TRC-012 PersonalSlippageModification

Description

The contract owner can set an extremely high tax rate for a specific address to block it from trading. Abuse of this function poses significant risks. For contracts without an owner, or if the owner is a black hole address, this function cannot be used, but the existing tax rate remains in effect.

Risk Pattern

function _transfer(address from, address recipient, uint256 amount) internal virtual override returns (bool) {
  require(_balances[_msgSender()] >= amount, "TT: transfer amount exceeds balance");
  _balances[_msgSender()] -= amount;
  if (addressFee[from] > 0) {
  fee = addressFee[from];
  }
  _balances[recipient] += (amount-fee);
  emit Transfer(_msgSender(), recipient, amount-fee);
  return true;
}

function setFee(address _address, uint256 _fee) external onlyOwner{
  addressFee[from] = _fee;
}

Risk Samples

• 01.sol
• 02.sol
• 03.sol
• 04.sol