the private keys to access that wallet (Spoiler alert, the tokens aren't actually burned, but we will discuss that a little later). If your transfer is the lucky number 1000, then your whole entire transfer is "burned" and sent to the same 0x0 address. You just get rug pulled for the sake of being rug pulled because you were unlucky number 1000.
While this is really stupid and incriminating on its own. The token is upfront about it and everyone who shills it seems to use that as a point of pride. Okay, Whatever morons. But I took a closer look and realized this is more malicious than it looks.
Lets focus in on one line specifically, this is the "burn" feature that facilitates the whackd tokens being sent to the 0x0 wallet:
 balances[address(0)] = safeAdd(balances[address(0)],shareburn2); Actually sorry, let me back up. I need to explain something first. To explain something complicated as simply as possible; with erc20 tokens you need to set up a list of all accounts that interact with the contract and on that list is the amount of the tokens in each address. So what this code is doing is taking the amount that should be burned and giving it to an address that appears to be not usuable (but actually is- I will get to that later). So all the brags about the token being deflationary are not true. The total supply remains the same. It doesn't add value to any of the users to have 10% of their transfer taken away and sent somewhere else in token appreciation. It's all a lie meant to deceive people who may not know how tokenomics work.
It gets worse than that tho. Let us get to the bottom of the contract which has the most diabolical code written.
But wait… I know I'm bad at this, but we gotta do one more precursor for this to make sense.
At the top of the contract is some odd code relating to assigning owner of the smart contract to be given special privileges. Normally erc20 tokens do not need owners, and an owner really defeats the purpose of a decentralized currency. So If there is an owner, that can only do certain things, lets try and find out what these special things are….
Aside from transferring ownership of the contract, there really isn't anything that needs special owner access…That is until you get to the last function of the contract. I will include the whole thing, comments and all:
// Owner can transfer out any accidentally sent ERC20 tokens function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) { return ERC20Interface(tokenAddress).transfer(owner, tokens); If you just listen to what the comment says, it seems like a kind gesture that if someone where to make a mistake, or if a scam happens, the contract owner can be contacted and will send back the tokens to the aggrieved party. Makes total sense. Except, the transfer goes directly to the owner's address, and the owner is allowed to go into ANY address and can take out any amount of tokens as they see fit. There are no restrictions, no conditions, nothing. The owner can go thru and enrich himself as he sees fit.
I know I don't need to go on, but remember about the 0x0 "burn" wallet? that's something that the owner has access to as well. The owner could just steal everyone's tokens, but that would make a huge splash. Instead, what the owner can do is take the tokens everyone assumes are burned, send them over to himself which he can then cash out.
This was meant to be a scamcoin from the start. It says one thing, that people without an understanding of smart contracts would take at face value, but its code shows that there is more going on.
PLEASE PLEASE PLEASE do your due dilligence. If you are going to go full degen on crypto coins, know at least a little bit about the coding and how smart contracts work. It will save you the trouble of getting scammed when its obvious in the code.
TL;DR Don't buy whackd, yo.
   submitted by    /u/omgdontdie  
 [link]   [comments]
