Web3rekt Point System

Similar to how we pay gas for transactions on the blockchain, access to curated information on web3rekt is based on a point system. In other words, you need points to view restricted content such as token details, attack transactions or addresses, or to search for certain transactions or addresses. Areas where points are required are marked with a red lock icon      . You can gain points by contributing reports, or by reviewing hack or scam incidents. If you run out of points or just need some for experiment, contact us.

​Entity Information

  • Entity Name: Is the name of the entity impacted by the incident. This may be the common name of the project, protocol, or token, etc. Many entities have similar names and symbols. Always check token address to confirm the entity of interest.

  • Date: Is the date when the incident was first recorded.

  • Status: Is set to Verified if the incident can be confirmed by at least one reputable source. Examples of reputable sources include mainstream blockchain security firms or mainstream media. Refer to Data Source for more discussion on how we set this status. Near-Miss status is used to identified incidents that have been mitigated as reported by public disclosure through some bug bounty programs.

  • Count: Is the number of occurrences that the entity has been identified in our database. This metric is significant as the security posture of the organization can be inferred from repeated incidents.

  • Contributor: Is the identifier of the non-organizational person that provides the incident details through our contribution link. 

  • Multiple: This indicator displays when there are multiple incidents with the entity. This metric also includes any near-misses.

 

Loss Information

  • Loss Amount: Is the approximate loss reported in dollars from the incident, if known. The loss amount does not account for any recovered amount. The actual loss may be more or less to this amount due numerous factors including the timing of the exploit, the price of the underlying tokens, valuation of the assets in case of NFTs, cross-chain impact, availability of information, etc. Unknown loss is reported as '-'.

  • Recovered: Is the amount recovered from the incident. Examples of recovered amount can be observed with Colonial Pipeline or Poly Network incidents. Unknown or zero recovered amount is reported as '-'.

  • Rewards: Is the amount paid as rewards (e.g., bug bounties) from near-miss incident through bug bounty programs.

  • Criticality: Is the bug rating criticality assigned by the bug bounty program for the identified bug. Can take values from Critical, High, Medium, Low, Info.

  • Ticker: Displays the currency (USD) of the loss along with the tickers of the primary tokens that were involved in the incident. We do not list the tokens that the primary tokens were swapped into.

KYC and Audit Details

  • KYC By: Displays the names of firms that KYC'ed the entity. We verify if the listing exists.

  • Audit By: Shows the names of auditing firms that reviewed or participated in the audit of smart contract(s) relating to the entity. However, we do not confirm if the audit applicable to the incident as that narrative will be discussed in the Description of the incident. 

  • KYC and Audit Reports, if available, can be viewed from the buttons.

Entity Details

For the contact information section, we report the entity's Website, Twitter, Discord, Telegram, Medium handles and GitHub and Whitepaper identified at the time of incident reporting. For certain incidents (e.g., rug pulls), some handles may not be available as they have already been deleted by the time the incident is reported. However, under normal circumstances, these metrics offer important insights to the legitimacy of the project. 

The Smart Contract provides links to the Token Contract and other important contracts related to the incident. Refer to Attacker Info for details on attacker information.

Key Indicators

  • Platform: List the chain or project or the application relating to the incident. If multiple chains are impacted by the same incident, they are reported as such allowing the query to properly identify them. For example, in the case of Transit Swap, the incident impacts both Ethereum and Binance Smart Chain, therefore we report both.

  • Type: Is the generic classification of the entity. Hypothetically, if Uniswap was impacted, we tagged the incident as 'Protocol'. If Coinbase was impacted, we tagged the type as 'Exchange'.

  • Category: Lists the extended attributes related to Type. Using our Uniswap example, from previous, we tagged as 'Dexes', or in the case of Coinbase, we tagged as 'Assets'.

  • Method: Is the major method to which we classify the incident. Examples of methods include contract vulnerabilities, poor key management, scams, etc.

  • Extended Method: Provides the ability for our analysts to capture any additional details about the method. examples include the use of 'reentrancy attack', 'private key leak', 'phishing', etc.

  • Markers: Highlight the key attributes related to the incident. If Tornado Cash was utilized, such marker is displayed.

  • Days in Operation: [Experimental] Display the days and year count of the entity based on combinations of factors including domain registration, Twitter Join date, and token contract creation date. For contract we use the recent dates. [Experimental] label indicates that the attribute may be changed with future updates.

  • Data Source: Provides links to authoritative links from which the details for the incident are gathered from. We consider the authoritative links in this order, starting from the impacted entity such as developers initial incident report or post-mortem, from secondary sources such as news and security company reporting, and lastly from tertiary sources (e.g., everything else). The further away from the entity will requires more data sources to set the incident status as 'Verified'.

Description Tab

The Description Tab provides a narrative of the event. We typically provide the following in this order:

  • What is the impact entity?

  • Core offerings or services provided by the entity

  • Type of incident and the method that was utilized

  • The amount in dollars lost from the incident

  • Supporting details such as who identified the incident

  • Any other interesting narratives observed by our analysts

Lessons Learned Tab

The Lessons Tab highlights any key learning details as the result of the incident or similar incidents. Also include here are any immediate actions that should be taken by users to prevent possible losses of user funds. 

Attacker Information Tab

The Attacker Info Tab provides onchain tracing details verified by us based on the incident to confirm the transactions and to educate the users on the details executed by the scammer or exploiters. In certain cases, we may apply our expertise to provide more in-depth analyses using Breadcrumbs.app investigation tool.

Token Details Tab

This section provides token attributes obtained from gopluslabs.io. Green indicator signifies that the tested behavior was not detected. It does not confer that the contract is risk-free, however, does lower the overall risks. Red indicates that the evaluated behavior is present and can elevate the user risk. All indicators should be considered by the end users to gauge the overall risk of the token contract. Generally, the more green indicators present, the lower the overall risk with regard to the token attributes tested.

 

  • Verified Code: Indicates green if the source code has been verified. Verified source code offers a certain degree of assurance that the smart contract performs as stated. This is available on Ethereum and Binance Smart Chain.

  • Creator address: Displays the address of the creator.

  • Creation date: Is the date of the token contract creation.

  • Creator ownership: Creator with large ownership, e.g., more than 5%, can significantly impact the price of the token. If detected, this indicator will show red.

  • Cannot buy: Describes if the token can be bought. If buying is restricted, the indicator will be shown as red as lack of trading either in buy and sell may impact token price as well as its overall liquidity. However, do note that some tokens are issued as rewards and therefore cannot be bought directly by users. In such cases, the indicator will also be marked as red.

  • Cannot sell: Describes whether the contract has the function restricting token holder selling all the token. If selling is restricted, the indicator will be shown as red as lack of trading either in buy and sell may impact token price as well as its overall liquidity. 

  • Honeypot: Describes if the token is a honeypot in that the token cannot be sold because of the smart contract's design. Honeypot is generally a malicious contract and will indicate red if it is determined to be a honeypot.

  • Hidden owner: Describes a token where the developers have ability to manipulate the contract after ownership has been renounced. Generally, the token with hidden owner represents a certain degree of risk especially with regard to rug pulls and other unintended actions.

  • Resume ownership: Once a token contract is renounced (where contract owner is a blackhole address or null) the settings of parameters of the contract are disabled. This indicator will be shown as red if the ownership can be resumed, in which case, any or all parameters of the contract can then be altered.

  • Renounced owner: Renounced contract or contract with blackhole address is safer than one that centrally control. If detected, this indicator will show green.

  • Anti-whale: Describes whether the contract has the function to limit the maximum amount of transactions or the maximum amount of coins held. Whales can exert significant influence on token price, accordingly, if detected, this indicator will be shown as green.

  • Mintable: Mint function can directly trigger a massive sell-off, causing the coin price to plummet. Accordingly, if detected, the indicator will be shown as red.

  • Blacklisted: Indicates that the contract has the ability to blacklist addresses. This is significant because malicious owner may abuse the blacklist by blacklisting most users leaving those users without trading recourse. If detected, the indicator will be shown as red.

  • Whitelisted:  Indicates that a function is present allowing specific addresses to make early transactions, tax-free, and not affected by transaction suspension. Similarly to blacklisting, this may be abused thus if detected, the indicator will be shown as red.

  • Transfer Pausable: Indicates that the contract owner has the ability to suspend trading on the token at any time except those who have special authority. If detected, the indicator will be shown as red.

  • Total supply: This is the token supply of the contract.

  • Holder count: This is the number of holders of the token. Large count is always better.

  • Buy and Sell tax: Is the buy and sell tax in percent. Any tax less than 5% is good and the indicator will show green.

  • LP Name: Is the name of the liquidity pool where the token pair is traded.

  • Pair address: Is the pair trading address

  • LP total supply: This is the value of the LP for the token. The larger LP is generally better for liquidity and safety from volatile price swings.

  • LP holder count: This is the current LP holder count. The larger count is generally better.