A honeypot is a malicious token contract designed to attract user capital. You can buy the token easily on a decentralized exchange, but when you attempt to sell it, the transaction fails.
### Code-Level Indicators of a Honeypot
When reviewing a token’s source code on Etherscan, look for these common Solidity warning vectors:
1. **Modified `_transfer` function:** Malicious creators write custom code inside the transfer hook:
“`solidity
function _transfer(address sender, address recipient, uint256 amount) internal {
require(recipient == owner || whitelisted[sender] == true, “Transfer not allowed”);
// …
}
“`
This restricts selling to only the creator or pre-approved addresses.
2. **Hidden Mint Backdoors:** The contract contains a function that allows the creator to mint unlimited new tokens at will, diluting value to zero.
3. **Dynamic Tax Rates:** The owner can change the sell tax to 100%, causing any swap attempt to burn all transferred funds.