TRC-008 BlackListFunction

Description

The contract owner can add any address to the blacklist, preventing those addresses from trading. Abuse of this function poses significant risks. For contracts without an owner, or if the owner is a black hole address, the blacklist cannot be updated, but the existing blacklist remains in effect.

Risk Pattern

function _transfer(address from, address recipient, uint256 amount) internal virtual override returns (bool) {
  require(_balances[_msgSender()] >= amount, );
  _balances[_msgSender()] -= amount;
  _balances[recipient] += amount;
  require(black[from] != 1,);
  emit Transfer(_msgSender(), recipient, amount);
  return true;
}

Risk Samples

• 01.sol
• 02.sol
• 03.sol
• 04.sol