I've developed a versatile Token Sniper. At the moment it supports snipping tokens from PairCreated events, AddLiquidity transactions, Telegram groups or by monitoring a list of tokens. With a very fast in-house and in-chain Honeypot auditor, that checks if a token can be sold, fees and gas usage before buying. Configurable Take Profit, Stop Loss and Trailing Stop Loss. And more to come.

https://github.com/devareus/Eclectic-Token-Sniper

The Pyramid Quest

Now that you're here, find & revoke all the addresses that can spend your tokens



How to check a contract for rug pull functions


There have been several cases recently of similar projects where the owner pulled the rug and went away with all the money in the pot. Not only our contract is free of the functions that allowed them to do that, but we're going to teach you how to check it for yourself in our contract or any others.

MORE NEWS!

We have found some contracts that don't have a rug pull method, but the total commission for the owner is 40% (20% on deposits, 20% on withdrawals), so they're not taking all your money, no... just almost half of it :/ 


        function devFee(uint256 amount) public pure returns(uint256){
            return SafeMath.div(SafeMath.mul(amount,20),100);
        }

UPDATE!

It looks like that some of these crooks didn't have enough and have now replaced the code on their sites to also steal the balance in your MetaMask wallet. Before approving any transaction on Metamask you should always check that you're submitting to the correct contract. That is, MetaMask is saying "CONTRACT INTERACTION" and that the address at the right of the arrow is the address of the contract you've checked before following the instructions below. And always check that the total amount of the transaction is what you were expecting:





If you see something like this:




that is, a "SENT ETHER" transaction and/or the destination address isn't the contract you've checked Reject the transaction or you'll lose your hard earned money!



Finding the contract



First, you need to need to find the contract in BscScan. Most projects publish a link. Ours is this and you can also find it at the top and bottom of our pages. But do not just trust that.

There are several extra things that you can check:

A) Make sure that the balance in the contract:

is the same as in the site:

B) Check that the transactions in the contract are the kind you could expect from this kind of games:

C) Make a very small test deposit in the game. Go to the "Contract Interaction" that you've just done, in MetaMask and click to see the details. Click on the arrow to "View at https://bscscan.com/" and make sure it takes you to the same contract you've been looking at before.



Checking the contract for rug pull functions


The first thing you need to know is that the fact that a contract is verified in BSCScan only means that the binary code that runs on the blockchain corresponds to the one published in BSCScan. It does not indicate that it has passed any audit nor is it a guarantee that it has no bugs or cheat functions.


Once you're sure you're at the right contract, go to the contract tab:

to see the source code:

This is the direct link to see ours.

Now check the code for suspicious functions. The main two things to check are:

A) Functions that are limited to the owner of the contract or any other fixed address. These can usually be of two forms:

1. A require directly in the body of the function, like in: 


        function balanceAlgorithm(uint percentage) public {
                require(msg.sender == ceoAddress);
                . . .
                . . .
        }

2. Or a modifier defined somewhere else in the code: 


        modifier onlyOwner() {
            require(msg.sender == owner);
            _;
        }

that is applied later to the function: 


        function withdraw() onlyOwner public {
            address myAddress = this;
            uint256 etherBalance = myAddress.balance;
            owner.transfer(etherBalance);
        }

B) Suspect of any transfer calls with the owner or a fixed address as destination, like the line owner.transfer(etherBalance); in the withdraw function above that transfers all the balance in the contract to the owner.

In most of these games you should only see see transfers in the deposit and withdrawal functions (usually named sellEggs() and buyEggs(), but they don't need to be): 


        payable(ceoAddress).transfer(fee2);
        payable(ceoAddress2).transfer(fee2);
                    

        payable(msg.sender).transfer(SafeMath.sub(eggValue, fee));
The first two pay the commission to the developer/s. The third one is the one that pays the user their BNB when they withdraw.

If you have any questions ask us in our Twitter or Telegram.

Now that you're here, find & revoke all the addresses that can spend your tokens

Give us some love and
Start Mining BNB Now!


Different versions of rug pull functions that we've found in some of the other projects:



        function balanceAlgorithm(uint percentage) public {
            require(msg.sender == ceoAddress);
            require(percentage > 0);
            require(sellEggs1> 0);

            uint256 myBalance = calculatePercentage(sellEggs1, percentage);
            sellEggs1 = sellEggs1 - myBalance;
            ceoAddress.transfer(myBalance);
        }

        function withdraw() onlyOwner public {
            address myAddress = this;
            uint256 etherBalance = myAddress.balance;
            owner.transfer(etherBalance);
        }

        function deposit(uint amount) public onlyCEO {
            address  _owner = (msg.sender);
            _owner.transfer(amount);
        }

        function depositEggs() onlyOwner public {
            address myAddress = this;
            uint256 etherBalance = myAddress.balance;
            owner.transfer(etherBalance);
        }