> For the complete documentation index, see [llms.txt](https://glide.gitbook.io/main/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://glide.gitbook.io/main/glider-api/risks-breakdown.md).

# Risks Breakdown

The Glider API identifies and labels various risk types in smart contracts. Below is a list of all currently detectable risks.

<table><thead><tr><th width="61.62890625" data-type="number">#</th><th>Risk Type</th><th width="313.40771484375">Description</th><th width="174.279296875">JSON key</th><th>Severity</th></tr></thead><tbody><tr><td>1</td><td><strong>Centralized Mint</strong></td><td><p>An external authority can create (mint) new tokens.</p><p>This can dilute holders and manipulate token supply.</p></td><td>risk_centralized_mint</td><td><mark style="color:red;">High</mark></td></tr><tr><td>2</td><td><strong>Hidden Fees</strong></td><td><p>The contract includes a fee that’s not clearly declared in transfers.</p><p>Receivers may get fewer tokens than expected.</p></td><td>risk_hidden_fees</td><td><mark style="color:red;">High</mark></td></tr><tr><td>3</td><td><strong>Unauthorized Token Approvals</strong></td><td><p>An external authority can approve token transfers on behalf of users.</p><p>This may allow unauthorized spending.</p></td><td>risk_unauthorized_token_approvals</td><td><mark style="color:red;">High</mark></td></tr><tr><td>4</td><td><strong>Proxy (Upgradeabl)</strong></td><td>Implementation of the contract potentially upgradable: The contract uses the proxy pattern to separate the main address from implementation, with the potential ability to change the main underlying logic.</td><td>risk_proxy</td><td><mark style="color:red;">High</mark></td></tr><tr><td>5</td><td><strong>Selfdestruct</strong></td><td><p>The contract can be destroyed.</p><p>When triggered, it erases all stored values, including balances.</p></td><td>risk_selfdestruct</td><td><mark style="color:red;">High</mark></td></tr><tr><td>6</td><td><strong>Centralized Burn</strong></td><td><p>An external authority can burn tokens from user balances.</p><p>This reduces supply and can affect holder value.</p></td><td>risk_centralized_burn</td><td><mark style="color:red;">High</mark></td></tr><tr><td>7</td><td><strong>Blacklist</strong></td><td><p>Specific users can be blocked from transferring tokens.</p><p>This introduces censorship and central control.</p></td><td>risk_blacklist</td><td><mark style="color:red;">High</mark></td></tr><tr><td>8</td><td><strong>Transfer event amount mismatch</strong></td><td>The amount emitted in the transfer event does not match the actual amount of the balance change. This can be used to misguide the blockchain indexers, user-facing applications and end users by showing them inconsistent transfer history and balances.</td><td>risk_token_transfer_event_amount_mismatch</td><td><mark style="color:red;">High</mark></td></tr><tr><td>9</td><td><strong>Cooldown checks</strong></td><td><p>Transfers are subject to cooldown periods or timed delays.</p><p>This may prevent immediate token movement.</p></td><td>risk_transfer_time_constraints</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>10</td><td><strong>Basic Transfer Fee</strong></td><td><p>The contract includes an optional, declared fee on transfers.</p><p>While visible, it still alters expected amounts.</p></td><td>risk_basic_transfer_fee</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>11</td><td><strong>External Call in Transfer</strong></td><td><p>Transfers depend on other contracts.</p><p>External code can influence whether or how transfers succeed.</p></td><td>risk_external_call_in_transfer</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>12</td><td><strong>Balance Manipulation</strong></td><td><p>Balances can be altered using functions outside typical mint/burn/transfer logic.</p><p>This adds unpredictability to user balances.</p></td><td>risk_balance_manipulation_in_non_standard_functions</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>13</td><td><strong>Pausable</strong></td><td><p>An external authority can pause the contract.</p><p>All transfers or functions may be temporarily disabled.</p></td><td>risk_pausable</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>14</td><td><strong>Blockable Transfer</strong></td><td><p>Transfers can be blocked under certain conditions (e.g. large amounts, cooldowns, specific addresses).</p><p>This can freeze tokens for certain users.</p></td><td>risk_blockable_transfer</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>15</td><td><strong>No Transfer event emitted</strong></td><td>The token's transfer functions lack transfer event emission, which can cause problems with blockchain indexers and user-facing applications not being able to show the transfer history and balances correctly.</td><td>risk_not_emmiting_transfer_event_in_transfer_function</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>16</td><td><strong>Approval event not emitted</strong></td><td>The token's approve function lacks approval event emission, which can cause problems with blockchain indexers and user-facing applications to show the approval history and state correctly.</td><td>risk_not_emmiting_approval_event_in_approve_function</td><td><mark style="color:orange;">Medium</mark></td></tr><tr><td>17</td><td><strong>Whitelist</strong></td><td><p>Transfers are allowed only between approved addresses.</p><p>This favors certain users and limits token flow.</p></td><td>risk_whitelist</td><td><mark style="color:green;">Low</mark></td></tr><tr><td>18</td><td><strong>Asset Withdrawal</strong></td><td><p>The contract can move tokens from its balance.</p><p>Relevant if the contract is expected to hold funds.</p></td><td>risk_excessive_token_withdrawal</td><td><mark style="color:blue;">Informational</mark></td></tr><tr><td>19</td><td><strong>ETH Balance Sweep</strong></td><td><p>The contract can move ETH from its balance.</p><p>This matters if ETH is sent to the contract.</p></td><td>risk_eth_balance_sweep</td><td><mark style="color:blue;">Informational</mark></td></tr><tr><td>20</td><td><strong>Assembly usage in transfer</strong></td><td>The token's transfer functions use assembly code, there is a probability that this can be used to obfuscate the transferring logic.</td><td>risk_assembly_usage_in_transfer_function</td><td><mark style="color:blue;">Informational</mark></td></tr><tr><td>21</td><td><strong>Not fully ERC20 compliant</strong></td><td>The token's contract does not fully implement all of the ERC20 standard's requirements.</td><td>risk_not_erc20_full_compliance</td><td><mark style="color:blue;">Informational</mark></td></tr></tbody></table>
