Why Trick Me: The Honeypot Traps on Decentralized Exchanges

TL;DR

This paper investigates honeypot traps on decentralized exchanges like Uniswap, introducing a taxonomy, detection methods, and revealing widespread presence of such traps through analysis of thousands of pools.

Contribution

It provides a new taxonomy of honeypot traps on DEXs, along with a detection scheme based on data analysis and simulation, and demonstrates their widespread existence in Uniswap pools.

Findings

Discovered 8,443 abnormal pools indicating widespread honeypot traps

Developed a detection scheme using historical data and transaction simulation

Discussed mitigation strategies to protect traders' assets

Abstract

Decentralized Exchanges (DEXs) are one of the most important infrastructures in the world of Decentralized Finance (DeFi) and are generally considered more reliable than centralized exchanges (CEXs). However, some well-known decentralized exchanges (e.g., Uniswap) allow the deployment of any unaudited ERC20 tokens, resulting in the creation of numerous honeypot traps designed to steal traders' assets: traders can exchange valuable assets (e.g., ETH) for fraudulent tokens in liquidity pools but are unable to exchange them back for the original assets. In this paper, we introduce honeypot traps on decentralized exchanges and provide a taxonomy for these traps according to the attack effect. For different types of traps, we design a detection scheme based on historical data analysis and transaction simulation. We randomly select 10,000 pools from Uniswap V2 \& V3, and then utilize our method to check these pools.Finally, we discover 8,443 abnormal pools, which shows that honeypot traps may exist widely in exchanges like Uniswap. Furthermore, we discuss possible mitigation and defense strategies to protect traders' assets.