According to Foresight News, GoPlus released the x402 ecological risk scanning report stating that several early x402 projects have high-risk vulnerabilities such as excessive permissions, unlimited minting, HonyPot, and signature replay. Among them, @402bridge experienced a permissions vulnerability that led to the theft of over 200 users' USDC, and Hello402 also faced a price fall due to unlimited minting and liquidity issues. AI scanning shows that the following projects all have serious risks that could allow assets to be directly withdrawn or bypass authorization, reminding users to be cautious of early x402 MEME project risks: FLOCK (0x5ab3): the transferERC20 function allows the owner to withdraw any amount of any token from the contract. x420 (0x68e2): the crosschainMint function can mint tokens without restriction. U402 (0xd2b3): the mintByBond function allows bond to mint tokens without limit. MRDN (0xe57e): the drawbackToken function allows the owner to withdraw any amount of any token from the contract. PENG (0x4444ee, 0x444450, 0x444428): the manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses the permission checks for special accounts. x402Token (0x40ff): the transferFrom function bypasses the permission checks for special accounts. x402b (0xd8af5f): the manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses the permission checks for special accounts. x402MO (0x3c47df): the manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses the permission checks for special accounts. H402 (old version) (0x8bc76a): the drawbackDevToken function allows the owner to mint tokens directly, while the addTokenCredits + redeemTokenCredits functions can achieve unlimited minting.
Related Articles
JPMorgan: DeFi Security Exploits and Stagnant TVL Limit Institutional Adoption
Ethereum Derivatives Open Interest Falls 7.04% in 24 Hours to $30.59B
Bitcoin and Ethereum Options Worth $98.7B Set to Expire
Aave Freezes rsETH Reserves Across Five Networks Following KelpDAO Exploit